Malware Analysis Report

2024-11-16 15:56

Sample ID 240214-fhhvaahe5x
Target bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3
SHA256 bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3

Threat Level: Known bad

The file bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-14 04:52

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-14 04:52

Reported

2024-02-14 04:57

Platform

win7-20231215-en

Max time kernel

61s

Max time network

286s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D693CED1-CAF4-11EE-B928-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000f86bb5d3bf27dc5f791aa57b8f813439f2f85a68096daf0f61d60e4809d21a6b000000000e8000000002000020000000e2cff1272d7e8dfe0b862d46ea316d7685402bf26b5ee9acd014e5888383850b200000007ef100daf3b691daf7ac697921a1ae7ce8d54530779206bdaa7ab6c57bde97f94000000095a57e9b98751105105df2dc4ef861bf19ee9b488929008ed0f0dd58d447a564d3addfb8e03f54bfc58874dd5487df29a4cec31ccb6c89d30c66e63baae3ffe9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D698B8A1-CAF4-11EE-B928-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D69AF2F1-CAF4-11EE-B928-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2156 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2064 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2064 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2064 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2764 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2764 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2764 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2764 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2156 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 1716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 1716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 1716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2156 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2156 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2156 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2156 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1608 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f29758,0x7fef5f29768,0x7fef5f29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5f29758,0x7fef5f29768,0x7fef5f29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5f29758,0x7fef5f29768,0x7fef5f29778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.0.228388110\82858565" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1136 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3bae0bc-d611-4c6c-93f9-61771e851e8a} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 1324 f3ebb58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.1.1542211511\1747088252" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73f1bcd5-b048-441b-9c67-199bd82f12da} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 1540 f3eb258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1212,i,10572437511988164830,1280620734033192643,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1212,i,10572437511988164830,1280620734033192643,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 --field-trial-handle=1368,i,1671823344188287247,7442202871847783334,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1368,i,1671823344188287247,7442202871847783334,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.2.1462849223\1189636169" -childID 1 -isForBrowser -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ed986ae-4959-49f2-901b-9e8cca8b1c8f} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 2344 e65e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2736 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2452 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.3.867792638\145265327" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdca9535-7001-4fee-a9bd-b29bfe13587b} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 2904 e61b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3428 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1656 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3468 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.6.613788822\1139552790" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d72a975-0530-4a74-b65d-493291997821} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3976 1eb6bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.5.38111076\1080181612" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27cde86b-01a9-45c9-9175-688330eb1897} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3812 1eb48c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.4.1120767269\1967686827" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3684 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba81a6d0-a6cd-4c1e-ae6b-1b9258a18660} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3708 1de9b358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.7.1701225725\2022292534" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4212 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {987e52eb-ca78-44e8-b0e6-33c5f7ae696c} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3988 201dd858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.9.949223597\63740957" -childID 8 -isForBrowser -prefsHandle 4392 -prefMapHandle 4396 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {900e84fa-cba0-45d3-a90c-ae17f15447e1} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 4380 201de758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.8.1109069090\970349545" -childID 7 -isForBrowser -prefsHandle 3684 -prefMapHandle 3660 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86899ac1-a6d8-4b2d-bc99-abecec3e6fa8} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3852 201de458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.10.708229142\814292370" -parentBuildID 20221007134813 -prefsHandle 2828 -prefMapHandle 1980 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17db018f-7147-44d8-85fb-093ade85d169} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 1784 1eae4958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.11.1595479022\1658830083" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4736 -prefMapHandle 2828 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a095ed38-b5da-4e4e-90b9-58b51a435a83} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 4744 1e444e58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.12.364851557\1229817418" -childID 9 -isForBrowser -prefsHandle 5036 -prefMapHandle 5032 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2902dac8-ec07-4e79-989c-acf137f9b675} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5048 1de9ad58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4348 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1380,i,4015365931229815187,7095587652663976367,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50179 tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-q4flrn7y.googlevideo.com udp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4flrn7y.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4flrn7y.googlevideo.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-q4flrn7y.googlevideo.com udp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4flrn7y.googlevideo.com udp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4flrn7y.googlevideo.com udp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 209.85.165.136:443 rr3---sn-q4flrn7y.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr4---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50252 tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.36.117:443 beacons2.gvt2.com tcp
US 216.239.36.117:443 beacons2.gvt2.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp

Files

memory/2156-0-0x00000000007D0000-0x00000000007D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D693CED1-CAF4-11EE-B928-4AE60EE50717}.dat

MD5 97095cf6722cb49e1eddf2954e2a9611
SHA1 d70460bdfe299642bec023c2dd7fef4661a2fac0
SHA256 9132f1eec4ac17abe99582c1bb21c7c97c7f22ce4e6757b9c00e6159b4e8d141
SHA512 43aac8549727f2468d1309421b597d0f7f6a77b0526a7c4527058064d1b7d55c2b7c6e2f9ba5153be0c0617069344c4cebb75835c2464fbe725bfa807258836b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D69AF2F1-CAF4-11EE-B928-4AE60EE50717}.dat

MD5 5a90861670a40c11768a430567053539
SHA1 dc0c06b34f7c2a3400dee4e79c55254637f7e08c
SHA256 cca2a4ac534b5c4851a6736eb40f38372140f4df736b0a6ce90eefcd44eb2e43
SHA512 32ed61568d9eebb74ee3fcd890afeb3ccaea0391551fe530ec80b877a547c7441db58225d85e9f9f6ae2a2c2abaa089fd7c6ea6640f99735e64a106bc2590af1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D693CED1-CAF4-11EE-B928-4AE60EE50717}.dat

MD5 790baefcaa4cae29ab9c95817a68513c
SHA1 257fc198d2257c83f47fd16a7990089e44ddb24d
SHA256 693b6edb3753b561f6cb0c3940e3d39614ae9d852d282f72b4fe0ad89e88b354
SHA512 e2a673c029bf8c82318dbd5f56ff22fa1cac8bc834d4bf36787d7aa94f0964880b174d58257575a116032d838e36f4d98e39e7486367fe0161c2ea5a598e64a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903cac5015a838702de5e314fc9543f6
SHA1 94f4f2adf0444ad26a5057a0b8d1c0f6503d2126
SHA256 653c0832bdd38050f354364c8b3b64c9377f8284a66e63c280adef1d4fabaeeb
SHA512 319681e76f378281ae104835b39b7c977315485b2115c0fe2d34151ad3184af0994dad80b9cb3e7002eae6e617c109998549aea059239ab2d86fe808e7083c05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3ebed6e8bb8b9c514c95fe365aa6f800
SHA1 546a91d66fc661a11418092964714b3bd08daac8
SHA256 88e8f0161efb40549fe063eb9f27965e9ac18b684e4d815a61f499b3b5579002
SHA512 3846fd1ca6f741285a52b2ac2a8a7907d611307c3f5aaf89359510a443ef0a8978e491451c0529596d0e13f18bfebdd4e82b18b4f3259eecdac48e2d36d23290

C:\Users\Admin\AppData\Local\Temp\Tar4721.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0dcb018b9f36d9016e0712d1eab6485c
SHA1 5b1402dba3bb02749f093171a17979e9ecdcc70b
SHA256 edeee5c0f9c5c0d23d2e7fbd2bfec378ddf1650dc9883c06b227dd775ad28bb3
SHA512 98a192ec64e053445af2a1244e942a66a091786cf64fb9bbda23b00cf85a7cd1acaa0aa88758a577759320bff366b23b6dfecae73c6864ff60cf765b18b824b3

C:\Users\Admin\AppData\Local\Temp\Cab470E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7292b0e71ab0c9c41d0cd4011c5e7a51
SHA1 90aaee163873ec515d45861faaf1e60a19a0fd95
SHA256 83b48edba7915c973cdd7f0be16fd7185bf430014c538aa70f39da2b4b5e1c50
SHA512 7afdfc0b356cdcae1137badfac385c19c5c3367af0ad1a3b0c083b19a0b7035393644f67d448a3d38302861f033669f34e21227be4ebc88adb81ca3b9e5bbb9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51143b85512a7fbd6296c466fa5c1fd9
SHA1 2b0aa0dddd60a50b35d447f43e66778150b2dd59
SHA256 b56119b939e17d11d9c93bd5f3f81470cb418db995ff1f4d54f6e12ddaf19969
SHA512 8e043691d32991c8fd5bc20527954ce7b36b58dda670d68e895a63f26ecd968525960d1d416004e2234d5bd1699a198af9bcd8957690a62c5d27304b3626cf96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ed3c8c494872e16b9336951231d918
SHA1 997a71af08c84d6eb4bf416e7da648f85f758935
SHA256 5195dea3178d6994c5382e2fcd82c0cf5cbe405e7636c73ccfb07acf5ccdfbef
SHA512 97a23e7d67a8379394f3863086d90eb17e9e67116468dfafe660a1fff85f229aa3a5e52d48a6cb3c76d7066b8de97306e84166849a716db4c747b83ebdd4fb80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7b30e71aa77c6120866f3b00f26663e9
SHA1 ea9fbe7e302c50d03997c641c06f690b2cbbea54
SHA256 1cc141c34b8a0f40835f094e99193cc745ecaafa2996186b493461ee4ac30906
SHA512 96a6f75d92abce43fdd5538587ddae254431fb26f482f0137074fc9e66296d816e1c4791c7bccd4ba6151a850926184b490e66ad440fae3f9f7bf5ae271c4164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7910f5a93b5a91ef00398a9961ea6e0c
SHA1 f804527ddb269536dff1609147691fe253bccbc1
SHA256 e90bd3ce957d097fac0313b59da4f95e3c9e01ab88d220b52bb33191e3a40445
SHA512 4531d465883fb2a55554538e642d4ab7efdca23d64d2e7459f26c7368ae8756c108d623c1c4cd27d8b3018f1681bad273baecec19d217a9ff475becc6a6ba102

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOO61SKS\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 faebdd97211504f66852c071f2072ca2
SHA1 1547c1de95ab6ae8688cd88a01e8f2de39492031
SHA256 8f77231f278591d422c3cd917c6dd215d8a96f5424e99f1661521bc6024f88c4
SHA512 e1e752d1e2f333c0608541dcc8b31684ca0d9ee53cd8f846f5e0cf1dff4fc1bbc88fe04b28ebeee8768dc6e2302afd9d70cf96c43016c241393d7c1fbe949b6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOO61SKS\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 1cf19befded493612759321fcba31c37
SHA1 bfc6acb69d934de5bf5455a968e0db15ab248a4c
SHA256 e054a76d89054734a88673d1bce2963e4de9dbace3e7418269f5fc7001a9893c
SHA512 5f1cd2b5390ffa6fe3f9464e29c7772d0ffc2e025ea613062dc9e4e7529e810a17632f535177d79d04b0a1574f90b87b58e46994451cc710042dae030ebc143e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CXKQD1NK\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H6H7OH1L.txt

MD5 058cdc1299405c66b1fe12867f4b2afc
SHA1 011154c87a8cd0dd7bdebf99f44cb5829d7cb8df
SHA256 65c7ebdf2f1e047488beffb3046608ea49b48344b6321254ba9b859906cfb63e
SHA512 40ab74d7d69b4ade357715dacb71f148492f01559063a46b7c2556dddc78151dc25fe75f378cfd3b993f2c32ddfa0675c40f05ecaf8d29844294ae63c632160a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 76b0379f16aece793dc6c738e67eb4c7
SHA1 84411aca962000a3cd327864ce53abc7c1908cc4
SHA256 523f94cae135d7769b8d042ba2ddeeb117a943c568259aeb5ef29e1a4ee8f12d
SHA512 28ae48e53900bff88068c0d0fd4e25ad433a6133ea14ea5a7da875abcbf25318f781ad68b2e3ef7b50ed4cbfb407d33f1682697c471dcf501023f1845ab6a18a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOO61SKS\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 c3ec4a0905b2504c346259450b07b80b
SHA1 bd457230f69f24f4dfe4fa24f9adeefe7d0c5f04
SHA256 ade652f87d97b469b30884dbe3ce656b3adf87b691d75bd8cffe681c7e59aa40
SHA512 7b3fc6361ca50d4bcae372638cd207ea8bed0ef9e9ae614801285ea312c9cced598e7eade6e327da413217fc948e3519aa48bb444bebed690fdb9589eb4003f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOO61SKS\favicon[3].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 a61d5d465f009bc0564e40c89a25daac
SHA1 d7edaf239c611be2710ccaca20ba1410f8b43738
SHA256 5a4882c7a857da66ec6d6742c80e2e8de900e97d06d91826c6a65dc0772ec7b7
SHA512 37376f26d284c6a192ba7683bd2932bcff584de500c40e71ed3d2f843d56a7083234ccc4977ddc112678b16b6f4b4a8fc338f471c954ef4b50129b8154d5fb8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef2af626423e7e881d4f6a84a89d8bb5
SHA1 b9690717e01180dc5d6eb4b06e23c2206de455cc
SHA256 823d6c3082adaca56c8c00b217f259c3c4698897e7b27ea237f380618bf05959
SHA512 d7e4c4d40bc6d9d4f6f0a74243d1595dcf6c3beed481336f5e87372391d6b3ce31c5a78ea05ca624e7231c342ab46885f042a886b9eb829b70b4a82d99d35d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8afab834cadc5db12e9102654a8f42c0
SHA1 6614447ec8173813b421f1b82ea4710439402f67
SHA256 64144fe501d232a8ebefe4ae026e665edc622880ddf313893b9e72f8a0beb202
SHA512 fc5ac219b9a730fa8c1870644b1d2861e8e15d97ba284576b2edc455d089a547aa4b5ee24064c7e15b9a7165b684cf74afc75820bba50ba22bb4573ef9a45d48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0543ec21bd7ea331a43f4f18a06e6853
SHA1 25ef58f028a4ea39c67a34081cd85811b326a7cb
SHA256 f850e9f87aecee158381bed9e159f184533b2109eb48cbe88716a0c18846d8c4
SHA512 853692146e4306cb1f9668fb434dd6bfe4e1d878f07226102b7a2227530ffe43cbec744de3c4a8a8225fa0c7ce530cdae8a675929420d9d3ee1c33b94c34b5c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3663e3ca6c3b9962b4708079830afe4c
SHA1 ba761603445c740fd2d1c5cd5112eec77144a893
SHA256 5a17c168d76d9ef70020b39b6193feecedb619dc8f8757a5457839df4e0349da
SHA512 6989825e664fa889f328c24bce680eab3ee86e8318eea3db6a577a28d66e710207a1333e300d1ea81318f47d3f59f5ab0bbb2e7595a643542e04b3000ca077b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7ec1bb884e4f27d2459d9076b3d207c
SHA1 ff94b84e61a5c620e3198f069d83e19eacbca8aa
SHA256 b3e42cb060eec46894552e6d6561cda406d17014137c10011ec4767a7b059624
SHA512 a38da417b75f3b6e0690027372188811fd7e268cf663de44143622224f04200c2db35f93e5f651565736e4590ef3b77ef7b1cca2a0320dfbf5cc35ce94d7a191

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479dab0b7dd6e7cdfd8ab99428f8c01b
SHA1 88831378d8ccdcba2672ac7e8e779aa2d9868467
SHA256 9fbd200bad70fcbc20f2cf8a57f3b7cfe35ba7ee20102b131a1ea828ef94343f
SHA512 34efd16040f8eb15c6c91ff6eb0011339657be494bfd403c2e5892279a646b323aa37c28c85d0e324c97ffa8bb8d0db6ef164739d8bbafae9be02fe9d6affc7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da9eecc2c30d845753d2a93e14ad3368
SHA1 31b5c343cbd256bf694a38c45809bc7c9cce280d
SHA256 3d9875cfc384e72e30f5f3f3b01cc8a92f71514826ab4588f64e2d5cf655345e
SHA512 feaf49b85d5b0fc084b7f45d4fff0a463e13919633cd704d8824332109493eddc1835a6ae12368e0d335bd23fd09cd8cacdbd46781bcedc4afdcd898dc7991da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7b8410ae1f62e55cd49717003cd4206
SHA1 83aa48eba440d9ef62cc0dbb01c8054bef413cd3
SHA256 bbeacaa077d9856d2e32c6d04f436b20de7b766f6477286324dd5c6761c2fa05
SHA512 3f63258094214e0600b00a38f089f11166b1dd9d49c097dae120ba13e21b395d72922198f513c48d7ddce4b36fc149474023ee36008e93d3e9effac645de9ad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d58cb9c8efbc130f3533f24ebab5607e
SHA1 7d667ef7c955896d575dd7379e8ba64371500c79
SHA256 3c1ebd52036c4c64a14202499cf4b5b900191e4500a43db30f34da16b5437969
SHA512 efd92fce797e405005c790b8913beae8b3d4ee0750672a7b95bed023a89f96d5b633552a588b2ca5e3790e194359d23dd71153b12c52ad6d78cdce217996f346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3285d019370971ce0ebb469564e906ee
SHA1 3ce25af56cc3b0149c6be05e8d613eed2f4112c8
SHA256 495cdfd2e97d772f59aa98e6f2fe690a95d20a8f10a6cbb26a97e8e61d9454df
SHA512 c5242de08d8e00e65abc4060060c1f8ebbbbe0691da9892603f6406e8deade7bac71cb81d88ebc3277cd4e41451ce4de4cb08b9cb420fc0d735dc917ea0a97b7

memory/2156-860-0x00000000007D0000-0x00000000007D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 da34f4b069d4208e643bbe5904660ba7
SHA1 8fef8e21cdbd32ee130cdd5d2369f4eff1f468d0
SHA256 24271c2602a6fd012c611bab3119efc1032a4e94ff2aac598b5ad5c5db7fd38d
SHA512 3273ffd4377adc31ac025981816295253238986f6fb178b5096692bfc5feea3ac2f81bfec3a18610f108cf8bca1c465a9fd685285dfb9d3df08aa07a06446aee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_3008_IWTZHXOZOCQGTZYE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c477e355a5d3d8b21472742d657b799e
SHA1 eb1920eb4aee213e15b96b15b3e46f8549047eb9
SHA256 b12553966d9d5c378836de3c60e262882c972780cc933482c656228b0910b797
SHA512 4a0b77036a501146908719421eb29fb3d94ecd2608c23cef2d26a52a06aad6d45956efbd345b9abdb1336cab999c5371d0663b4be8a6b1f14c2014cf53128187

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\74952ad0-b776-4114-9698-d4e283d5e70d.tmp

MD5 6ba54d890d947f8f9141ab368280866f
SHA1 b8f702ada5a8877b30e8192c6e8654135a93a059
SHA256 eefa2d7d964afe515bbc3de805a5ac89968c1df8581f14faf5c8cefe66d5f5fa
SHA512 d863af7ba65e351bf754890e081ce025dcb5fc7b82b788ed80c3ce578897d4bd1320fc79eb9eb6cb6cb5e1cea32a8db4d64737a25b3dee55d3ee9a750917872a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 45191f6c05d47148e4266d7b90c014d3
SHA1 0a84709f4b06ac1beb8513fe62e4966ae0d764b7
SHA256 0a340e44fafb55868a809d5785809ab05d5b55ac447d869da8814eb410f55170
SHA512 6d6832cdb5415af5594e9108b211030d36e71ce3d2b3cf5307c8077e30a0b803d4293a1a9d8e3944d76c3d9d35576868aaf058a6bf3534de8c91d3e06c65d02d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 30f329f543889a601b32a825e08cde14
SHA1 70412f1cfc42fde6fa1336a8598aab350da1c7a3
SHA256 fd8b4303ba0a2c072a2556141b9c1f3519db3854f8d08158b931610c6e5a65db
SHA512 cf525a5a0165e46bd245119845ed71ef3ea4ba7f83d242706d70ddfe50166bfc9fc3bcb42a608db653fe682ad21cfeb6048f34b7279feb5e8b35e48fc952ad6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 9b74770c85b0ac59c8853e071a1d131d
SHA1 c987cdcadbebf74c34978fb913b8d5afae8f4a78
SHA256 cca8de5589016e7b9b4a8a26bb15f02883c487f40bdfcd6478c4c5a4eefa0d1a
SHA512 6ea61593b5df82ef0bc5173b88e677ea07d45b29056f5e16213e5c830d4702fb70bc1b2d9832dee1036926e2b3e7d59297ef9819e19d6d77ffc74c6cb4556a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 e0038acb3c18dbfc7685e6898eab338c
SHA1 2fa385fbbbdf7a22e2c1942dac7ffbf6edc40486
SHA256 0a3301cfaabc41b7072ffa2a898200e232fdccbc6a94fa1ca54fd1dc017733ce
SHA512 24459b3c5b656fc966983a7283449010b7c69152ef74113b5ea4cf0072d80ec4bbe6ace06416836b93c078fe724495ddf02b4ad0783f12b1f1a5bfbdc8f13eb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_AEABA588E6477F0E580262E53F2FE416

MD5 3fd2b40a253f7ce5a3d2024e06dc2e2c
SHA1 43f4420bfe07af4e015d7344cbfb3c95a91f1647
SHA256 4b55187f34a0b4d206bbfce27a2903a076988530661e336d17e7b830535358f1
SHA512 be0d81608d8d9683f28b8680336a03ac1c87038c9b3aaa5752ab606023de2403b413049a54a17d68da4a250ae823998cae0fd5d44bf75035384eab9817f491cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_AEABA588E6477F0E580262E53F2FE416

MD5 a102b646906569b7b1493124802399b0
SHA1 a0a0672701d107c8616c29d8c9a6b90346c248b9
SHA256 32477d4eab183be9286b0c5981d0c4a04e89d0c52323a9acad54ba2f2896adb9
SHA512 0367304ee0045dcda344d0adf0a6dbc411bff054ba5e656e24b419d5d0c739642dc857a2bbc5b27400d3eb8b1aecf810eed8dce9218a147ff4acc02c7d397987

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 681035f6565510c97d77e12c2c04b741
SHA1 f34773672793e662265a36614f86e368fc258bb7
SHA256 cd3bc1fcadd72f4d1ed387aeaa9647f8c25f0c3e4dbb816ca046026132db859d
SHA512 ac7e13daf91add8f0ad9bffc7bc618fb4e2bf69be847916795ba91a88b738969868124455437a6d0abb4f00c6ca6937c3d67bd4054eab879b748c63eb70d5007

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 17e10d299c00680a0da77fd0ff1ac6c2
SHA1 af8e701501dfba72944f64e17ac4541477826651
SHA256 5f83e23aa60afe7c028f5a35fe07589019d4ba85ebf201ac5d7f0256b5b72369
SHA512 3427221b7817b78b518b80d1464146d9306414b023e68d80c4c68b8e318e53f818742301c25df287776b8516ca9f55598a00bde7a6498cf393027623cb537404

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\pending_pings\63000ed4-0daf-46ad-b536-76078bdc7192

MD5 83e2ab5afe793e6b1405daeca075daa6
SHA1 08dd6e1f7142ffaee0de75fada8b2b7e33723701
SHA256 2ba06dde8aae344c61fb3b674cc04e295f3433e0ba854ae4a1cfb2b6e23b0f63
SHA512 2a6cebcff4511ce9da84b1d0ad738d99c687a1d6c82e3327cd6aec972ebd387a303a2a53a30176de94184efc3d16327886135bd7479389c3919745f281102cc9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\pending_pings\3e21c1d6-f223-4886-ba74-a21b8a0906e8

MD5 1868a626dea263185684ea3b13ddca27
SHA1 62d378f7e06551f4707071f66e14242e5947d85b
SHA256 d304d53f39f7f8d37e1ca1eac21b548b960fb298e82319a652ab9194e7cfa955
SHA512 8a75cb8583a51e00eec54775e86a8488b14ad201efc687d999a47eee39a4c63609243f0ceb4e7509036a01078f78d5d6a579c4050845becd70322a1222ab290e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\db\data.safe.bin

MD5 c99f4bbce79074faa3a690be5f0c15f2
SHA1 4a6a7545a36006fd5e745bd8636a552f4b41af8d
SHA256 2a9f258d037915db4a58c21be4a6ef10d67e8883e861363eda5a91548e7efa64
SHA512 77bcf018e84352911d66ae5a63fb847594bcac9a9210d37111c49c2953427aa9152177f3c22d08dd56e1d01713c4b12bbecc8177b4d13d65a7fbbd65a07b5104

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6bc11c760679a04a8e63abee3e09ff8e
SHA1 2455f1176b7167374f98daac4d08a2d4995f1c66
SHA256 baf1a6ef580161c4df2bfa5d7b5709270d0a00c387596326eb990ca6a5dbd2dc
SHA512 c0ece5ed32a1870762ba81d66e618c54b1ecff53f1196756de9b11e3d536f77c6e05c8240a7ab25aba23be08034f287fdc7cdead1e4d7b2145fb8c942e5423be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs.js

MD5 bcd1733b6cfa5284413305b4a1a64cde
SHA1 a5bf595634069f624325831d32377ad9a83b76b0
SHA256 1d2ffbf73f8f9ddea2fdfe046aa04c525443da2b4626fdcec52f49453642e1ba
SHA512 28012b0ff003dd79ea29604b8708267c9490f3a745519d36a26eb9e38961f7ff3290b39d07dab86109b6101529a6c7c7fa57c1d003b226a5bfae9b67b3f5d3b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs-1.js

MD5 da0683418656e841eb6268eebb188881
SHA1 857d137755dcbf0916ec221d2f87db777c258d0b
SHA256 ae3de69f5d0b852c0ff750560cd9985b802ff6b97e6297ad493d72147c8b2cb1
SHA512 5814e7d0dafdaad032a747cb389943ce9ae301bab1edcd07dcde93e0f939566ab0b8b63581a44530e80245709c327ab8d9d25391900025515ede75cf76d7db6d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c8dc064bcf134ec26532fce3cf08a2eb
SHA1 423630dbf83febecb4e25f0368cac1a16adc2bd4
SHA256 99ececc66ec540f4b83ec414ac574be54eb2c0e79f160d88cb94aef484656c95
SHA512 0fb8707c278426f58627de1f712f8156e594875706c3a6081042ed132652a3056c4beed5b9ac3b5674febf2f0b6a902ae5f1d56872baa0da3b035c6c32324f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1584c3a98915bc999fdcc971fb908546
SHA1 7e79e4d309f39eaafd4225d19f8c2aa09a7bff12
SHA256 814ec53d0e779dd74e86b7144d3d62a3a00eb4d08e4f6faaaac190690406a47f
SHA512 df7aeda8cbd48acadc69f52efb89be0c2088e7c76b592fcf0747afd3b7400cdb3157a3813afda9ef18b27e36a02f3e8bef1128d2da5e8df8813eb25c29dc5402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e437.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{7facd23d-de0d-4f4d-b44b-d81d320c7d91}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\idb\4280842152yCt7-%iCt7-%rcedsbp6o.sqlite

MD5 569579bbd7a5670e429d5deb7d83e31e
SHA1 7d1fc5f9cde88e4e26d0854756245e39870fe128
SHA256 4c56c9ed78a7a84c321e7f90f6b58ae097bfa0eec9fb7913c9b3c0d06c7dabec
SHA512 cfec6339f2a058f9892712e73916db3979911387b4a37ab228c9910ba1fbd8abe3da63a77510d3719e99458a9d6abfa16dc6a1ba635cb652f4d520985e650560

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2df47b4185022bf1b8873cfdf74fa7d8
SHA1 0d812b9b22a2826719313d2dd4dbf98126718b13
SHA256 fe475d63d101062919b18bec2961db61bf02ef95ea5fc1fec094274ecaea29f7
SHA512 2e302c2c1bd76e15f4672df395dded035c9e32f5e04cd630a62c465be1ae9285401cbf87536688c1cb0c2ea68e86dcd0583080a2922dbeff616f000838354426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf32e95d7916b06d54f3b59ce70b0a44
SHA1 710e7d90169d8222d1b8ce923967f7544413703e
SHA256 92ef47aa628029a98b108a88a7562b2c9df4977faedede2ae02e30876e175333
SHA512 c319309221a91a808e1a049abfa245a1d84932951dd01ca0f9320d622cbf0c2048bdfb89f106112c0f18f39a1924e327fab974f9d65730aa2394a95a168e35a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5b90851927016e8055bf1c637d7affb2
SHA1 6bb427352ae707ac749f41271da7c9a0eb32892c
SHA256 acc08be345cef9b44128ccfdf83ae39c1af00699aea40e84e2f8ce3ad350364d
SHA512 2f0513d17bc1ed9196d0a5bf02af1766a3c28767e81a4f319cf3ce1185665a6f24e95ad98c69f936130e1b7e9fd9d84d3b082a7377676c0c694938566bc7f3b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 6ec36b802d8fca6ca5d4b87129cbf3a6
SHA1 b14a7f27511c427239fdde7fb7ccfd1caec24cce
SHA256 df09845397ba57b69c265b932beeb5f381f96e23ece7573138e679103dae4dc2
SHA512 a222d976cbabbfa8647c9893e6edb85ce642015b921531c5e53d09576695e18684e74a7353f4c765c03dd33d09d8524e6ad8dee1f017a01266d67f58222ec061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 bc40432944d6a93cdbe333877db9ca6b
SHA1 fc02f2f57793730fe173104f56686a859137660b
SHA256 3ed86d8aecf5ff45cd0e4c74121ac2d08f0b058dcd7e3109e174e43c8718c765
SHA512 37494759996d8d891286ceb1e22ac489bb37e3c64869b492a41e192639279e832a35b1390af79940989b0b53bd352bafd65bd495e17772223c61bb7e04422b3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs-1.js

MD5 d03298a55e1f9399ed4d17c4c10e2b5d
SHA1 fb6b2c1f31bc17731a25b19ab2dcee2147a18020
SHA256 79499ec77808f645c7c701e9e25da66694e7af9dbeb8496edee0a2ed6dd30151
SHA512 911b047b9294a6ba74e48a0daccc91142c7521a759945289b49f821959b2ad1f2d040f1fd42c689c430aaa82affe1b570d7c4370655235904479706072d46855

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xm25i6ct.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 9ac204bdf7a3994125d70a4819456195
SHA1 a50cd0c4a0392dd70f557f9b5eed5fb33ede1ba2
SHA256 5ee6d0d24849e8e7f8571b1b7fde28ddc0235542bfb2f0ea5c23a9d7e2f90ec3
SHA512 fa24d2730beaae1bc96aa468e5e535d820c848145ca5d75d5fe311bec49347d897fc876ac535d8eed8680e6b0bc4fc60f0cc876a0f9e3ed392d267ded4df7f82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a5531268e642b394a6f39a4f3394f06f
SHA1 f76b7bc7f7f9c119210ef8e3362bbadf38fb902b
SHA256 26a02974f968e606c526c499cdce2a1d50dd1cde7112b1d102c86f4eb866cbfc
SHA512 f69cd01bf8441286b02e8439ae8f9b3d88f396bace5809e94d4d480728b23c3b5db0d4034c7a35dbaf149d727de71a7e55a23f6904f0ff4b51df4daf1460e586

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c632d39f36794bfb7ad433afe1928a2
SHA1 88ff37cdde93ed489338d3f2736c3cb6a3549a71
SHA256 fe1e1879eb617914a37c5cf33837d45e3a3bbcd10f6c9bee69e85f6ddb526a1e
SHA512 3c910f25492eaa370aa72667ffc0d4ed21943778769d634c376e549a034283234d2c01a6600b92bf7a8a766c97992c88a49806c6c14c5ffae79667c96ec72c11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b73208b7579ddfd2392cae7aa082cc9f
SHA1 2d9a0613db569632b0ed14ae6df20428d682ce9e
SHA256 d3254733bba13e8bff2ab165213f39c88b0ae56ef614e0ed001552cb8a8cea5c
SHA512 4e5640592f1d5e0b5f430b4bffc0eb2372e8cd9f3dbe2a8c8e0859929789b7991c7a75c29fbd8446b3569c41e80d3f4f6f27dde7a4c59993d59d663211dbcb9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\10\{8eaf1b85-355f-424c-954a-304853a76d0a}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\75\{d40b2787-dc24-4d06-bb8d-ce7bb54d754b}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 826af3ea648465559ee953ecf5b760fb
SHA1 4180a8c2ae41465ba8e80d42e7325fdd9527b4f8
SHA256 bc58c4554a9df2cb8c78daf47cfafcae03604e25466c468fdcd0b2d8be9e06fa
SHA512 10cfd1d4db4d139a4927c6a8e7d8305bdc04904a9707cd4ec832c9804119aaf642bf75225779da44a355d641f0252aa24e93b6b97891296a7fb7ca2bc6ae33f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c3e42fb9c349344e79d04c7309f351ef
SHA1 705ac598d3e27764abbcbd93c14968d7408cedf4
SHA256 7903416e4fcce8fdac02f107f426054b5616e6836683c5fd4b67ed47d24f5d06
SHA512 ab932639bce81e443d149e744c898535a52c75889f27ab1080b3fd830cc74f11a844190f51accd785698138968d907331bf906ff1bf59b29e002a8eabf9576c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2687706d0b09c389dbce141710091376
SHA1 24b3ca71729aa806225be81849140bedb9e92b91
SHA256 b29f4b7687988e4c4bc91e7f2f5f0282eca4731573c2bf258c0eff8afbe6c5d7
SHA512 3568919a62460863ba9630c9dd49a5a9e60eabd09bd716261989a81fa3aeda498c14c3ba8507632d5371648ee1d7f123121cf175942808124f93d230f3eed3f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e40fc46cceae15bd917a61637422c098
SHA1 157ffa8665ec8656070121b6b7e764c9f6490af7
SHA256 52b858addf9143a7c2a1cf858809391faeabca1dfa7df6189e6675496a2c2cee
SHA512 4980ac78d2b95065790b83bec1037e08b284e7994e8aa9dd0687ccb6070e911eb916ba0321b6efe7b030602b1e3b08789080b1ae46d108770004e661014b4bf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b78456221aca616c559fe01c592bb9
SHA1 aeddac89d02cedf053bc5a2234abe3c50cf5da5c
SHA256 48304c198cde654ee5e44badff2fada8a8c8786d8c4edbe3eee542cbc6726486
SHA512 8fcfe0d9c7303844f8fda7a567133335b6cc8dcba7d0e19900b66528d3c18c7622e5e13f0b299f08b9285765b0f16528bf26b81f7383832116968596be1d1957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5fad54a62bd38ead2ff58a911ce130e
SHA1 ff7f6cedf899e0b4c0fbd810a802e01b4594b522
SHA256 da34b3ae992f38fe9a897dfd1f309f894dfb0746764df9f994352b8f354bb363
SHA512 f02b9f73eb95c18f9bfd9ef82b37fc823a5951232923bd484e3f53e59c20936678ae9c348febce1d213af226f9207bf81e2d180e3870e79f3aa17da74f318010

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09941d6355b64f77a6d01fb20a2c7eac
SHA1 4e16d1c8660f4ca2dfed8b0e7981fbbed5f48e3f
SHA256 24890856c9328b33616123925c22d4e868106d059a551b9a408774c8c9d7a37a
SHA512 1b983a47f70ca51a52ab222ddf64f638e5b447d2881ec662b6f11e460745d207e40e081746b07307fea2011c82216d4ff6e88923bd85e20970079e373a3715d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d61f7fab8c0e4e32395354cd482a5a41
SHA1 317029d8eac5f03cfcf30406816a5597f9834701
SHA256 717acd7f3458d3f5fed045f1b80959c5718aad266df9537e7902e26e4e8e40f6
SHA512 9c004847d587402df287e868e41dfc486ac66e52a0fe27cc4a22b3522d03a7d44d77f25033f3d42c7a2186b7f5a4d8a5664eb68ec78fe98892b6d0ac8e99c1bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99cc439c9c365d3620ba0d561f61ca99
SHA1 b18aa6f75336821dd160fa1d1bba56a525fb42b1
SHA256 a9df53aac4800447b6e04390c93e1875f5b191c777e9b49fdd51a0505d0a9778
SHA512 e5a89f8e929da71c87e1ca996343a9910adde4c1ebd62b24bffc08a8e4e33143aa65fd349a2ae61da8ef362ca06cbf137d5c15b76f268a063c10e1bce382f9cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83581eb235df29bbabed370220f9fdb7
SHA1 4fcb69d076cd6714a3ee79a0a12bab2a7ad5753d
SHA256 d10018af536614ab386aabc7bfbab22271c8c471ecd86801b6b4f912b3374acf
SHA512 bc478177eb400667f8e77e0a63fcfc6b23943f3618f7c3af0399bfef3c853fa5229f6964d7c98dc14af75900d008c3803e24c6c29c719e46cbd0bc29f081c5a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 627c94313a1f999045fd099e7ac569c6
SHA1 471ed737a0941eb7e230b8c10b293314801ea85e
SHA256 a324d135034679a00c5eb025bf9fe8ee114f0d3bb871e4c67ab910a7ade6433c
SHA512 c25f4316cf2c865ebdea5109313d55450daebf63089c8c78fc13088d0bdc13c1c10f28e98c68b41935b0eff7e997e5cffb6121b164aa03aef4b18424525a6a1e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs.js

MD5 5333ff96203da33fdea31175795d2ed5
SHA1 8f9c42915776ddb53c35d3b51cf3309b905033e1
SHA256 1558d260b7de46a85c1594a1434a18bb54370a0bfe43b7cbdb6890b1e98aa31e
SHA512 dd59108698b523c35a3814191c70c3ecafddbc37fd9af816357185097f3433a93128dfbd1773e3a4dae74bd5bd8166a184fe08f88d62f9af3aafa54564217c20

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 751caf3cefb4dc702e0646acae263811
SHA1 136dbd7967c4822679748580a86772c1660cb900
SHA256 921605c847ee00fbf7770ca7eea70291c3124056884ed271a7ff129b6bec9a36
SHA512 5ba6611dee8e8e30e71d8720548cee7496144f3ef154944bff2b7544acd24f8307f6654480da14ace9c1a4994e19a8a0666e27b81a5d3ead64e2bd8c40a82aed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28357f1cf61d84ed77e05cb0d8b5e4a3
SHA1 56baaeae9a67de6ba1816f6d8c7aca678e70a1aa
SHA256 bd688dbcf6848635ccece630648bda2e091750899a6ff74594d6766a7f8aded3
SHA512 bdd3060b11f7cd36e76d88f8f556487855200a199f9f371ee953822b659db5106ca3271429850d1dd9ef81d8d3eb0e1726a2f1eb3745826b4a6f55d050f9e3c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aecae8b531593b2be4e2554eff07cc15
SHA1 bcf4c2f99cd33ffae30240308ce119becfe61338
SHA256 2b5165f494a59e8c59f93e2dc85f227be923dcc978c90d66aa724a87404c305c
SHA512 9336dc56dff92e971d52014a2573dbb40522bb3667432c3c1aa5f7a126ea32cc85610f4242d93cd1661e235eb0fdfea6fc1485ba6c9219f3932ed8a1144739bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a84d0d78b0e93d9aed0833e9c28cde2d
SHA1 30129112fe177c7ab37a16041b95d3cfb23aa2af
SHA256 3d1c233d9b2bc33fefc4bdfc53bf749a0fc87f57b05f6ac7a782f5c928a75799
SHA512 581b20cdd3fe1a1095a6227bdbc563682ba4ee6bd2cd53e7edeedf51665a3d8d8e99555d0405d707d6d4d82a59776f7d947185d02e69a22bef567d178237e498

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e89ca5be646e33be079c2e8c980f4f5
SHA1 af833357c8e5284be965071822e20b011ef26793
SHA256 024a8a968a18e5a3782ab338cdada99669dd2c39756ab21f6408045f912b2ccf
SHA512 01b87fa7bffefb3c891dc34da8b8f9f25787b19d77cfb5af8596a7480fdeb524a705e6721f3901601aea483569a8a3f91c3e50bfefe3b71c9929ed219d55eeea

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c82540908581fea5d91cf474ed8c7f57
SHA1 893ccede7b89e1e6e78dd83b7338b953c0b248b9
SHA256 f28760cb4f623ac6423ff906e50e30e29633b07841aaaa63ce91c6bbc6fbe83c
SHA512 a63afaa4662e40efa7ea7e0b2336f09f335d6b82b526afc85daec0a889c86b1a5314bdbf202537ebf5ea646c706537b28f12a4637600366d96cb744c4f71830b

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-14 04:52

Reported

2024-02-14 04:57

Platform

win10-20231215-en

Max time kernel

300s

Max time network

314s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523599919128406" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bdfd54b7015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414667922" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d67106a0015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8aa93fa0015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3044 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 3940 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1464 wrote to memory of 2936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4192 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6052 wrote to memory of 5204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6052 wrote to memory of 5204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 5192 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 5192 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5192 wrote to memory of 5264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5192 wrote to memory of 5264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5248 wrote to memory of 5320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5248 wrote to memory of 5320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4192 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4192 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4252 wrote to memory of 5428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4192 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4192 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5424 wrote to memory of 5500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd03979758,0x7ffd03979768,0x7ffd03979778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd03979758,0x7ffd03979768,0x7ffd03979778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffd03979758,0x7ffd03979768,0x7ffd03979778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.0.78146239\1794977938" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1580 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef5f8bc-1e99-4078-81d1-c84f3c5397de} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 1800 241a65d5558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.1.279353019\428977495" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a6291dd-64ce-43c8-81a1-306f8cb4f637} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 2188 241a6504758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.2.1585346074\1594603039" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {599ea908-d495-4892-94e8-27dfa803a6dd} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 2848 241aa4ced58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.3.1324530955\109126868" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13a4dce-cee6-4944-a266-6175b34228df} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 3472 24194061f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1848,i,3802805019558724415,4358631099685121288,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.6.1244918233\1747964944" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {728eb8eb-529a-442e-84e9-393bc57c2456} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 5048 241ad079858 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3396 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3816 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.8.2037422324\175930645" -childID 7 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc2326d-316c-4237-8965-4d236801e7cf} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 5436 241a7c07b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.7.1346793451\175207023" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bf0ea30-9399-4eeb-ae86-019ced2f9346} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 5148 241ad07bf58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1864,i,1636500314241857419,2954952874386684948,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1864,i,1636500314241857419,2954952874386684948,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.5.1366960627\175020329" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d86bae-2d9a-4e4a-99e3-91a5271c537b} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 4872 241ad079558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.4.245099896\1933203788" -childID 3 -isForBrowser -prefsHandle 4700 -prefMapHandle 4712 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {619c35c7-b2a7-4e7a-8eae-56d1fff753c0} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 4680 241ad07aa58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1848,i,3802805019558724415,4358631099685121288,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4736 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.9.1870700223\1247997388" -parentBuildID 20221007134813 -prefsHandle 5960 -prefMapHandle 3416 -prefsLen 27380 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8349a295-0ee5-4dc2-8301-5f109b0b6cfc} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 5780 241a687cb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.10.665530198\797738348" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4860 -prefMapHandle 1628 -prefsLen 27380 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5ae046-0b52-4109-9d8d-c6f7368a964a} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 6064 241a687c558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5428.11.1431305154\2140840429" -childID 8 -isForBrowser -prefsHandle 6300 -prefMapHandle 6296 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33a4782d-ddbc-4ead-996c-8fcf56b3d904} 5428 "\\.\pipe\gecko-crash-server-pipe.5428" 6308 241ad44ba58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2388 --field-trial-handle=1820,i,5330182704628376741,6806938379402530557,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 rr3---sn-q4fl6nd6.googlevideo.com udp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 173.194.24.232:443 rr3---sn-q4fl6nd6.googlevideo.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 232.24.194.173.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-ntq7ynle.googlevideo.com udp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-ntq7ynle.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-ntq7ynle.googlevideo.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rr1---sn-ntq7ynle.googlevideo.com udp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 230.109.125.74.in-addr.arpa udp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
AU 74.125.109.230:443 rr1---sn-ntq7ynle.googlevideo.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:50984 tcp
N/A 127.0.0.1:51031 tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 48.192.11.51.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp

Files

memory/4604-0-0x000001D7AA920000-0x000001D7AA930000-memory.dmp

memory/4604-16-0x000001D7AAD00000-0x000001D7AAD10000-memory.dmp

memory/4604-35-0x000001D7AB3C0000-0x000001D7AB3C2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 b69e449751c9a14a3b6a34c0149896dd
SHA1 2449905a2b02c86138919042df0beee9643179ca
SHA256 3eb5e6c7679ae38923d6501dff52e3baa624d1c4b364fed86ed4b7c6be4d118b
SHA512 5b5b0a0d01b9de4d845ee88f2755f8d3bff91bcd209a992115bd5a63041fbd94bfc3452159b7aaea3bf0aa9848778915040c190ac63f8d8a118c391e2ebeeb8f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 6a5acb273ff201076159b939e9eb75b9
SHA1 03614f2e653d2916017f33d647e1694a3caa44c3
SHA256 f93afec43df9fc06ed38f0bb3c4b6a81ec451d5724cc035aae4c0f28c8179f8f
SHA512 a3ecb712a5a3ebed291a66a10767a220fce1944e1ccd476b12d340f88475bc87bf4f66b0e29952b9c4f12c4a9c70a1ce6adee83845f4cbaa3347afb35aed8b22

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 796154ba60669883ff323af921535e6e
SHA1 09bfd2d1299dc11fb33242d6aa51a4cada63c0fe
SHA256 7d00d5444291a682e6c3b57a07d2835e76782d823270f13c20b536ddfaccfc8f
SHA512 31dd500bda0c06ad723e5504d854e03e235de311a6e243c98f10501c50bf2b04b16a517f0b434a482a387d8552edda077f33ea3f92b429765a1e714517b16818

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5705e4c1ccbf87164c19189685b6bbf8
SHA1 da3cf1ff496a4872cad4acdd1082d65451e97a3e
SHA256 ccaee40e5d1068b330dd9a478d1cbad5975e664db8a78b55d7ac22c7928d362c
SHA512 0b6549d45efcd13f3f986d6b7bc9380dc3c1d6a8edf4ee3add5963fc2ae35a94fa408bd623d63c6333102bba810c62815ef7561ed1a6856ccc2f45dd2552d553

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z1G646RM.cookie

MD5 41cc98d335d19a834ef193beef032117
SHA1 cb534199516684c9d15141a8b50a7bf51526cd9a
SHA256 690e5e966e6a7557b517fafb71bd66eeab60eba98a9125970720ae769f55f840
SHA512 93f9cb9bec86cd5c7916ff9fef399a9dcaa1bb8bb56347a49a26c5dc62dc8ea1d846b25cfd5a677eb59ccb26d4f55cab6e1b91c43de9e41c0f8290af51a70ebb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\R7RKB0ZI.cookie

MD5 dacb0fc57256467afbe9b8e13be85355
SHA1 5c1b49ca99cda96fc5d5966a718915d4a2262cad
SHA256 6c8b5ae1b98fc461695a8d84ff013abad1530cec8cd1a414c62bbff10db04bda
SHA512 c430cc3d4d84ffd0740ee733e7d3ed034887be65ccb14da4ba10075b4a9e8e494a74aab606b990a6c866ac51afe3ee5ee93c09c9f2332940240910d4dcbdf9f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WE4S36OO.cookie

MD5 fe857b7642014880b35aa33f5028503e
SHA1 c199a1a2e9b7a1ed3c35336ac607f66fe7b4c366
SHA256 963e53dd3a9bd492c171a58bd0ce74cbaf289a136879fb3797cca94da3a67f94
SHA512 3af885a782926eda57e4e67aa13a5b96c595e66e84398cbafabc88a0f412ebcfb4dfa3bfaafa15212abae3c7f27576fab8a9a55faf16fa5f3b9d91be0abce4d5

memory/3044-169-0x000001D3FD670000-0x000001D3FD690000-memory.dmp

memory/4068-170-0x000001F0ECAB0000-0x000001F0ECAD0000-memory.dmp

memory/3044-228-0x000001D3FDC80000-0x000001D3FDC82000-memory.dmp

memory/3044-230-0x000001D3FDCA0000-0x000001D3FDCA2000-memory.dmp

memory/3044-233-0x000001D3FDCF0000-0x000001D3FDCF2000-memory.dmp

memory/3044-237-0x000001D3FF220000-0x000001D3FF320000-memory.dmp

memory/3044-250-0x000001D3FE200000-0x000001D3FE300000-memory.dmp

memory/3044-247-0x000001D3FEE80000-0x000001D3FEE82000-memory.dmp

memory/3044-257-0x000001D3FD300000-0x000001D3FD302000-memory.dmp

memory/3940-269-0x00000179758E0000-0x00000179759E0000-memory.dmp

memory/3044-278-0x000001D3FDCD0000-0x000001D3FDCD2000-memory.dmp

memory/3940-258-0x0000017975460000-0x0000017975480000-memory.dmp

memory/3044-289-0x000001D3FDE00000-0x000001D3FDE02000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 4e4e1075546919da81f0aeb63789edec
SHA1 67bbd22ac83e280a6ad517e25a36a87b0fbe427d
SHA256 98c8a4970f76f0b8900a0f52d2347f103e0ac1cc12d74a750bda9ff8e2240086
SHA512 354c5d548a01640d1c1a4051692086d1370ac7a86b9f390b5d882a6df724789e40b84f6d3fbfc5462a018fbdb85dcccbbaded5d1cd131e3f0f27791af8025763

memory/3044-300-0x000001D3FDEC0000-0x000001D3FDEC2000-memory.dmp

memory/3044-306-0x000001D3FDEE0000-0x000001D3FDEE2000-memory.dmp

memory/3044-370-0x000001CB81BC0000-0x000001CB81BE0000-memory.dmp

memory/3044-374-0x000001CB81F80000-0x000001CB81FA0000-memory.dmp

memory/3044-379-0x000001CB81FB0000-0x000001CB81FD0000-memory.dmp

memory/3044-386-0x000001CB80540000-0x000001CB80640000-memory.dmp

memory/3940-466-0x0000017A765B0000-0x0000017A765B2000-memory.dmp

memory/4604-474-0x000001D7B13E0000-0x000001D7B13E1000-memory.dmp

memory/4604-472-0x000001D7B13D0000-0x000001D7B13D1000-memory.dmp

memory/3940-479-0x0000017A76820000-0x0000017A76822000-memory.dmp

memory/3940-484-0x0000017975660000-0x0000017975662000-memory.dmp

memory/3940-487-0x0000017A76830000-0x0000017A76832000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4O486639\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BROXA58Z.cookie

MD5 cf35837b615ff33c667ad6b818605ac6
SHA1 98a168961098c7de3fb6ed83ffdf45250f925a5e
SHA256 feadaf06c17bdde31fd1a2a27bf0f2abe5b1ac6fce6271f51829a2887467f26b
SHA512 940d65540f0655363022aa8cbee277059836e26d41281d094bdead4745c24f63d388fcca885900842c92475c633788fb2752393f2304640775d13fe3d2c827f0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 1fd3b80487de665c501725ab3399a11e
SHA1 7cfa05b7d77ec05f10914469386aa4b3ad0a410e
SHA256 f21026aff252d15d07429bba0d88696485096cfe0ce1ac6666bc3bff34c3569e
SHA512 2c70935a97506f3cffd351a378a8661bca1d5e26683ad0d4fffc2c4b01786b0d2f0c6dace0181bad4c79a1096fef3944e7042abf49b6ea644940a78def31d17f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 45191f6c05d47148e4266d7b90c014d3
SHA1 0a84709f4b06ac1beb8513fe62e4966ae0d764b7
SHA256 0a340e44fafb55868a809d5785809ab05d5b55ac447d869da8814eb410f55170
SHA512 6d6832cdb5415af5594e9108b211030d36e71ce3d2b3cf5307c8077e30a0b803d4293a1a9d8e3944d76c3d9d35576868aaf058a6bf3534de8c91d3e06c65d02d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e0396fb5669800b4c4a3094ba14e259f
SHA1 21583600cdd72bd2134250e789afd4257f4d9f0d
SHA256 187f9bfa273c6ce72090f5ba0a0fb1e8152ae4bd3186595ba53d585cc17f0a5f
SHA512 42628f567e3b944c6d1b5d9a899184655df1346fd47723b6e3426ab619cd6034cb3f60de211986c8d018dee003021eb7ff9a15933490a237460772a8652fa33d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\xaz75fj\imagestore.dat

MD5 c229e369926d174e7fb0d23bf625fe35
SHA1 4c3f1d7bba3496e9c1525207c27f3c60a30b2854
SHA256 e193669b738b8b93fbd0eb3d316eda2698910e85f7ce5d124b36aba263660f09
SHA512 ada3a69545fff264df2d1e94a5e0eb198d698e951c1e85f9a14b38ad46ae51a700ed95392db5b405ee5efedca9b04398fdf40e6edc8ad364426221496a27cb10

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T4VW1YU4\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/3044-628-0x000001D3EC8B0000-0x000001D3EC8C0000-memory.dmp

memory/3044-629-0x000001D3EC8B0000-0x000001D3EC8C0000-memory.dmp

memory/3044-630-0x000001D3EC8B0000-0x000001D3EC8C0000-memory.dmp

memory/3044-631-0x000001D3EC8B0000-0x000001D3EC8C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SSI70PK5\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 1740aa03ad44d6e5e492f46391e208b2
SHA1 ba48ce99badafc517262a91e73f69aeac94104d8
SHA256 654fffd1e71f9cd8000b54ef3b1f90942581045b09a6c697aee80f1fb18898f7
SHA512 f21fb1ad8f68e1a119eb03f733767f8d557055d7339e3bdbb86e467998547c64681ba2b5448d228c208651150621228ec2afdb596e33837f1a5d8092d6d5a8f7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LDDQCD9V.cookie

MD5 66cd6de9afa970e981f20592bddcb16e
SHA1 cb6a688cff3d31343f44fa2367acc6160f570836
SHA256 15482a741c80f4c6cccabe32979337d301402c1e7f68e93135aab01987e48f44
SHA512 bfdd2ee3a588ce905bf623d99b878e6ee4552e3223a6bfb8a19256d985348d3fdf4d3b93d480993b270f35ec8a35655f399ea9b70b2a60fd5ff7b6dd9855ae95

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LJT253LH\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPOZA71E\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPOZA71E\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5TRVSJA5\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWQUO0LH\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWQUO0LH\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5TRVSJA5\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWQUO0LH\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A72JJ1T5\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A72JJ1T5\desktop_polymer[1].js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPOZA71E\rs=AGKMywHTaWCUsKtm5JqwWC-A6Bzf1VZM2Q[1].css

MD5 21c2e08aa4899d8a1c2c7f253c8ed774
SHA1 76b33d1d8776d94f1ff19b530e860f58d6f76b83
SHA256 ad12d4b767d7680345b3694db07a850e3070237aa7d759390a3c4e2c472eb982
SHA512 7982f1088844f85a99e97d1d074c0b36437a3525ac8b5c531261fb902f16d72760d5364235a2e56182b638a8cd2bb1f8262afd54ced682a56761f459722b0f56

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5TRVSJA5\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6da3d5ff0ee9cde5bbdaf26ef9e6b1bb
SHA1 a0c2be6a68ac8d0ce594d493bb52d72329a2ebd0
SHA256 d3ba9b103546274e680374ddf3d010fe249180eee99584ef9ca85ba9c7e6e094
SHA512 7f963215a3661b0d3d24c3ee178457b5f031acdc53c5bf30f3b21119924bca35e3b7a147934b15a2684c18c8477ab977784c9d859a86f98a4a68c300f2eed9d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A72JJ1T5\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWQUO0LH\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A72JJ1T5\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 92a43d1687610c476da12e7aaf93c219
SHA1 3a4dda66f5bd14b8e680aab8597d9252943ce93e
SHA256 d6cd22db98507c28469b80c7c0341a32500fe6bee4df36a334c09cac44a8f91a
SHA512 9b5bb7fc1c062fc9c723c8726a3ec0a5280c6bc61d866eaf08094ecfaa8d4a25c8e05790a10d6e9f5d5f233faffced86d765ab48183f8bc89448acf10a6897e5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 ba78125aa3d1ed768f44b38fbe27bcb0
SHA1 da0320193baa125e33a3cc239433b1bf3528363f
SHA256 92a617d0f60a261560b9c2b48228938bca50a037960309a9f4850c0c54148c75
SHA512 866055ae1a584efd4f0bd10ddf434579cf5cf2fd5aa90b21aa8b483b14f9b40e2c409e2e5c058ea8d7652ab7af4016b2888dfaef22bb21f3239e4941e4ddea60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\datareporting\glean\pending_pings\dcc35825-55f6-48d5-bf3a-6441954dd8a4

MD5 940b18cbc7420dffdd6d7037cdea17f3
SHA1 b94498c627239e6862d94bbb499f1d8342b7e94f
SHA256 20a98d4d71814a5bdfc2b910fbb39ac0ff76a99451628e3de861fe406e776d56
SHA512 8b951810dbf9aa323eee1958257f85f4e7f456f1df7aeadaecf12467be3a3998a74792d9d1541c911986ad183fa02dcb32e9cbec8bdd9d1e8546dca96736a6e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\datareporting\glean\pending_pings\8e041ea7-6aa2-4a2e-b253-dd8579b92f8b

MD5 f5fbd886da2b90a5185d061d5b489324
SHA1 3361d675cfcbd86ef2971ebe03ec7fdde25772c8
SHA256 2ec301e474660d6068579f295aeb5667b462a86cecf7bb6f9253fb4993ab1313
SHA512 339f877f2081f4cca937e23526dccff33a788bbbd3213fae03ec8bbd43cdc1e2bced5d1d9a2b5e03f697e93c8a0e3c51e577493ed6464d75e8add45199779540

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ab5110044d1a9e3fcb89a630d62f6d26
SHA1 676456b45925e397e93bf7bf8a1bbe1e00008dcb
SHA256 7274a8a62877797ddffe59624330dfe339ed6b9a4b45688d4deb7f1172021e1c
SHA512 31ce7dd28a867e628341a267fae36a3ad0f70bf446f743ea3e778a2056d4f4bb8788bf1c66caed03d0e697b3f14e148478083800c176c13d85068f40bd26e42d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs.js

MD5 6bc3e0b6d833b9cceebcaf7e570fac38
SHA1 8c24861b617d2e2f3497eb99ae3749e4293f8c18
SHA256 ddceec0915166f49eed54b9e9866d0c10ba19fca6ccf0430743778784c1f8e21
SHA512 f174e30a5f268390f9c28b1a22a24e40a27469af99630625a5dc7827df673ba60b2e7a1f8773e2806a4d895435b7af5ec04bb2ada874067bb6d47ff5e1a14483

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs-1.js

MD5 409307ee1b2de4d7fdc3e0274f899d35
SHA1 4de4532c81629d5ce66764552c44e4a5dbe673d4
SHA256 ccebf9d945efbe44aea653191c48d4a136bb2bd6211ad80c2c8d1b61850bde31
SHA512 a45812604ef34b3ce9781e3fbd5fde91eb0c87d02c295cfc1e80e80f09fd239274f53039d89806e808d2e9a136cc67ed1c79123a6f1cb70f70c6174fc74aab17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 31daa921a622611ec0ee3b7c2ca60c3e
SHA1 30b4a7f55767a89656d2c1641834480daa52490f
SHA256 e536471a111d676a52ff240b6b513ab9e195d4ebfa153f746406d77401b29e3d
SHA512 b6f35cbdf470c9bffa8b1ac1d7e6e40b5380641a8c385a30a18102516b89b2884e70c3e3a589f4a03ff3b4dd18a3c0fdde3f177bb0ff5ec2c33619152a3729a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fcb02db20d86d989203418678530801
SHA1 f97ad2ad3f8ba190f10615b9515896cda8eff2ca
SHA256 0e6c204cf459559795b8b19dd75a10e8d93a92ce6b5a5ce3da95ca66a27ee520
SHA512 7b7829ba69d0f0a483562f4f5d7edd44bdf3255999a59e6e880781cb83d88974ebdb5698604d8543a07c9687e00db6d95bee37566686996c173863964ea29312

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\sessionstore-backups\recovery.jsonlz4

MD5 003304be6358ce8b32ffe0846a1102d2
SHA1 99522793157e58079965941d6f6a4ee57f32d03d
SHA256 949d7a33f667746b30ab79d25b3054603061320c89bb771a44546936a00f5e34
SHA512 6f943f0c16f9d72875ac4008ccb32cdbf34561b3ca0ef84b9c4f235a2890599b8f6ec9230d69d00af06e1663f1bc28dfee382700904e095ba76bd4b73f2058be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 13ccbd9accb05d7b37508810f2c33fba
SHA1 0d59cd1f5a277d2e00bf260a9d9ab064c0f1f666
SHA256 3fe4a787b6ee039501fed2b1471072f9485d623133435d973b262735c0ecf322
SHA512 15428e6d27b0c1cd224c200d573e5b2ca9dd29420678d3d87000ab8beb815647886a1de00a3518603935092fe5398249a179ed356f0e68e31f7e4d271bad6f9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 a77f883d5423bd4711cccf62b6d3e269
SHA1 bf42fa126be900376bb435f54982b195c602d168
SHA256 8f75d4f58cd0950df4ab25c2ef2a602faf1137c8757c96ebc5d12a1e9bab08f3
SHA512 e4d2bdca6a96a845a3814a742da6901307e56b9f4e04757220932af1623d85c6d2e2327ba22cf0ee6b6ccb49ec7803b7ded39be00cb1cb4054780613d918fb27

C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1bddf47daf1c3cb7c0919d233c0899e1
SHA1 f67e0a974dabc0f38482e982f75884816b9356f5
SHA256 d1cd59eb0c43c0bf8362657009b5ac97ba904ae72fcdc70656786f56737e6adc
SHA512 4b5816b56727989e1db2697661b0ab7a574cdf8ffca78791bf874e9a39a9fba05084dabaaab1833db34c12c3e7de68cf7e55c0db184a3f3255bc4035a95f5eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5192_2130950327\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8e11c91d56255f200b1e1330bd62e4b3
SHA1 61e0d71f2328e771f612e11fda099d4908a4fb52
SHA256 d70d27f1a6942b46be3268718624fedd5f27c5187f8b191283e0fe01fbcf6f93
SHA512 c36ea6cd7025a3bd7cf0eef563aaacb31ba01354410b9cb04e4fec89ac6ae01e4d6d1d871da2a2f48f5d459fe3d9495d90c15b7d4e223a52c78098eebb682524

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9be123a50e0bf14d4643b32dd9644d2a
SHA1 39a291ab9ca29d435cbdf460bb7cdf2d6cd43163
SHA256 bd7a55e9cf19228e1f8a51b7a0bf3ddceb208d88ae240baa9c4ee544bd752b0a
SHA512 08a0f12972de8b4859880984e95c0a31e9b5453b0d9a1ba58d37564e35c59c9f4c01883bc1a728ee1d8772d7363d432029a89b188b971c4d796f4a75c26ea019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585167.TMP

MD5 60f3c29b71f16a93db068fffb08b3743
SHA1 3b97b665dbd7f65b8a924f61f20fa1e0b2f2b7d7
SHA256 f0504bebfac387d2031317644f1d6941f8eeb83c50472feee922b571f5c61280
SHA512 b65704fe9d6c9ec997f1a3fa722f2ca07ca87d347b13b7dc707ba6702f0ee8897507339a6134baad3f639e6871570e7ca91f8ebb3ecb050ae4f2e06fbb2fbf47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5de3a7f99928b3e626c24393584f716d
SHA1 e59894ba557b7d33e7dce7d7892f7bd7c60d336f
SHA256 658cedac725b11b87fe3804b9d23988844b49f9cbfbbe53699896e2f12a6cddb
SHA512 1fb5adc0a92002b64438c98859b7a005e586e274b6071f7a4169cde55ee95276eba975e569240ff96e944b6e17360f72b87c9939befecf7db7140e6c137669d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bbc37c08d9a3c0bf5db2ef1acc3e9166
SHA1 9d261adabf414cd691acf80d5a17b6fac1feb7c7
SHA256 860e5361b2025d18891f83fe581fd49d4b3df76e684ad1271c707dad7d0a8097
SHA512 894c4d64aef4747c352907f7a61b53f87d48cd739729b64b1af4c33dd769040caec35cc1b37d54d3b591cd03c38d4f78638446b2afc9d49c492cdf233d443c5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c889e9b269185b2e7e5aaa42028408c4
SHA1 03d87ee43a33a4a07fd7398480b86b47b4db9f11
SHA256 aa850b0f7e2c3d6df9c5a45a9c814f24a435796e8100238994af6dfb0324e858
SHA512 ec14a2d04a59f24a4b52bd71db0bf320ba4e7170959e414ddf7454fcc13d60ac324060e9d3722fa72b2faf4a9e9812f989af47ff797bb2b47a6a8d398db18b31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs-1.js

MD5 e30a2eb75d76a11d60d2e0ceff2f64aa
SHA1 0dd0ff43f1710370d976a4098537d9d689ef7194
SHA256 47e0f8f3ddae3f44e1409eb427aa2aaabb08414ffce711ebb3d3ed14af21589f
SHA512 7444d026b489b24099ec71b6869d7c673cd0a431729df875c513e9af465740d0eb11e7ac4861a423bda2927fd627b4a3d2ab4c44792a5f2f41cb54acc8abbcd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 726347fc60c2b4dda090237b1495033d
SHA1 86e0bfc8c086771a2500bb5ed364c0a509777e4e
SHA256 4c65af530ed9f7d9208dc6a929f3bdd4188645712f63e5aced02e391de42e0c6
SHA512 a84508fef94d5457a8875d83fe56f362b3a0157f4c4a841bcfb81adbaa301735f6e9248ee49b3bbe2cbd2d6a236021567d8d34b479822c55c0700854ba31fa92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs-1.js

MD5 96183ec51e41fb1d51c58a91a0aa37bb
SHA1 2b1a987454ab198ceb7f785f81a7f613874fe1e8
SHA256 99da4b597a78e6ecec0869ed4963538aef71c9546fe78829201131a16097adb0
SHA512 7d0a0d3b60c41d7708f773fc958f6d4855d0b124f1ef4a1065c09bc3304b1e4d9bc254bcec9f7b32288d82e346ed18a54d4850a2a3f2c6b915c35b928a33b226

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\sessionstore-backups\recovery.jsonlz4

MD5 67a6a2caa745779d15a23ae9da325e75
SHA1 9c7a4282a4086c161d9fdd9b9cf71c1a6723a79e
SHA256 618d68f12719b23757861f25839114f6efce4915d18b75ff53515cb5d4feb660
SHA512 c3b08c4687e43ae3368b2ef5be46317c9921453c9de20017c443f76687eb5df8d30eddeda8185506d31c3cca062c0770319b68ab81173efd72eb89e4cf9392e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs-1.js

MD5 33c073a4c8ccb81143bfbf8e8ff35eff
SHA1 f87a204a2a3de7cfb213aa79d619b09e52c48bb7
SHA256 79b7f8522e188d9aa5251aa7c61b9cd2b86cf2156933724494e076fd5216f5cf
SHA512 658b8d00d4d5aea81f3785b8b5fa32323ff183060311b7c5978bcd2d3318b8ba428c8d738b2869245c4f53cfbf99c8595735d132c0723723713bed3f581e1677

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b8db47ca085b26d1eaff4e40c520647
SHA1 4b096634507c16295e2f9ca7263fac35a3b78185
SHA256 c4ef96ebf256b7915789575d34b92b9829e047d9556bbed5ac99c082319ab008
SHA512 4bba3bab9767f29fd97f51745d8e8b129e1efcd19a732db5f160db27a33743db8c9d634f1f34ff059564d004cd00b068595111ea6ec8e9f764930ead30655f41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 8c42d527e6e4c884333882813865fbc6
SHA1 832c9a185b062803dde754fb407a8a65ae82cbb3
SHA256 6c3f2bda4f941bc8eadccc49db4b0e416be799718e5b3700d22c5535a7697ff1
SHA512 fea11e7699b18fe33a887c5fab432b359859242d80ead8641e2bd003c3ee56a5f8b77175f28823ce6123e5e5bf494e549dda51f2d3c8197c9c9e0b5eee6407ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9M75UD4Z\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\storage\default\https+++www.youtube.com\cache\morgue\74\{a0e1e191-6029-460c-8aa7-3c9d6575364a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\storage\default\https+++www.youtube.com\idb\1447994231yCt7-%iCt7-%r1ebsfpeo.sqlite

MD5 973bb69c198be71c48cede1644aafed1
SHA1 fb2b5f6a381a888efe045bd63b6918bb82fdda30
SHA256 0a477a2b467484dc491b5edbdf8d2151d2431e9fe7cfb58ba9bedeb79ff1ade8
SHA512 61422f2b0be2e7754e6795722176a03b3b0c111a219f1112bd3bf7867b8dbe1a39c0a040025eba71faa00fe718ca87a110fca5e232e5c8a338ae8952e91c6870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75f1cfc1e6e6d51599fba1bce4e33fa9
SHA1 c5d702a1451f1da858978de1a59620af58deaf8c
SHA256 4ef2c9ccba11d1b1fb370e58248320d67b620eabccb02532999b63022893d221
SHA512 018b8dc8fc54d452f5c61dfe158b4044f92e41f4275ea84cbd97e1ea7d2401b2cbe50a6a3aa9d8f466b2cfae272f126fdaf87c07cebc19bca5d61d9fd915fb5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d777e993051947cc75e1ded1a8d4f7d8
SHA1 9f20988add08236c896abb0976e1d706e134f6c4
SHA256 c241fb1671e70294d6472e99b0c5f8e2a24c6ef8f758f1ffe80aad5c19f566f1
SHA512 93d75bba0994ddfe06db1ba4c6b73e2aa3a0b687ec3ebc1dac509694dc7a4ae1e825ddf90a0ff67abff7dbc4204e5fe6628933f5a90483b7cdc1c036776c3ad3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f45fdb98a59bd35509d421645813689e
SHA1 88b21411c82d7668bd404b91f7b22e5de69c9299
SHA256 d9224c42a8cc74026c72a53e55ad232104dfd4a25ae3682b7bb70bca3e088ed3
SHA512 bd86c01c7cd6279e84caea50ad3bc6e74e9f2fbba9273c260363f352bab57f9241f7268c45f62fea2fd080070ba0c8b1b6f9de2478099c5e7b7c5c0fe17a5c95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5918ed.TMP

MD5 8f21dc592656135af4526cbee7129ab0
SHA1 740553b21ce37db20db7b6da220b634290499b69
SHA256 cecb758345695ffd5d7de99a800d01fa261915314d8927ee622c86c043ed747b
SHA512 fcb51a7dc7f072dd1ee5f7139ba304fba3656b0f5bec154c1d7c704f8958e1230b50dfaccda6e62695be26e13776c2568c2dc45f4482bde39ecb1387aef85c87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fae6bb6cf1719d5d795a2ab79502ba0b
SHA1 c430f0986c021e563ef2b932b39c3169a301584a
SHA256 974acc7a373038899312055563b1b696e3e6e3a8e1cf23c0cb6e6266d3475f4f
SHA512 b9e812dd208b8b086b2c5ce349da1bc83fdd5e03c2c2eaecd836352f31b6f5b773f3a06a2f032ebca42d4e7f2ab6146ad36b781604a698162386e3306d731a80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0622c1abeb24b419bfe404312a0ef670
SHA1 446d81b19b10ac3e976ff2d066f1110f7250e74a
SHA256 6d207956b2227d338c84a1a26d16c000d4bae9fd004e5ea7978ce0a0a7e47abd
SHA512 d6b272aab88d6ef456b909130f749775c1449da43fab703218b0db8ff25fcd8f37bdc2acbb74896cb6ef9fe150bef423afc6cb435184ef2b04895ab5437a63fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7a155fbb7f5795d121ce86b93f0f35af
SHA1 5c4f6e983dd1d291537ee2e225f96fc8d197513e
SHA256 022eb44b966e78945f25944813c224b2d5a0bceb2cab7e9fcfd3206e65de59e7
SHA512 cea5fb7c6daf8b304d89282c2be45137b95ffc4d1b4f2c5e5fac819f311af110b63597da7bd1aa42df9aba5431ee889cdba316a1c1ba07dace9259260120818a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c0f85226d1cd82972e2cddaffe067cc
SHA1 a0cab318ea6615779cb1db570f6750db7049377a
SHA256 dafb64738c265508d434e1043f68140c756a58f4ded4f9c6477e3cdbdb6788cf
SHA512 5039923d92f11c0b00e2708aeebdfe8a8207bc951e12d21eedc3371e0fcc84fdbff691b3effd42d768f6d897bba8ea8fe076728109a3552c482b0261a07a011e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89948785d7561fb554fc71b2f6452a0c
SHA1 3da79b52f3bffc5d3c276e91b15062bd1f24f753
SHA256 f9c2573060a0c2887e0473426fdbba5625b15c2b768aa69e5dcecc4dff34b3aa
SHA512 1d8c76ff494acfa1d6aa48f23a2e6061556ea37d63a90e1814835bad5231ec457ae9b28ec6794e249c4d3d5f28e285fa1553a04bd3c9c47a5e7a13fbd5bcb5d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20268638530b094dc53c1efc70d6aa8a
SHA1 bcdd2940d02a0ee928d74415d4a13a51952561f3
SHA256 a762984d009d2310aeaf8d6a3d56b3bd414e7c1c5b4efcbc51b2ea31f31e04be
SHA512 4e3ff3a9d200870f23395e5b7b40b587d61c0122df2ab8a8d2396c214336b4210bf75a7b355120dd07f93fb5aa5fb98d95a607cd02f4f9746c1082cb0a6f0cef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49e0404b3c17126e1a52c232e12176af
SHA1 2e1109e407f7af7f92ea10fd34a102701b87b668
SHA256 34de7525230b8ddb27be089c9255c740cf0e34fac44907adcc3276d79f656368
SHA512 c601ff26194beeac9fb20821de6628322a943b98903e46f7718adc3a69d38f24a92421366370a7d165073657695c3e3efb5b0bb65db3b1078f650f8d4a9ab76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6730eb12e32569f79edeb2605bbb09f
SHA1 92cefeb72581b49d15d1a92bdcbd6fea798e04d9
SHA256 df6b3d034a8cf0227553fa08ee3e92f8b89033f2eccbd232646273f6b82c2fcc
SHA512 baa5d131b48cd10459546ce32e12a266326aa51d90418027d22388964f64dcd07e3bb685bfb0b29d3e1d51d765533b76ef0a3cee5058b5d00998df880df01a77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 db5e89ea90ff7c9181805379117a7c84
SHA1 69d37edfe8835e347faa786ba21c25d981530c84
SHA256 e9895781e87fe2c7d6e8736f561dea2b7a8f188d861c69d9f1030a673195f073
SHA512 4ad50e974ee9af0356892d78cebde21a85d29b61c41e36bbf79a8f2e9c93b7fbf30928e10e02ee84b1693523654ccf132aa8ed71db555ec9cf6b9d5627562ae8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6ef3290342d9322dc4bd6af13639bd6
SHA1 39b5af1c57392a0be9238daf1324bf7723724fc9
SHA256 aad4d9a34400f9fc3994e0dcec5ca5bd6102ef08f5db2735cd2667fc6f2b09b7
SHA512 31b3c2682b0b7a5628ad3faaf3cada821fd2e2e9c46f831c50da07deefad8897d5818a8500d8d368332e928ddf95f7991fb3b143f35b8c1af710ead63d68bb53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\prefs-1.js

MD5 69e4efc96b1f793b4e9b63faaa7db019
SHA1 7f6e1db86b7754c9bd256c89694691a52575508c
SHA256 cd5b82883dd74f9c3424f18d4a74ed404bb18c4627debf7ce8ddecf5e066019c
SHA512 4526005fde68f23f81f87dc37d22323675bdab0ac3d8ca06b8a257e4410f770ffbbe7bd1bfc081ea0c4d0e2de628f2f755a5b231b8f0fbe572f13ce7747773bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 d7fd86570d682c9293d706eb459043a1
SHA1 c0aeaab9cf2d82cd0743af73847ecfc0f7a5255c
SHA256 2c7bd3ccddcc7dc2226f6a5da1ca03ff8443479608f5cb01af87a1547af9f4ed
SHA512 27d452eb0bcc58004e3e410518bb823b06541f5f9da9adec2f3cc44b1a69527423299d3c9ac713a8a2db893d9c12f783e5f996da562664becddf1931eefbbc4d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\62814EA004207248880E7A5B3243AF5BBD4514F4

MD5 41cf44afd9b0139660400e7297e12dea
SHA1 8233516c85ec9e6c15777719e5ce212aae6d1b0d
SHA256 c7e3c0f092f83c54a30b03966c6c6242eed76794d31fd5cdef1815806c84fc1e
SHA512 b35e2c8adb29e36b6469d6145a88574e24962e556157c05c339600d90ec2d8c0b720dc02e598c15695efbb2dc5099bfa782a9c2c27a8b3c550ccfbe43a7f7016

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\D46BC1758499FE15E542E5817BDC9A04E6F45F72

MD5 08347b8cabb0de4d8b9ae684e81b9829
SHA1 f523048eda54e9dbf9e11b20c668ee6daa1eccbe
SHA256 b865989b66e0c1a15eebd3058331a3abf70644bce8011a1419cf30b3df013d1f
SHA512 13703931e03e3255fa622145bcaaa9c6b716745222080e527e5d93a7ac049c4a44bf953b1716d4c0b307331936930475ee74e6fb1630be66fb626d8c3745dfac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\6929E2BCBD1D5685C6216CE2F043A34DDF421A01

MD5 19e5ff65d2270d21ebdd1c8e4e44a187
SHA1 caba083f23dca64fb5ee08d292df98b805725637
SHA256 3b10f9b9cff5d9cc841b76f5bbc75618d5528cc3ec17727984c05472711666b7
SHA512 d2bc2d060e3f5d6b441e86df18eb2f47bac9ab962c4235c930f0cc86364a9691327d5c02b296abaae768e64be50b059583536e697aa805741e3d07af34607346

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\E38AE71F93D716E140D94D0678DD8CD28E0D86CE

MD5 073921f12d80560b819011c7fbba8e18
SHA1 867e14977129379ec61a0420598b79831198f67d
SHA256 fa24cb9db43fcdf769dc02117d3025215b9a67c704828497ecfbbe87f46f5f81
SHA512 9d64e6c1adf77291a30a385052e4d2d592b72d9a930eff19084d8666634b0f73edaa939c0858fb32b86aaa09c789fe8c7b2bde7235627297c9830463e0284eae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\CD24C88E3205FC271F4042C472281887499FC4CE

MD5 e407658a8cdbe8d41533a4491beefa39
SHA1 a1a5a8dfebd302329b9ab7ac00f05394cc7063e9
SHA256 ee055e68b71123ac2e372fb1be77621492920330a6a56fea6e58f3c79f403628
SHA512 fad31b313e6f62f833e9d59c092ae51fef726e8a928e6e8ac58398e8fd62d9c8a05fd02d64a44822046559f6466f62be2e7cf3c3b84b5ae39114b683e603ec2d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\FE1F5B94E735CF25E43C634E82ECB06C772BE012

MD5 318d4f4d5e666069114a4257263069ac
SHA1 ea38336ec7b5c4a6ac638aadb6fb251a22869b7f
SHA256 76f1b5dec37cc23d997e15ee47420dde7a0fbfaa282685c0881c3d711387b4a7
SHA512 5a513ffd9e95bed46eb70e3a07008a7dada7880e36a3ca234ff891581f4654499d46abbd27a8add52509f2997a58a53aea126b4cf08cf755abf6baa878bda4d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\999005F83D769E4DAC0A3324D86F6AFD4CC35DC8

MD5 99ee677f94e22dde7e313c5905e59b67
SHA1 e453a4023f756ca75b43f38da6208adeb189a6c6
SHA256 670c005bc1b019647b5a541c9f2bcdb6f3e3201e44156dacef1741c1b6d36b61
SHA512 a0b618949b622fe4d4a9ca0037962da4fa147e209e520177a5ddc5efbfd2316b46351703aa52c33f977c34978aa495a142403de2bfdf0c4fc369b31299eb8a01

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\8C51B0291B0FEE7F1A609AF4C53E8BCE513E0EE2

MD5 135c5d363541752c0ecfabcc2ca2ef2c
SHA1 3a9dfac1a36f7aefe4717fb066688d2418e753f2
SHA256 dae2e0384b123864e7903a3e0db344473098e376111233e8897067619a0da552
SHA512 6482fd8593e322b8e2559f76ef9cd156ab76d8f9db71b342c2b93d2a3256d50b8f39f047d6e190ef1163dac32c3231eea26a76607bed42115eba8fee2b6b9e83

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\0448F6A9F9D4F4A45FAFAC5867D90D6383B1CD2C

MD5 77538828aa9d2827dc94b6d477bf6371
SHA1 155acf89414581de5e2dc09d5e2439e1f53c10fa
SHA256 cef2db7c3c7c4c3f3d99071145267e89157e0e045a566e0937170e9bed4d5312
SHA512 9c3c8799d097e80867e16d2b4401dbb7d73d3ce5004ed63e238626ecc21e9a0863117bbd5aea8b6149e6678ea894b7c13bd8661150043d35cb7e66bcb8033568

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\FA6E2D6C554CD4CF63C10A0A9AAE528D9BDA8CCC

MD5 fdf8a7451abef842634b2d4725f21193
SHA1 a60311f84f0df08c56baaea7626799e0f25dca87
SHA256 05e11f55e09d9397b94973001a033c896860e8847459ea793eda6a532dc8dcb3
SHA512 1ec86723e5bb7a22a1ccd92cfaefbcee03115a07bebe38c4863058be8f05144d1ffd8928a67436c11e39d9996384d8668f91d46c4d38dbccdfdd5b0c49ee0414

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\C5CFDE1944822294811649261DC6DD3863D1435B

MD5 4d581e98aef2c9082da51150472b6154
SHA1 66ec877f0b6744924238670cf0bcb5d06d6600e8
SHA256 a5708691c9b032b965abbd3615c96dd81b8e9a49cc2ee8acd195841d3f47c082
SHA512 2570bf98e70a26ee38ce783bbe1b8c495a37a4e720a1f3f2493d464374a2be9cac89b7ae86929c9c1c85ba60af88685922c8f2921bd3602e94eff619ab583523

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\2378BAE55560E3817E1403AF71D9E69971891AB4

MD5 63b80da18f7345bfa54adedea97a412d
SHA1 613a4edbf43f7c060030f788ccd3ba54fc3aa14a
SHA256 495f89ce8bb813ab346d056f5498bc535ce69767cd264dec7410d48dca9ed3a7
SHA512 6d52bf682e957687a73b8266d240bc1ddd69660fe47d719938c15a22a4ca38bb103964550f1b3beee9931a4ab58232a3c00fea1fe76af532fc95a0506459b1df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\CA354D248C06301BFBFA8A7D1CB1C90E6298B3F2

MD5 df42ce9e1be9eb1a03847331d81f25c6
SHA1 1dc71d02b6648bab321d4b2bf395605dc2d5d021
SHA256 52070e4ba68c66484ed9743bfa72a16eeccbf956c3bda5d040b69b42ef099831
SHA512 336f1257cbeb4c1710f110b7e732b704c2f5be0737c0497ffb16ba37b4b25f880b305684256ba5c15f8e8e526611d7e32522f45adc32d4ec050483adbc3265db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\E80737F1665CEBB5A337B0A5FDB9850273DA33F3

MD5 2506f105c93bdf4d329eaf618c67880a
SHA1 70d583780de687559e675f75b1dc0f28475712f0
SHA256 b0b49b208a5edb6d2f18b93337d14c21dfb7954004ea86cbfe59305bc4efcab1
SHA512 f741fde999f1c2cc87815306070768dd13043a08a49aa0492a9df14265166370e844675a65df8ec9d59837889c87dc545f5b1ac80d7d5d840f8213fd1abf2d2b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\9019B55BE27919E7E382C6E7A7A483F4D63FF4BD

MD5 d2947f26e6fd0a7154bd44a6b88b05bd
SHA1 873b974f768879515d446c43ce9f051ef7e31143
SHA256 3160c14960ccf4eb9364a802be126fe8a69bdadc0b6db14fc2795387048f9ee3
SHA512 ce43942d35c064329187b81b3773fc8d097a72ddc9bc27d9ee7beda9739ab609f6b894af22a49979456f644dc5f84c784e3576634229753ca56b6d120450839a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\477F4CBDC76B6FA07A11689C2A65BCB1108C3E03

MD5 62148225526d9f956ac40955dd965f9d
SHA1 840ff9e32d99dab488ac1372581c29adff942dc6
SHA256 c336d93305c2e64328da69692874f34d742355cc65df9ced77ec44f31884e31f
SHA512 77e89e6aa9ec04d741fe4f1266fcc767c79aedf93ab754346b20fc2e704b101abfe2595a11d320bec22e641af270445b3a2f8052335ee987acdc8cc5c24b630a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\DC990C2E9B8378070C100B26A893DB305F84C5FA

MD5 f14b4d583ca79bee5ff5d95830d53df3
SHA1 2a9f737651755802861e29ec3604be1f36d0d0b4
SHA256 91c5ae2ab52876ac5022485f09942bdcac0e79eb8c09cf2f8fab344a45ca0b5b
SHA512 1d2eddf8966f28fdfb0e8e62550fa195a2267283f55311160baa23e2a8e6b0ed4916a0b233ad5f7dfed4276d6b03dad56d02d7adc4b4d5dec256f8fe37a6f72a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\40EE86962A167F85FF635E63C180D94A8BE50B96

MD5 03b7f4e46e8a15c72fef1d7632dee086
SHA1 1af202e0db882d6b077707f329cc0c1c70b45485
SHA256 adcaecb84fcdc3883ed5dc12a4dc5ed06aaab657f03dfec24654fdac87cf29be
SHA512 2e0ba865f5e4ca87ffc24e0e936a34f1f9780545cebdeb01868b995628e29164478969d39e747e72918d67e82d5b9e150dea23582f6257912ad85ed05810372d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\3ADEBC46DAEA2D77E1DF4B4AB6C524084F97786F

MD5 18497107b18355fd438bf780f1971d1d
SHA1 d1f2c0e2e8be1ce109e5c8e85a642d0896423035
SHA256 3c2f58edbe02fce697486441329a3bea0adf21f1cfb496a1e7793234e33e7832
SHA512 cee0634ba31586c574d0a503b81082e667b83812eb7aae7e2967bebb5a99b5c105dddee69a6cfabc840232b7ff8f54fea1121e99ea83a822de2a0abeafaf4dbe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\14FF324BEE8F75081FE9C38BDD3C16ACD05B921B

MD5 88a43a49606b1eca189f358c9179a898
SHA1 493b2328089909df17d673697d5095b803e56d8a
SHA256 741a5ce89d9bf3151fff1dc83aa2cb832c3d83748e1cfd26cad50cbd70b36509
SHA512 e56d91114ba0fdb4cd40e960fac8b637f054122ed08ddcea3237cf5f851140031bde609e79fa582f4845615d87e00d0cf9bfaacde6edbea0de374034ac93dcd1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\3D2EE65213655611AE063776EA786EF2A8F7901B

MD5 0d158a291fe3917827ec00782fb6dcc5
SHA1 f5e71829703bf7961453935f0baf864c6687820e
SHA256 853d8fd49174ea77b9005de8ed78c14eba6027b4e65b810fdb711f977f50fc2c
SHA512 b908d288cff3c4a230cca5ec7823719cd6ff70bd502699ff5994feba5699715eff68ecc999d1ddcac808a129faee2191feab3c970ab2d84747347525dfa9fe58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\1FF9FC80CF39083D96E02A745517FF30CC74D1A1

MD5 7e617a38a7327756ed87781aed0626e1
SHA1 d48f667ca75f07149f91f00f016ebfabbeae8ba7
SHA256 ee598bf715defe778695c2998be72a91fee538a2d5bd35e4c62df0eb30b51259
SHA512 bf0c54ae6304e49e58eade7e1fe972b9ddd0934194c5182eccf07d9a5ae0f3f464549c40dfebaa91b7777f8e00fa51ee25d390e0358e05e1d2df5ee3da3ac1a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\1CC79CF3E49417DC18F0A37404297B5DC5B0CCB3

MD5 edba2ce2a5a4805824759d6babcdba1d
SHA1 dc92f0473804e652ed58629b36e9d22e69948b53
SHA256 a71ff8e17b8a8039daacb93ece61da6186b718fdd117ac60049e0f51840f215b
SHA512 f15ab6370f1c11ee2f8b161f2206218be74057c409f1a52030a9ed59149cff1c95b4455c2616116798d3dec91fc6d1c2d308ee16b26eb7535415cfd097078d58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\E1F4EAEDCDED3C7FAD0B54B5CB47EB08E5BA1C71

MD5 a449008306f889ca89e485021325e45e
SHA1 bb3a08cbcbe75559f761d13077dfba853b87ba3f
SHA256 148cba4b6b92a7fd7c46147ef14f492f5582e542ff446dc2ea4d4c1bf1361346
SHA512 5a11155a1144173728c2f4992f5fd6d15d94d10cfcc8bc2b3ef4b20bad0da10905976152070ebbd7c07725148962a7fb5084d157d62d76c9430ed410fd29292f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\D0FF1E285C656FFAECE7A1D3DA3B416A2B43B2A8

MD5 bbfaaf4018143da2684d426e6f50b672
SHA1 b317f373720e635b1d3b4e2cb424f46e4adaf1dd
SHA256 b4b947540504133806dfe6f911796866f0819af6ab0ee6e6caa4b62f0445d606
SHA512 6cdd97ff59922f93cc9725ded4c9d188a3f9b5460f2b2cc5a6df6c3f2a8f321974f3fcadde6dab7d415f96364d6e788f712faf389dcd7ce1d2d89855a462cc8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\2550FDABB65ABC15BB2125D4F45E26670CEF2375

MD5 6dcdcdb693bdbc85208ab5fbcd8e22e9
SHA1 346bf40faee370603d49e8216cd003e4c2608353
SHA256 2d73fe9cb7c282ac692518655c3d5f38ac2c7e55209201b7cc58b017e21d2729
SHA512 d94859d3859867b14ba9afff9348029ee4b7bbc86c15907c0ab5e9a31dc5fd304a82bd64d2922fff8037a128f613fd8b4948fccb210e9bd6e0adef0e425bc5d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\F296CC0CB1185C9A281664B8D8A74F6FD9F1BBC5

MD5 de482e98667d7f378fc6d1716ff5cd3f
SHA1 13ae115dba25c6f5c526344a9307c46b40fe1fa3
SHA256 b287c6a6ec3376c97b1bb03c8b94738cc2748ba1a7d951ed708a59458b7d0152
SHA512 390e99cc146f0f4913b05ed4e672e39fa02c618d0cba39eb0d5d36159829dbcd532e57736567c6d6c21761fef83742623252d94bf67352bf5df38aa2216459f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\7D140FC8B10FA0CFC53F8E57E0114852088512C9

MD5 363d607e92f598a5d8f225348ddb64eb
SHA1 00ed838f3502fea912f4538b30124db627d7d9fd
SHA256 6f3eedddc48dd3bb1529293ae9bc00aa053e921f287f4ef6fe8ec415e9f4472b
SHA512 433e6784b5fa455e83162cea85edd7ef4a09a9fc051494f1bff1ace286f9b1b2cb356a3b8aab0dbd0ebfee85baf8f0e5586e9314ba1d3c4ffe7e90d48143135a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\B20635A9E3239966DF1AF8702BD403FE7FB90005

MD5 c0485a072b35d9f22736a3f26751fd1b
SHA1 704f3c540a54391307ccc72c3ba83b9d95c86ffe
SHA256 68e0db000a4ad9765aa62b9996db6ea39d797fced5b345e293e21c6320d3f9f1
SHA512 80f285deff9302b0f949fcd1cebdae15327ee3e0a3f534e0525bbdcb59498b977799b6783580754181c472dd1f77a2c5827919acc70d48844974c9810cc1151d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\0749EB9701150767FCDD1996E925D85763F42DBC

MD5 5bdf72ba525647bc68590b338945ca2b
SHA1 08ea6b9424b400eb8582a288df46f03878f65819
SHA256 40b1aa67c994d543d1d66fa9a14569cec92fb3408c6025fbc568ea1742a5d20b
SHA512 ea9aacb4488282619b771ee5aea0ebdc1bf9caa1f2dd5e16c1231d0f3e9dc92d061a4277f3280824f9b1f608ed6ac305ddfe3a6cec3e8062aebf8587b637f751

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\48614B6BB9D208B93EB55FACE83B7D860638380B

MD5 d754b6d1a832eaf3615ad79e6a546984
SHA1 9e572a97262aed9a8410fa664d2a06608a1f57a2
SHA256 847c2cc6aa9aeca731f2e0c6557f57021e480b22ab9c9390355dd2fedabc345a
SHA512 da08fd42fe25a328e73476b9f4a5f6f8de3bdba8d2386b420d6f63271432c5d025c8dd0bf9f4a51211819f40126a304621143bc9b42e752fe5f5e1b84b7f82c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\2965A34A6840D5D6EE6F7501F96C7853A99885AC

MD5 a4ddca22f1f89ae26bedd6679114554a
SHA1 e7f6675e836cabe49cfba3bbe3ffd6ee04a7e8a8
SHA256 913030524b2fd348a2af6628ebde370feb5bed3508fb08026ef2d3d92ecfb98d
SHA512 72c31db7d2508978b62a663594bd737316f877b87557c82d4d56bc05d1e7199152f924955bce427236f415a39f81b66310fb7cc7a34025e10a15ba97ec920984

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\B3E448A876B34E821E365527D2AECCA735441C98

MD5 5912fc5bcecbc51252ef9b77d25345d7
SHA1 2d6186f356720f35805c990e0584f443c3a41730
SHA256 99ee9266f38857e3c014610a32868ae9e6b786dd5508995cfa4a12caf3fcb74b
SHA512 18b25783b751d3aea4d4066cb0d63dc9e0c707cc0e0735dfd5fd494b8cfc122e289b5fd6fb732edc0f9d274f012676bb94d5d033e3e8115a414e27f27925eb7d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\09444BD0D61BB42233E6BE4E25328A8102578DB7

MD5 03d248b16ff48952451b78459e7c7f48
SHA1 890e8efb4d829c68e2ffd53b40d0c1c8d4f15005
SHA256 023c100fef4f383832400f1834ea72125f335702c1538293c2b10dd7b418e118
SHA512 07837db982fb0dcdb5f6c9249fd688f7c414a37071ce70ad549b63f8247a687ab4e89954bc36a30a17960956611209320c74e006424c204c958f15f0e8c17ad8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\4203F297A80788B0797DDD316BB5F518A1E62822

MD5 6163bc4ad828c0545c05472795fb324e
SHA1 2c48b24d80c2c724850e0c01627f329c41a4b11c
SHA256 a05149c5164ee02755ab403107986cf1fd34a33c32019d6985199f6f8432fd86
SHA512 1b04857d25be5343d5fe66dd7b96963965b2436e93c53a5aea24418cca9020c12e0ebe4e0763b3235f5f43958f264fbbb38c64dd836ae3dfae1b694d63275464

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\EE8784B691126F2F4AD0F3140571266E32E0A562

MD5 5835623f96278ba7bfb18262f2a4418c
SHA1 77febdd0ad62110229f0fc8d35072f37220ae616
SHA256 aafb620880c16efc5ad5b82f7ffde477dbf960a4376d3e13080ad655db4956c9
SHA512 875e57aff6aef55af8c35aa5abaa0c74cd870bb0e19467373e726c18a7a01b21a8b47ec9d8304c3faf1993ee6123ee005f202eefad34259cd97161fae0b69621

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\B3B0E252350B538B85FDCD7986C1EF6D495A2570

MD5 4e1b20caea6d3d4ae6735a5ebd04f28f
SHA1 ff99dcf62e804647704df5a3b04ec31bd666f9aa
SHA256 26fa8386db5c437e786df7f45de4f77da9429c68e723264497855807e9d5fb37
SHA512 374de3875298b5d1f3947748fcba62689d04c8e127fe0e778819529b0af5b5313fd33eda7ddf2a87759bf0d369c9cad8a0e94a8abb17a652ceb3b6c421447a79

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\EA86BF7019DD8098795FFCEA42753555A3DB9D39

MD5 f25bc0b7cfc953463976c28ecae9bb78
SHA1 a7d0ef481f87fb022de874d5be06f826a682e3c0
SHA256 6b219f622f641b4fb065df62cd2454f094b401ec979bb52d9a9517b1ea3d76f7
SHA512 384d2a0307de1382774ef75f92c3daeaf249acff66c816430e0d40ecd3629fcd7d6ab40d0361af3551cb3689a51ec0488306c6b8d880769599bcaa8502973365

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\E6E5D227E10FEF3E6FAE12310B27EC9C77E7D389

MD5 04332e1a43d0494a7007e75f5a793a11
SHA1 30fd960a9fbeaf013687256911f44fb19f6685ff
SHA256 d9a688f7782030eccfb46aa7c0e1ef1a60b82b95da12b8de1c32d4af7df1a42d
SHA512 8fd0db6f62a3a0fa19a57a7ce1f49d78f5e8069dd10c633eeeb4cec518762f990474e762acaf670d917ad5e4ac7ac0f15a55cb518245b9ae86edb9e6a0ee0492

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\AF10D6A6EDDDEAF586DD225969745155C8322254

MD5 de214aa7302fd7011dffee07aef08993
SHA1 90bede4271181071af86fd5ce0ae6462db66f3fc
SHA256 a460e621c70d8bfea1feb31dde3ecb48fa6a7e02c993ab6647ace6d8e2b9a6b3
SHA512 438f9bdebf940f23d0c87743421a2ebf7c6a4a79ea18c15f1863e02d53c05008cebf4f37841d26471df1e3cb0ae848df91535b740e2d7fef44b201d7d7592e5b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\3C8481431E45EC64265097C7B3532837498D3E80

MD5 b0dd1c6dd8e9266023a54d33936d799a
SHA1 831cb1b861dd33f4e7234bfc221d0ad8d52122a8
SHA256 264315811fbf060285e06b65e8bd249bcff9d38115351ac33ed190724a9a1061
SHA512 f74e9eeaf053e6b4d73577fa14bf1a3a21750f3649456919418345094b6bf2d87c35acd7de2fa5a99c0a221d4c88ccddc3f642608a6ea0876d0db8471f387ff1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\CE86FDBC2B4056E89548F9B04277BB615036962B

MD5 9dc82663cb9beebb88d5df0e574ed0fa
SHA1 e7ae0ec899003a0735954338e3cead2989e032d5
SHA256 719cb1be993ed98260f17a4b04d31197f13f8cd0510bdccb41df79cfaff72030
SHA512 140d8683d6bc3868d5f7aa30def12fac479c89d2113ad1a3be70e56b6efe3f99d3d886826e3675a95e163ad3abad4a4569e883284fd753c08494f8e74a5cc185

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\C6CABF14F9A25698F72A68D21041FBE5CC0D77B2

MD5 a1677df9dcfa991f074cb1be1981b44d
SHA1 cf30622a14537da67f2f9750510645b174a6cb66
SHA256 89667d4c6e15af34d60693fea9b579cc09d5264e2048aa24aa8f4fe1606095e5
SHA512 fec76db63623e13cba61d9b048756491986c0fcc430314f03050aca1500df2147b8cb89c23354dcb79bca7e54931e0698054d8a953e7250c84d501ae7db50d4a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\E2D67BD390C97D19A6C9926D36F8B5B06C21A6CC

MD5 bee6c8aa9e57bbdadc5d352ba97c16b7
SHA1 9cfd0448c49a69cd8378c94ea4cb23ce65ede015
SHA256 c73e45d5ad460a6749cade5c5af82388f60799eedec115a38c0d140c69ec4209
SHA512 6b4a8ef827614e2f0d4b2744b408a74a59130453e45dd1f6fa082c60779c55aab822106469851f47fe8e171fd2b22fe869fbb49013f43581f08c3ef0cd5516ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\B545B9E5C89522DBF95C12FB3260F13492C2C534

MD5 e39c7a5d1ca78d1ba52150cd5aff7610
SHA1 ca8f7b681c68250a1d918c5861dc9cc873c3e781
SHA256 6cac1d23380ea895472261bae7cb2c643c8188618b8c3008e594d88924f65139
SHA512 1a4eaa39013e8dfd6c1c51d54b7c97a9bc474c319a758143ccfc2c371f8d25687751ee3de269bd4646c0a547fff3b2bce59234d4a16c6f20a601d41ff6fa1834

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\69F6958DEB0D775A893D1F0CE28C27CCF1ABABA0

MD5 390ac5cb1a1d4006480de8ea902f6959
SHA1 5cce4e5558dd13d769062636050273c585236731
SHA256 c99329f391beef64231c08ea21698ff39f418ac3b717eec424452eea26c8451f
SHA512 2fb564b8cd9cb799d14cc5763c6b71a4f712c49889c41af12476bef55ab045fdc5332143f8c06d16745f22d639a5ac597447854ebf55cb681f65b9dfb67eb350

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\A5C44985C20E7144869323F9E65D1FED0D0C3738

MD5 d6d7ed667259bb0d0a77493c97431c1b
SHA1 ee012a7ff78dea891dd53ebe3a2dfd11a8e8dbcd
SHA256 0e48067b6f3b8ded05c8c62d307aecc80b7f5aded24786b285eb816bd80a5131
SHA512 8011e207e92edcb5e95d79c9f5e873834b08dfff8b8d2ee8f7558a726ccf49b3cd0c6ac08b8462308525cca5df2719a520bfb509e5ad39ab81d4971e7847706d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\3892996081ABC95E471CC4B3AE0A858E7A52E706

MD5 960c52d452aa7e1c2a6fc1475ae2c694
SHA1 54dc798503d81483846b51f53d0f2100c25d3358
SHA256 0602fbdd3d3895b7329837b181d12e93396941ee7c8d1cb9a322fe7098878fe2
SHA512 d54a4bd1d83e61cff3986ef79d655b8dc11691106097a08c32095c4957fef3d30d544aa017eef945f277ff46bf7da43732831c01395b4951dd740e413e5b2e86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\A9E718B7A56A176D722B4480EC09FDED4F86A49D

MD5 6a3e992fa48b9793c7066934600304b1
SHA1 1f86ce8b215a4d62cafa393124f0b699a303bba2
SHA256 8f046d100b7b84fdea154ad04de928dbfed11e8a33dc1d672732ecf4f5506f0c
SHA512 8d7e45a17a0cffb880c9468b0b6ee5c490f65157b6df5174da35067a2206a02217cc22b2030bc6af243e4ef0f9969a92823e576b113ec135bcdb1774da1ff368

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\4722964CF6AFDF3222333E2A7E88C40DF606D64F

MD5 47ceaa1ce8c1dd12e1ce31caca66670f
SHA1 0733f18cf22c34607c9da5bb8c9fd22eb1ce9d07
SHA256 bb4cbc4ec43ee54dae95613eccb8bdd8556131b9c8d989fc20d9dd4e1eaf7623
SHA512 1ced9ed7d3842b67d7d1a2fce0a287f7737e730d6dc1427d2c6636df9302848f0799ad2ca64a26cdbcea7d9fbff1eb38abc29788c809e0ddc97d2e27f672ac3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\EEAA8B6CB450A821628297B2E4F2DCF59F53D3DF

MD5 7a0eb08ee0d1690b816fb2b5ed20de09
SHA1 20b580c8731d423367018fb9a93e7e354ef06e91
SHA256 d7cf245fd1ebcfbf48429e8f05581f64b2cb2aba99054a9edddf89c0c4bd7dce
SHA512 df1360a31bfb7bd28661f50ca6e60ba95c338a295a3e8b1f56ba7fbc8ccca39036691b79d35d4013d4028a90700b897129d1efc038b2ed4eb764750a1c76d6c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\8B33B0F2A1732E0907AE80946371FD89A38C25BE

MD5 150b96b26ac26ff4287072b97f927f3a
SHA1 597f5c0f5cb08a23f6b60406bb42f424f5e4c6c4
SHA256 de9076987b2507393820ebaef030db395459957d67622caf7a0fdf5d9a22ec44
SHA512 d359abbe88ff6cba65a225223e5282b1d471eff87065ffa732e004e94b9d16a41c739b5f67f2a285911ca24c6ad6637343f6f0a9a7505b3cf26dcc59500287bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\80052A882C2BC1AD77D357D3CB5F6A42DE5193F2

MD5 80711c2e2a9847b6dd77a80be5963a36
SHA1 9f1ae80ef83e3edf6b1941e318fd8e85a430837e
SHA256 8ac589d950f3e3401edd622f758a0bf36585a9e150ca90049308aeae19445cc5
SHA512 912555214b4d10620b6e338ab80060d222d4a02e0139b12112a07f049da0f3b59515d936d9f85b30c7d9e63ba8b3c13bc8de5e19f5b2d905e61fc25ec51940d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\257FC89A8CE7665B22FB6627E176B74644190734

MD5 001fc3952e2d6275dc3d09f08b82c8a8
SHA1 adc4f0c57bc4e2ea7b1daf224cabfcde3ff0e365
SHA256 064c6eec241dfb97eb3adae76ff7559dfd2e469471433bdc3c8f7e2f22fab585
SHA512 7c9e29587334b49463775dc372821377135bab4c9ca6d76392a67d49ce36bb2ffe2e1327f3684a50f8934341d3540b0cee1f99d232ab298eeb13eb4f05145de1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\2F98A336BB0E73518918403FB6BB81CD64916CCA

MD5 61c15c21b4ed962a1129968b1935aef5
SHA1 bca5395537905d71412f03f6e395094a4ae52293
SHA256 0a7f49285ff491a3c2642fb252d2d40543abd379b38ddecf42818c3651d086ac
SHA512 6e94dda1aca763ce537b9279fdd2539b3111a221a4351ce1d73951f9bc23b56131b7a0ecc74443e8a481d8658fdcd316f689113260348165918d550ed1eb38d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 ce6eef333162dc82bd16994f882d93b4
SHA1 89ed7636efa4648744ccabf80d185a6a88d12a34
SHA256 dfef41745c28add02ff9bd2af813787c08f0fd4886b617f193b868a1d8b69826
SHA512 4302688d2a4be9459e3a9f13399ee51ce9d6b5de4d26b92419d41a4a841ef69b70dd07fe7e6541fb8d481eee0f6824df7fd0e91d9c31b5fe8928031e8a5261fc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\A79E2AD4ED765A5D3A0CE914EB98E20202BC376F

MD5 2e446eb974574049e0711b8b730edd66
SHA1 754d4db4a65d04c8bf31f5ec7e606f99ddc62491
SHA256 3c61c99a4bc8f18ed47082cef0c05b2ac87093f1addcbdc2bc3445c29059da80
SHA512 72b205bfdc45c1addce1a543c5e2d9742b54c396c872c4644f94ca8fe5cea21d3ff7436f9927a65e42953c72e2f60a89a629970aaf79af1f73a85f3e006d98c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\AD131E4DC8201F455621CAF5755F086A5990D8CF

MD5 46e74bb38e9a14f01fa97a129176daf9
SHA1 5d549dde8fe9eb1c83b06cb9d5219ace8fffc0f5
SHA256 0bfa55b4cc486cbc92d763bb963955f7136e879910945dc9f252f93fcf7d1251
SHA512 f6824715eac69fcda366a3b7c60d4fcc6473f40f09017e4eae3df545b336a8d8d36161d86e5d982a3ac24a558846ad15db233aeedee27123071a2b02ad816411

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\6A133B05DAF049785131E55717116A8F8CDD3417

MD5 512c8ab45f4c5e3d512f5437e9244d2f
SHA1 d41821663eba9ceeff771165e29eddc6dae2753c
SHA256 39432885fadd61c28e82c6fe333fbf31490f48f648a41d243d0dd33094beed62
SHA512 4980d4d4ff32cb1a5c14c10b1174a9d84e96179823c733903f1ecf29391f02fbc1de7262cba60f3eabe02f7674b3d075449a93768a38cc3a6e6089f8d89b6f25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\271DD9C6EB7E869431FBE8881C5E2FD717273531

MD5 644f01a1c44e3981c595b49b85b28ee7
SHA1 99dd98bd36b3843a6519fccd45bf0ab5695e29fe
SHA256 fdb55d7849791b72017a9dd15e38e7fc7fd6ec01d4b8961680d744bb82e43464
SHA512 fb1a1e882ac63211c86584bb34e0ef0ac2d7fce5ee358fe4f7c0d3435d813dd734bf358e97d1eef23591c5f6885df11a94946569ba9c2257e5568dde9d364666

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\43F28B4C39CB962AFC17C0E578D4EB71F3ACEC45

MD5 8891621ffd9bc35d4449e665223c1bca
SHA1 ce4267ba287a0b03119660ccd41e471673404cdb
SHA256 b433318716c52fc44f04a6e17708ba0b6249811716044f1d0bf5b244329cff57
SHA512 3617322ce979546f803f6d5baafbc1e04d7ef1c06d2ca98a85adeedde218d4e0df06b52a5fce1be820206042ba8242202b0c5638ef0b58b6893b28e3b9da6b83

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\106440857DC44EF8700656074DBC4F8244E576A5

MD5 879bfe3d79edfecb442f66105813c246
SHA1 30a5d922b88f6f8e7b2794945c389c297968153f
SHA256 2f7833da4e18e8e776f1cb84ab5cf8551c735cc633500ddb06d36cd102f99eaf
SHA512 429ba88280f56e33d537619cdd8013e26b34bee09ca10d036bc9a554be821fe8dd2f4daa6292304803a9b96f6f8ea66aeb07feb579fe5af909d02149725126c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00

MD5 2081ecc78fa47096827411163d65385f
SHA1 31e1c04e5a1bdeb3ab468fc10df84b16c6324b28
SHA256 4f987d08cc7d1178db56094aa88770f7dc17e1ea9ee8bdff7a32be7ffe8eb1f6
SHA512 f54284845eecb4b1f695902f69e6caaa3d022830aac35423922265e893891ca552dcc81363cf0c3e7f40620bac352278944984abf95ca708f66c4eac9a511b54

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

MD5 fa809a477ade9a316d469b276914c8a4
SHA1 8c106556e2d32a28e123155613a1fb20ba0ae078
SHA256 bb07848dfc7ac760ef5af730d0fb857f853b3bdc9e85f655695e83b94dd5e04e
SHA512 ad00631020dd887104d8d4afc0d4e74ff66a0915e8f32b6b53d4f6b4a6fb522ce513ffd6bbef08757a061f648c002add84dd30be1366a6723f36f57ea243af7a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 b8c026f7466db5b96ae2447d14602207
SHA1 8565125ce0eea92e250afa5d0051256a7b617fee
SHA256 8990bd49914802fb56c6f1c171c35b90f957885fe8f01dfbd60d1c22f392d75c
SHA512 18570efa08c32dbc82cb2cc22a45ed5627fbd4851eea3f4d89cdbb1934679931d9471f3a6dd453be184276b0aa61bbb9db8934204403f5fe8640c4ebb800a839

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

MD5 859b012d9dc919993fd93fdf6b387020
SHA1 f9aad3af2dbc3e9f85050230dbc9300ee9704600
SHA256 50d87436e9217ebf25b7f1bb255ce4945a0a61e3f62a7e30e2472b1a602cd630
SHA512 67398f68e9574205bec3fcc1ef0a988753e2606d9a6702e1dc244214453536c6e89e3c5f6c23fe4db4fc23629f3f116ce4dd0875a7db373bad70a37574296c3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 a79f482d47f9a5f19666e35ebb7ea05c
SHA1 c23b4f23d2a7d774312d38b17b51bb96b4081134
SHA256 33a76b82b0563a2689b9b2be2e14c265b48a0d9e45bc94730af91bdf7c37d9ec
SHA512 81bf0f01cb0b5ce54943c7c2c70cc8763c6d263663322debfcbea926f14fa15ee717f717f3b148515832f6270ad985abfcb96e106ffedf2f18eded0ea4962437

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\13C6D6E5A08711FFCC3A26567F9D581D24E265A7

MD5 42c86b90ee545aa5d156bab300e0d4ac
SHA1 97397f26bcca4e5d203b66c18e3185972d909d68
SHA256 90ab08946b150199826ae86ba8132c6ad1637bec6e5516162b8d6a66787fc1d2
SHA512 cbea2d5fd9c7457d16eceba865f66e16bf57950fcc5a6ca18ff47a2b426c50d68f5b5941789945903df4e775bc0a287a8083f04a2694622286cf137edcf10fda

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

MD5 72064a9aa6fb5bde4f24d81afc6d3332
SHA1 f498c9b180f45245e708fb3e3b89b869284acae3
SHA256 a57dc365ff8c520fb167e46c151686ed74ef3ea432292683ab587b376d2c2aca
SHA512 2c40ed9aeaa63725c43eff12731c444b2393b9a857a72bf14d4ac3dd0f6d0be3e32b7725fcdeb468af6d8b6d8f0082d088ef09b00a5c740c71787b46ff0f7887

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\552D7E776EF97053734643ADC0C74EEAE5E0BE4C

MD5 c68a57ca31b76e29b2c8e21975c0dcd9
SHA1 ab93689914f0abe043d208e74f61cc80489ceb9b
SHA256 7fd8c450c84af01b61291fc423d18a9f66f2e02bf9e80b3ff2e84d86af3d3203
SHA512 f37f98950e315c45a3f7e87fc4738da5cc72c00c2744732706cd79d7db4aba65bfa19dcffaa39897c8b980ddf12eed88b8543e58a12ffaa309d44db3bdc45847

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E

MD5 c6865f48491ab903d69669fe72399375
SHA1 65914d462b9df1dfedd2a44d98d6fafc66278e21
SHA256 81daaacd1140c2a787d8462e4892f918b0bb3cc30ed33ae10080e7ab27efb1c2
SHA512 ae62e0a57752be3a2f1bde623f8c3058a750a1606d4504d589838c149be8ba7a9d2d58326100182ce3920865508386bca2daf1ba0f2325c26de855ff465d991d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

MD5 3e1dd34de8e23a7ead3ae26ed9d5662d
SHA1 a2ff534d3191d3512bf30fff85699263c1241634
SHA256 4077dd0afcd861386badec656a9b623d66fa1147b9ff2a454a0d6bd5c590215a
SHA512 b3391d2a3a1d3c16fd9db814bc7bf537424bbbcc4d8463a11301b5802911fe991a64d3c0f0b7c9dda389f350d434c9c518f727362795fbc8179b6c3e812e526e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 732a3627b9180e346bc05f7981d81e09
SHA1 f63b8c2ea159a01035fba7a93cd13770be54c269
SHA256 71da805af127ac7d22279ceac0c3fc48980b046e22f163a8130e7580f503f5b4
SHA512 1d04d9b389899f29d18cd046ce740addb7cd9d8d4399219ea9d27888362a8fc58825e455f40c261d2dd1fc5b8e1a1a8648e8067b00d3e1c02e3130cb6daa3799

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybbdryvc.default-release\cache2\entries\DCC7FB835C6936E595F9B4F680D5035B83C92405

MD5 7e32c47c14db8636112fecf29be66548
SHA1 7d8c1d4907a2f53f7fc9a27a77fd5ce5e6d3e866
SHA256 22a77dab190b48123ec701ba301caae14e474296629f3b7e0a3488d9fbf42c41
SHA512 43d24ece6edfd798cb926e03d195bc65dc64e5bec9d2eeee9b23df4af77c7fb35baf15d27f08c6169c2a6ee7f28b1b0b6bf8c15c21a8b373ecd0c2f8af3331f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb33fcd2d82503b818facf7c603aac63
SHA1 df47b205b4faa7a194b4b8d560a3fc992a1af5b7
SHA256 ac930135497aeb2de5e10e5207b8f896afc9b2aec16f1cd35f72155d5090f3f0
SHA512 937f8175a0a9b7657094f8d0965113518b18e4e79cb9939c093b847d8751a743f7efc5c4fd211fc52a39d6574042b7f7efffaf001c26065acc20c6f7ff367afb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9c9137f689fa72a191edab5cf4f7c6a7
SHA1 5435339b2e737393a0168a1ee22327817d922023
SHA256 a7d6f1e5ba8fcf5fb549659c106795c65271396d749e098bef14a199947bc212
SHA512 0ae3f7baafe3e057531cd22e0ca096d54e7f33b8f67244535e5a5dafc7c0020958c8ab6cc39eb9eff1d64dad26a4994fa4d1da2d557b25e8a813a6be5f3907c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6bf32397dedfd34bf58c5816b589150b
SHA1 334ef1ab68bd564fe5fcfe5f297730891c98e205
SHA256 0e2206589211f5fd759192c059abb0ada905d1fb66158d904de03323f79d406c
SHA512 6d6648589aeb6bcfc8ce1b0c208d5fbd092c7b7fbcfeb3a6c98f618f490fdc71144c6ba6b52fa9c6a10c30d45a89615e29a04dbafa21edba669fbf3a03967263

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4275dbe3fe97b5947bd66dfff9536a83
SHA1 611f9b3eae4a124005fd126a7916ecdcde719a16
SHA256 6265d3c555d94ce74bb6828015a179ff12a554ac3fc58a7a64cc385c0abadf02
SHA512 b25ffb8dd9b3ffc28c38da9d5f8f76b84f76e042ac3adb91c4f1642c0726227a74495c331fd582f201f2e0e08628cebe21d964030d1428052f0dfa337e8fe55d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybbdryvc.default-release\bookmarkbackups\bookmarks-2024-02-14_11_7eTgRL8GHku-amb0+Fw9aQ==.jsonlz4

MD5 9d2ba8138adb1b2d9c3022b3c22807cf
SHA1 609b48a75d7b0fb7041f4a8b1494c42ee793bb5b
SHA256 c4ce6b701ae3c8b18ec491095dffdc79b6c30bedd7e519e93f99136dec00afa2
SHA512 86ee17947fd556799a7bcd4385a80e9025ae62b38d8b3166144a0ef0f342b661ac77119aefa649b123b698740018cb30568a7b784543bf363ece4e520a11705e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3281bdd5ce50c9a72cfd4afe36581432
SHA1 e97a0e124de3cb05268d2cc095a6d1ee6e8c2e4a
SHA256 78baea76279f18f5359a4b965c5e2d0915d3e4597c6fc536bc79e46e0dd8009e
SHA512 434f1a5542d3ce08c3415d497a706fdc795c2e091d29c2231e3332ff97fd05ed56f718248002458132ec00313cc06b1f1f672421d6ab33e88a4d7cf134f8be76