Malware Analysis Report

2024-11-16 15:50

Sample ID 240215-ffhrhagh6z
Target 3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105
SHA256 3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105

Threat Level: Known bad

The file 3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 04:48

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 04:48

Reported

2024-02-15 04:53

Platform

win7-20231129-en

Max time kernel

70s

Max time network

277s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81E89951-CBBD-11EE-8D71-5ABF6C2465D5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81EAFAB1-CBBD-11EE-8D71-5ABF6C2465D5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f1200000000002000000000010660000000100002000000053a14e55d1b33fc8b2b28c762261a596824bca2d0b5099c642ead1480eafaa4d000000000e80000000020000200000000727908abab89b68bfad349f9388ed3c5eb53df7ff811b50eec64c2955b64445200000005a413a561feb3cb1a88c3982c04d860b5cfabc048d9210ae4c768843f9dad14c4000000025c1434fa01a9e6e0f5c0ea3a85d9ad5c7368a280b4d2e1a84b13addf4dc8ddedbdc1dbe2adc50ebb639f8978649f926d7a0a21f07b4fe3bf2b3290efc807b9e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000008dff28a675b4ff9fd8fd9463bb7482cd315a67853fb5a1c9f6c00417be3611cb000000000e80000000020000200000009973ccf569e5c64e2031d9f83ec7184a5a26d3c7486def265ece3bd9750565ee90000000dabb81cc62a301fd8e817dfc7153f0b946e189d601fdafe34f8aee83e8c585b4d699453b773107ebbb4f7e187c03cfcee413dc0f65618ccaab42523ca5604de5aa5b687136c83755736fda8aa4f9c511a638b381a8ca4b2d2e95d189ea1515f68abb6f48b79579ea0d6d93d332f79156fe08f21862ad5d06d025ee8cd8b393ef999be6a649fbbb30e2760ec3982e327b40000000f9a7bd1fe021c6028d3ee0eb0aa65f0e15bf32f3a4a48aa0de9650410abf3132591470bdc1c6d22e7637d32c5c05d13a057eebe90122eeffea5f7c9c806d6451 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81ED5C11-CBBD-11EE-8D71-5ABF6C2465D5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3028 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2216 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2216 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2216 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2216 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2908 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2908 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2908 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2908 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2980 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2980 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2980 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2980 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1732 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1732 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1732 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 2764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2900 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2900 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2900 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2900 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1924 wrote to memory of 2124 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe

"C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.0.1136024030\982972472" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1068 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d42c0d78-462e-46b3-9e32-615f8dc7cf78} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1300 107f6b58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.1.904426420\1308379537" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f267e060-2fb9-4f9b-93a6-c96243547c4d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1516 43db858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.2.993860324\1776113760" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aef6db7-5cbc-482f-a496-c8d445bff23b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1872 1a621d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1208,i,18411826527274872312,5378469069239572895,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1328,i,11991138220243035167,7412419928297202895,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2928 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1328,i,11991138220243035167,7412419928297202895,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1208,i,18411826527274872312,5378469069239572895,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2636 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.3.48994477\1674062613" -childID 2 -isForBrowser -prefsHandle 1804 -prefMapHandle 2556 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72a6a6ba-06ab-418f-888f-e5161296c71b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2240 1d0d6858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1496 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3696 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.4.517266875\648179783" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3660 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92b70979-1a2f-4bd1-bbff-d1d58d2fd9e7} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3596 1ecabc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.5.1604793446\278370479" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d87ad698-dfb6-4904-8107-043e88397f15} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3784 1ecac858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.6.581404749\1079933423" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 3964 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c8afa9d-b6ac-4647-86c3-06a15f0124e9} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3948 1eca9858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.7.292888047\739042644" -childID 6 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0e94d26-3e77-4f17-be3f-bb369380c4ee} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3996 1f184158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.8.1741827595\637450560" -parentBuildID 20221007134813 -prefsHandle 4400 -prefMapHandle 4376 -prefsLen 26212 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37d496fa-c350-4419-be94-0d2bf131c729} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4388 20205c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.9.445916824\68361345" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 26212 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f90010f-d663-4580-8509-730c9e49cf06} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4500 20204458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.11.2124627742\898525951" -childID 8 -isForBrowser -prefsHandle 4876 -prefMapHandle 4880 -prefsLen 26371 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af54429-5a31-4dfd-b9c5-9939034fe2f9} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4864 216ce358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.12.1552850541\369507605" -childID 9 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26371 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d29125a-b849-46f2-a888-1b422b93c1c1} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5032 1f80de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.10.956401121\1178870521" -childID 7 -isForBrowser -prefsHandle 4532 -prefMapHandle 4724 -prefsLen 26371 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {080ff1a6-1fd3-4ebe-b9c5-8e096baf49c3} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4764 1a68df58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4200 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1216,i,15347059016037883455,1254055691618474209,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 52.12.189.203:443 location.services.mozilla.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 rr2---sn-5hnednss.googlevideo.com udp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hnednss.googlevideo.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 rr2.sn-5hnednss.googlevideo.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 rr2---sn-5hnednss.googlevideo.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-5hnednss.googlevideo.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr2---sn-5hnednss.googlevideo.com udp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
NL 172.217.132.199:443 rr2---sn-5hnednss.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
N/A 127.0.0.1:50426 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50468 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c54.gcp.gvt2.com udp
US 35.219.153.27:443 e2c54.gcp.gvt2.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 142.250.179.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2900-0-0x0000000000600000-0x0000000000601000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81E89951-CBBD-11EE-8D71-5ABF6C2465D5}.dat

MD5 424c72575ad277d24a1576ef69e82645
SHA1 31b404e85fbdd73e4fea567294db88c0126544fa
SHA256 f5a04cd605afa3fbbd14661637f1cd1256b6db3ddfa756eee3a1932035ff1779
SHA512 970475e3a5080754754884a04684cc3439dff57fd8d1dd8522d365999d416512c3d76a6a0fc537ae605ae9293740cf4f208fe83e26914ff2e0abac0dd4ec461c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81EAFAB1-CBBD-11EE-8D71-5ABF6C2465D5}.dat

MD5 b706e1279e0d341e8a1e8a5c6d7ec77b
SHA1 d4980031d2effcebdfcbf0a9f607a14a34d7d337
SHA256 2208f232641445fcad082e2b3280ed87abbb8ef4aa48b404c3d9ada1101c6bf5
SHA512 a1a72491c54a92274f350f93e4aea4a9d7883100348bb58977d483fd191457b89c10958de45717bb71f51fd6d7a6918aeeb06c833c5f85cf5a98d41140b9cdb9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81EAFAB1-CBBD-11EE-8D71-5ABF6C2465D5}.dat

MD5 370584c476bef46f1c8f52071a340c3d
SHA1 d8c7d7d2eae3fc3d8f1585f8abd63c100a2108f0
SHA256 0c896f649c6f97b6fae3f7f2827f4a2948753c303eeccb96245f4e3514d39f81
SHA512 c196a6fb40badff502165c8b52204e0a6f35bd694af28bc011fcbafd48fa0d6edd1c6573eabbb6360dfafd0d29cd8ae52e0b3171d2459b7becbdd7a975e9b87c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81EAFAB1-CBBD-11EE-8D71-5ABF6C2465D5}.dat

MD5 ff4c5c7094e71eae72151a7a73606a03
SHA1 1e413e477b2ae088ab95da42c08c3d90874f2f0a
SHA256 651082303fdd3036329bb74a6227d22cac8fad9ec34b9f65608f67fc8b7cfb48
SHA512 49c43bf72d972af0ce6261d9e6964cc65b29d6f76ddee6ab53607db28502c5fc82dda5b20f7ff1b11bf9c1884f145d226966d8f7565e453979d2c5e81c4c6b31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar926.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dfd993e54c10036f61dc28f0a0224ef
SHA1 2deb567420a10d55695c1a995148e11e56b225fe
SHA256 51dbba975155f1eda178d68eff636ef0b4a95bbc69ddb231b8d3d93d068deef7
SHA512 028802676f0c5b64231d751d59b7bf590307921030f3d751e8e2eaa9e66d83e047f98327156181f5d86167691fcd20bcc403b6270a63da46f3684fc37f631454

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 4306f73221ea9b620ca0009fff25f412
SHA1 37e061aeaaf0105023de688edf5065f0b551720f
SHA256 1d9682395f85a8f2a1d2b2972cf2e44e5541b7007d2526ba80043209059d8816
SHA512 9a784331922acab4ea6f4ce521594dbe2e42fff7cc28dc98a1c7723be025c237d141ad3aa307beebb655e36dcaeb713cd70b1e92a8a7df1353911d3425eda8af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3cffdf199dee78647e81683bb22281f4
SHA1 634228f3889ebb4d69ae6d02a57d98be2139dae2
SHA256 750e69d9f9266e1ce2a95a5d877597eaf62031fc84a8df1ec4da585a5257d591
SHA512 a3b3693542a1476faa02f44de7463576a4b13c3d583608ba2282e2d7c3891b645f1a4091fac807991e8f041ea8b9ea90db2b77320601661b95b2e823aadfaa91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e43f87addb294fa08afa2eefd79eb7be
SHA1 d581b71edd0ed00f7c122f0d743d36fd1e413b65
SHA256 2cf47411c5ace8f12bd1b96b7338fdcc9b822b398cb3c35b79c394fc20cd7cee
SHA512 9cd7bbc510474e116519b365924d8bf61e297e114149c41b7eab0e38eeb2bcf115a44aed7989225089387fe7d4ee32a73457581599735b61455eeada86f3bd55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4147e264705b63dffd24037cad61d99
SHA1 9dff76e1c2db9502d287e431d59d0cb99aec4d29
SHA256 434c42bd7c2bc4c6a5010b8fee3f3f157f1b2ff453c4089d2138d5940260fd7d
SHA512 8f9ab0c905ff5a139acc5175aca28b8778042b2f32eccc43d68f1698f143bbeda14ac6649885358b43c39e377d5620e5349e94174e93bd2247439739f6b7632b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1c4deaafb1d3d1b56e235900651d9bd
SHA1 7a0f74612f06ed67c6ba6f03d8b81ff267a3be06
SHA256 7ac95290fe3d110562a651ac6b821727584ad69265ac6c950f904aa613ee1646
SHA512 305a5929dbfffe2556ba4dd1abd4d0e5b5775f9a4cad1179cb1b78e632b51a8bb8d963cf8dd528ec360df23cd703f5a17505ea5740217a689add32a06a67361e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50600a1881b1fb5835a98c91fd1b945c
SHA1 bd285cc3c4514c81da324001988eff972034e14f
SHA256 818bed4e7e04ff3fe2068e77cdb75a71850cb247bdf9833a6b0ef355418b4301
SHA512 bca9d57c928301674d7da09804009a596fe5b5579b7961d554bbb31fb67b992b68888f0bc5c02b41a4637cd800ef5d1625be9aaf7b78f09886b7dce4c8c9e8e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7bebcf25b746484a97f7a8f21f2305f7
SHA1 3801f906bfbbcab41979837d3a4122a35324ea41
SHA256 4c4ec5298eac7cb806db09bc9a7c8111d858d91f92eb010e813f3fd862705b53
SHA512 929e92c6bfcf2ba8d207f715741eb9d0e66c7c2aca7459f98b684ad6a25f0ee9bc350b9ab6480fad06efc41ebe296c5dc7e4b2e61a0b28470e233988ffcee712

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e04ff188bd90712958cc5cfc4a647a06
SHA1 d9d32e421214e5112a2a4ebd59a09c2c5621d78b
SHA256 d0e7d73a99cbe94a004b1206a073cb9468c29519a81830673cbd315fdac57901
SHA512 f905470545ea62d5620f89690496a2d4ede0e5aa0d95c749e6fb48e2c7314967f72b5d0a403bbdde334ac91f926bcdb7105605b1339600380ca4d139a9b88543

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1801A0BFF52C676E5F51CA71C5350277

MD5 f8e84864150e55df99bec62372c60e99
SHA1 f77e225c95c2e1d5d29d693431250acdd27e97e4
SHA256 59034626ce73f3a4f50833aca27a67f69e4ecb8706e945502ac3d0ec732770fa
SHA512 173577ada21ca70a12d8660ff711bc6a4b2e58a75b5b3714545343553119f6159cb92f2863d9d2f98876c57272f34e420ab6b04f79a53eb804e176bf03b7c0de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1801A0BFF52C676E5F51CA71C5350277

MD5 79e4a9840d7d3a96d7c04fe2434c892e
SHA1 a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436
SHA256 4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA512 53b444e565183201a61eeb461209b2dc30895eeca487238d15a026735f229a819e5b19cbd7e2fa2768ab2a64f6ebcd9d1e721341c9ed5dd09fc0d5e43d68bca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1e303ce0c749d4cd7e4843b6ea5d8e10
SHA1 635c0495f306c6adb84d92de83b3570fb693e34b
SHA256 e85c4f45db0682f84036655526a793c5be7b69bee4d6190ffc95e63d1bfe18bc
SHA512 db5b5fc344a213664cdbf133b49a18abbc25c8a7554e21362a0e01c4551315118ed6cbc1a012343626c6ba352946ee0ac776418c37637dfaff5ee69bd49e28d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f2056ff54b3e381af9a240b4362c95
SHA1 e8f41d055145e58560b895d7f453f79275efde39
SHA256 1486c206f73976a1a9ec15d9900997db30a8fa9841a817e844cb9003b2aa41da
SHA512 b4e1d10bed7f9c441b693d8bcdecbfa8985dd2d885e5e40adc39642ae58afc2d9bca28beef2f22dd53d54a600f2ab762ab466bfb8595ef4760ada21fee21c89e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d984ccd120ebf84368e82e814f20963
SHA1 06d395c955fce49cec6a3f960f56fcffa47ad1da
SHA256 59c9bc5ae2f3a4aa2d89af6051803c06ff1e17d0bcf8a03e4fb7ea8d1bea7abb
SHA512 b4749f3957329c291b59191f17de32342e33cb249b3326f87ae4d7fe1abe950beba3751a89f5e9ab65f64f1dd90873118017802d27402518e275608abc85ca9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 652d7b4b5f2b12c2d1eaaf2fc61a7006
SHA1 2f18e67c8016895b054e4db0dcf4bfa894e7ab5f
SHA256 e8be07bb8ab6b80d863e1d049309db9da8d7685f837690e05f00455cec789305
SHA512 f6792fc69dacbb4bec307f89a8eeb66558a017984a09b496a0e9a0b6d6c9c32f10fc7af758abb9e3f97758c76a1bd6a1bf2696b66854db5615e5dc8dc421d78f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 33cc5a4c250ba943cfd26332c97c59a9
SHA1 fb29f2b9d1c55c15ed2c393d9d70ac6977f17d3e
SHA256 328f446b636f0bb2b29d389ea657555b1377b228479ce58e72eb775e1a5e3bb6
SHA512 f93eb80515b0a1143b750d5af2649d28648c2819eae0ad4977c4106cd7b9b304ae645aab9f8b48092811ddb74ef39d9fcb1a5a3de3cdb6a15a19373d51d36285

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 b99733d4d7c7d8f43626704e6ab1c389
SHA1 00140047953dc5f7bb2dfecaacdd74c483f77399
SHA256 2e9c660f6093ac88059cbae12ff2ddb9dc460b1afd3caaa2e4fd1ee3e15267dc
SHA512 7ccf67ecafc7765dea0d9834ae67af19ecaeb00450f5cabcabab6d9fa9768ad7617a096e268900b44ee16ce8c6ba0986a01ff5c84a14ee07e49f1858a6f43aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d4540357bf31589b062c94e26a55982f
SHA1 b45001cf6ca00cdd09224a5d21011d9e14c846d2
SHA256 48e990c30e14876b74000e0acd6dc70526fc82b75e819671d9618ce9e5237db3
SHA512 03b96e1e995afc9b29519719ead9e0fff9939b27924561f6f01029b8b3e31a8a70498d71372bf12cc702b83480d3e9c302a220fc171fee809971638315434cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 87b0614aa71a950ec40a57fcfb2cd955
SHA1 52bb2c0f6b7d97b4809faca34bb7bdd0e21c792a
SHA256 4d0998555ac3edf8b24db96cb2b22fd5c627cff7feb10371c266840ea82b3051
SHA512 356d00a836d3ea240460d00bb1b6d963b85b884ce29fc9e9dcf9a87b8bdb90d23af34f4e93caff159c66c55defe90a4187ef36acf0baa39ef899d38ab1dd3319

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWFFZTDI\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 ea15d8c82157df77f156eca77c100513
SHA1 c518575c2f733b09fc37f99d2ddd8243406de1a1
SHA256 bb224f84fe8052a27ba4ed53f20dfc2ca13356ab09b0e0998ee6e7b603ba6c3d
SHA512 29c5a0668a92039b6074cedd9cb62638c0f9694153a969ce5c673901adacebae32a03c270db224e98bb0d7c4280b9d1cc5f0f6824586739521549ec0206e3b4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NEPAIWV\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WV8OWVT4.txt

MD5 635c5c7a2665786a9411b099e8d821f9
SHA1 f5bb06dd6aaa9b0945f67ad1014052af11dd3935
SHA256 1b3307c338c4b17d8df52ce5fd654f7041993f7a5dc3f3e4bce0b8de65ac0845
SHA512 fdc83028e32d29e296b525537d75dc998a769f4bd8dd67732daf6e152e985e3bab62e8ad0ce7fd26f413f585cbcdd7f6f55f82f5d2c7b0947f764d74155a2783

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U1JUCENU\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 b7f320e02973000d4eeeccaaef1cbd3d
SHA1 910b74fab25d3cfe0f99743fb0789a3e95f510ef
SHA256 46fddc114109927469fa0ef2643b868b7952bf47441a21f73c270d53445166fb
SHA512 395b0c91e2c8b41bca8863502c50c11f0124e49ffec3fbfb1fc1e0ac9a5bbaee5ae426eb7b62d36419b0e9bf34a230eb3acd8e602260d75949b8f58bde0f50d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 01482a4ef25fc21f7d35b913b217a0f2
SHA1 d154ccaab5f7002998d02272cb0023aae3efabb4
SHA256 2913f53e013b9d2fec327102bf0524fe53a4268482c305e0e8cc92767063030d
SHA512 bc146bac884cdf95978ad4120ec39edad896ac0ec15583834904d7e42da5bba94095a2382a454a932bed13dca3298e4ee68450f31d5becd09bb5443e92037ef7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBYGYUGA\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 ada832e76ef4d5803423b4d5aa54e8eb
SHA1 7bd85eaf2330c646cd753685fb082e8aaa1c14f6
SHA256 564aa717d827e0b56e52dc45907a14e44e03ddec8a63dcad7edde6e6a8135394
SHA512 bf7f5b18f13ff5004630225fd6bbf2c675bcbbe3d67023c8195f5c129d97cae2aea44ef547677ef68911db0ebbc6ffb451dd4a2cf482a084624d02e2e48821a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWFFZTDI\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3fb17716544de6edafe341b029ba1b4
SHA1 5d6753e92ec4b9af47b6cc3214b67af96f382d13
SHA256 24b88c9953d89b7917da7cc962a8dba7208b25de657b4f22a0006e920fb0ac1a
SHA512 1799e294c78b36abd83d4c60bb94497208f5973df261f3cf6508950118eb59c7f48b4669a399839836c5f24db95429083c56bd71845393ddb25b49b1bd6987be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4d0c95c1c07950bde280a0fec95723e
SHA1 e5bdaa8425a8feae6f0015b5059529e676017d1c
SHA256 765d162fb8bdf3037e1006247d61ef758e6a6891c844a99a665d8c56008f00b9
SHA512 052bfbc4baddaceba22e709d4e3e311c5200aeeeaed8d221c34395af02fc128f52d1c9cc894a025eba59423780b26dd3795ddfa3be44dc4c944634a025d4f5b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcd07419a0635c9060fe7d7393c57d71
SHA1 457e2d119be0d03de62d342e8d5248b1819b8ee0
SHA256 be217d49238a3fc757e5393302f60f84e1eef94e70ddedacb850fa015eaaae28
SHA512 9f28fd3041deec2351bba051a61e880674156f40b2f64838e813e17ed9457d575b8b489bfe2295ce812eeaa94b0e448bcc0af6624ce3b7d0039058e15afc85d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd713c003ce014f0114dded065733f40
SHA1 ec5b13ef7adbeaf41015ce713b49d53db4f2a9e3
SHA256 d663289623cd8e0d314a775e7f72c545967b1ac5760e32a6c31d304ac92aba7c
SHA512 d8ac16dc7ac4ce7a6b02c1a72f0f21ad66ce4aab8cc83c827c92459d2a363cbf3ad1b04c6d8c025982850fe22e53bab41e1f364d2cb2f37b0d6bc69ba87b2676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68e8246289bfd1891723497cc0a93c62
SHA1 445d3cc59694cd4b32bc9150b265eebdbeb95dd7
SHA256 49b35178cb3cfaa3021ab7f433dfbb8a1f44b47034231b812bef407509d1053b
SHA512 d29b96e1d4bd07cde05851bfbffef575a9d5735d50519dd8fcc012e439044eff239f4f95853d0ac049781fc025149029a807da882f3c68f3f88f7bcd2d1401e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7103a3e452045229f3008f96a6fecf66
SHA1 5837b17beb23960bad8fc2a2abeeb947611eeb07
SHA256 3375a1dbd7cd0508a0fdf7541977404cf3694dc58d7962e73ece79ef99b80112
SHA512 59b1d56d4cf1984572aeed0df82e3b0613d6b4a572925f079806382fa7ab60cbda7b9081c7257a26ae7b4623e5f6001315ea6a98aef09029374a23e7b8540f8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab6d1ecb7a2b4ed3d3e55d4d2907b871
SHA1 b5e3deb9621e7a54846dcf292f46a4e9c423be32
SHA256 ce7eef1a1aa8f0c5383c76aeeeee52119295d97848960c2389f6b362e4bd42d7
SHA512 07831ebf03e8913d205847fc7b7895b867ca691245f4ec2110879fbf437830f9aa2abb42bb6c033ddd79255a704bf0fb130a130d6672babbe18083691c046a12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c63716c7b627d4aa771baa4145f6f41a
SHA1 d6c3f40e1ecd9f7986273e51426d8bd1ff541bc6
SHA256 fdb7308945697840295422435b054f9968647eb07451bc3f09d29cb105d48dfd
SHA512 f1895685774159b523a2233378640b4f7a999703f32d8b0714d683e03c0f7e6062fb71b76dde16af8d65f0b1a62d781466e6a8ecd980e5a06c07b141d41eea20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ca0101cef1630ba634f4fc74e6470a80
SHA1 e9fca8e3820604bdbfb22d15ace7bdc7a0ddbd30
SHA256 570e8542fe762342ab7d963cbd48f10803fda1c7a515e07b2a80d6d7103e0752
SHA512 8ab4f5cea74ccb2daf107f6e100b4d47121ad0920e167fe2a92928b6b4c190bd7672e9aa77d9e7a3680cb23aa65ef3f0851cfba2d5fdc5c9cc2f64ecc00a2346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a48ab7ae85b7c9bb4dca5585cfa21799
SHA1 5cd6a8a45757faa9ee01883e0867003f5eabd205
SHA256 8d6895cab1c1e4d8fd9789cec0a86b4246e4192849efe3350c65db058a2c3b70
SHA512 e40e5471f7c5063506ec063f3c1645b8f6f8a40071ffd99483165eb1b10cb97f306e8a791a59159b69f19f9c96bb2f99c81fb6ca7ea29e6f6ab0ac42d3f88bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a867d34486d61c20b78b94c507659a
SHA1 4a035498042c56f134ba8f8b9fdfc0412499c4ab
SHA256 c432e641b99e00bf04a2e019a51cd1505d8afb62d6a035b3ef396f67ce30956e
SHA512 efe77a1c7a645fbfdfaa3960412bfaebd8cd9077352e828c775ac1aabf963a948a2c3f4a9a8a9f5f28b6b6b47fd2b8b4acf21c0dcaf3aa4e537c215f64e9437c

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2900-1134-0x0000000000600000-0x0000000000601000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1732_CPQIJOYZECIMWYWQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\aea1ed6b-ae07-4ab8-ab1d-85a3f8be4af3.tmp

MD5 b58bdcbdeb6ea8bce611030ff949501e
SHA1 e77bbbe299e49eb07ff15e29ff36fdd6dfe1ae42
SHA256 b9cef39f4e59b64c904db14c427453ee5fa33169b30a76bbb5137f4478c29a47
SHA512 e18dc86e7d2ce5732f6a0f0f1a0c32b10ddab32455b8df22da8858a9e5242718461edb19eca257d5029a00ded81f8cdc23d548c430d19cdedee9223403040ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 75c46a9adab316365a607028e98b7c15
SHA1 09babe6e69f80c5f1a88b2079dd3fd388fcbd6c2
SHA256 5235ca29dfe36a019839c40a39759e8fbd94ad5d49fa4666ec8ef94eb53f3708
SHA512 cf3f23778279b0e0c9973147660b08707beba4dd3ab102a40f4938f39dfe5b6a53858f53fee3992c90a954cd1bf032343d55db4fb3924a49e7cfcb3e567fa75b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 37f5651a9cc85a9e4fb18de9048886d9
SHA1 fef68facda4ddecd46ab2a4f71e3af125c114eca
SHA256 0d6b3fde34fb6702abf8d9b6f92b5144667bce47fe6c2fe46dee6aa64ec8b86b
SHA512 5b63dc535d65e46aa53e4c50023b31dbcc23d1b7b40ee892e08d99fa63daeb2e59adf0a5d3c36c56c245ad1ad9bc34aa8efd002ec5fecf52dfd5cf88701db605

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\c746d60d-ccbc-4527-9b89-196daefa45bd

MD5 ba126c8210fbf765b6b60070eb04f336
SHA1 273ecadec6279ec81195f4b2f486fdde8667f533
SHA256 b8ec7714a51ae73f51451208ff928802b48a5439dc77fd0d9d8cc7bc868a48b9
SHA512 dc60be2feff127a9c60f0478df16c64f69b6f7a4ed6364c0f6b4b9de988be0ec85fa90b87a8fa87909900e145e71fd4244b43760b6a7e22d7eb2cc7d95a99696

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\35dc4979-afe1-49df-8430-ecf1ae21fa3e

MD5 4d4cfbb725170cc9a62e1dcfe62ecfd2
SHA1 e7a9815513a82f7ae727ecd60e26d64a190b3c8a
SHA256 1850846298e1c93dcba7d17cb060a43a8717a6fdee0e83f1b023256e98d3fa48
SHA512 748ccb6e46cbf8bac4d9f5285b811fbd21f2c25b55ddaca3478cca0b825b708d001c6986a84b7d4c9525d5ac1d76f8c0e4a73b143946d8286da80d71b1079875

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 e643fe4d06ca738dd4696b404d039a78
SHA1 7995ee7bdf42aa42a49b3db91874bf0bdc4f396b
SHA256 6c3fb33e40642635ca22ae2543f0d456c862df60d65ddacb26ec48133d426817
SHA512 62c441ce6e309faa36a6e0b22089f5f262979fbc1fc4ff455fb29043b7a22c123b8d822999bd7ccbdba18e71e913add07089929d20223810b6eb3cf3d27a4db7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 f90cd75e3af09b8106f150adc9b8b09e
SHA1 5f7486a37d828188cda58b21093260bd55330e8e
SHA256 cfd5d40e62f614f5061927086600cd25717e48f60051a3d935f980bdc918c2e0
SHA512 1dbc46fe97365820fec6d46c5dd95cc1e9f7b1a73c9541ffab69d108e0a5cafc2ce235887836b23d01377b1b33477a5006be22278b1b74f7b9e6750f3d28542d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{67f239be-5cdd-4003-8642-97a66693fed2}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf768391.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11af6dc5ce89ccaded41cfad4f5b2a55
SHA1 49a97e748c32e409e48cd4883ec71f9b1517e0ff
SHA256 7266062368ed9a40def8ce56910b2df687a63c7a0efe65313076014aa6608ec6
SHA512 fdaa9981816cffb0816756805b260310a64ed13df0c67e480711a4194b860ae6c30477c0ed52ae709456bb8c7df006d1d41a9cb52a16673eecc726f08734c835

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\idb\1174674260yCt7-%iCt7-%rce0s7p0o.sqlite

MD5 144ee4cd6d5764baab50061e1af60b6d
SHA1 45439cacfb2e6a3cf09923237c8ec844892de0c2
SHA256 96b46686876decb7ac0514660727f4647721f9dcfb00628f2304d701df40c080
SHA512 975b0e9b390db01ab8bda5601e1562eedf01e98e1caf74c4353fc7a3c922d12a3d85fd69a7bbeaa574ea9218451be0dff5f27638f9588845f18c327716a99bdb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 72ae951592b0fb3e8341d7780e013974
SHA1 b2dca4788705697b323e8002eb84f5bd36a72fab
SHA256 02fde68a2949e82dc164465a5ab62cea63ce6f02e89953ca43ce7656a99b4636
SHA512 f23b5bae04b2dfa3d3a597bc20a45e8e717ef41d245956d9817f54231b892d414da809396ce80aa6892b65d81710ceb5a09dac2af3786514db29456c444ffc42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1732_1497867789\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bde8bd2e3c9e80f98c1d87ae4397819e
SHA1 1b52419a4f87718ea64321d0a8e36184c67121a3
SHA256 893b5715498cbdbf334c58de924b2412cc4c0fca9ddbe057cb4b54de23a7aa3a
SHA512 90c04369deb356e00c948f462627817b504d6600ff0f00ce36a914dfd69d5e78689d4ee298995d32068f41a116110be28eb6ba20344ef482b50ae6231ef9475e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 0dd1c08e678d47f8fda389543e3fb5e5
SHA1 804869c1b52f37e2fe98d9e7c9be8686a4cc955c
SHA256 e21965ce6cc62a679aeb870b3a771e014bf746b56c5c9f4c94e0e0ca29531dd5
SHA512 df7c3f4c62ae3c169fce4d8bbf73573880ada9a11e92162769150907e816b45ef08867c7cbdcce0a0d9e1b15871c407d2b941381701ba74b6b2d9f47365b3f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 23761792149f15e4e249fa7ed58d3f3a
SHA1 3d9718f0bfe94055b4f48d493102634e716b1204
SHA256 d83f890a5119311dfde5dd631500d0b3d49fa1d52991e64f8b02a2535b2ecfb7
SHA512 b26b37c241f14b9c442b88e6cae1cc94f2a916b3eebb5e6c73e302de8d96380d1b799246c0baca0c62258f697639e2eaf26ce2dfdd6d62de1c6ba2b7793b7179

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 51ec7b7f8b1bd5d7cd01b19d6cb58a8b
SHA1 1dcbf6bccc75f81fb7e508f9c255293cbd29ca57
SHA256 a634176c82d240c8ebacf3ca39c296855442ab9d0a28b34e71f6339ab3d7dfe0
SHA512 8c9a80788199a721ec82605bc268eeae44d4de5a696a4426144573c96dcabd133e75203767472369079aa7567350059bc7488a3fcfadf9e8c3a77d785338c317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3ac8ba48e1b14c466583da4db08f5b0
SHA1 16c18ccab1d6b07fadb7553c4a084625e5c57ecd
SHA256 4b6e63c78006fe83b3e3c0f117be3c3484a20856048c1a47cf665175753bbcb9
SHA512 866f79a8314c59f942e0fe623daad82775c82d9ece07617b3fa2b7e4413c99ebf80a1517fc2a587b2ec5cc04558e4f73788bf5fb102ff2926b13a564db64a061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2440e7f884f0fa52f032e90df36a574
SHA1 ef69ef20cf55add7b0a97c2690bd82bef2f1164b
SHA256 8a1ea07c6f9de30a9ce3ad29a18bea18ccafffd82835201616660796e6b32fe2
SHA512 951136eb04bb776b0b2b3c27d375483f3253dedc8af0570230d33c0063f73f11acd8555ff8ee8d622f77fa3beb565558053445b419dbd0fbb337d1e507de7b51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2513a52547c24d1804a643a498b6dacd
SHA1 a31c348020df55351da4378ba8a66187b84964d8
SHA256 4b7da73d07ba0cfaadaf63ed69086ed25d043df8f41b90226ca02be48e2c3a06
SHA512 202a84ccedf42a77a92d2a4a2c8c309aad78a3dd56849d694956dfbbbee7a3c9d5912a6ca59de74ae04fd1ec95da0d4d9be204b7b21d891d06be8b7e6858ca8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8f20f425ffb88832b4413554d4fd72c
SHA1 2fedd83423311b7da348c8f9ad6456261e01ad12
SHA256 78e259cf7d22b1bc08b94fbc3b652ba320a2b33520936a03abeb386134e8f9d5
SHA512 ee6e5a6c9cad3c167cb107e6878ec2217905fa3a77cb4897fdb6656332282def7c3e2a4a5e8ecc0c79319ab5be9554e7108bf992cf15fe488beaa07889f9e697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c85101aae16ca3de5ea13dc2c7b415a2
SHA1 61882133f48640e95c492c386e371446f0f636a7
SHA256 6eb68d76a9b2823cea9908203846935a442343303a5de7e3c470a2d5a1357ea0
SHA512 e975d51976bd25a23df6bd09b8160f23b6a90f79066043d5499a1bcd9beeea9f177831e075b549da20a5972a00baaf71cf0861b752adb8109016cce1636ee9d1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d897c698da4a104a6b1a4bba2315967f
SHA1 45791023092eb9c35572c1ce9283b51180cea8e5
SHA256 d02a7d959215a8e382cc083065ecf2323eb233ba2064157293f0e9d838c4f675
SHA512 b6f96e79186b2e15f45cbd68ba8d8392002dd81bfeb79898454a92c74185654bb191635cf2c29b1c46877fe058ee3dc256bb3fade37c82b4b1852f3f16cdbc07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8588cade98fb9f8c86687a29774a6214
SHA1 2a18e64e9e27af7fe30f1d911165192e37aa0c58
SHA256 1ed62a7b8d503347e1b8f63a9543b60970408ccdd9115ceded52050752297392
SHA512 a0db705d7e5c1e6f8af59b9ff0edf7b13b466634ee727e7a9c9d7067bc6f004afdd0744c2a2efb0d215bbdf4b974831a9368fb9911a6abff3d08a6b3fb3fd265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d89f36506a2580debd25dde1edeec29
SHA1 6999e10b545b056ad8ff0ca6e29ceb8e1630b1e0
SHA256 b98f312da7b577c760e800d20b86a16fabbfb050b18e5aeb75398a3e289916f2
SHA512 cbd70688e55a621d76acba0fd40f0ed9a158f67e46252d9130db5beed0f290ad6976000ad733e9941c75110c7fbe3525a06e349be59fe47abebd507e64a615fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d95255e1-6f90-4565-a640-88d85dd83634.tmp

MD5 6c86c6ea05640f13de0a9a122fd2fe0a
SHA1 28e97acb1a1cbde5be4c368facd252f4d4aa9792
SHA256 b13ecfe6055145920c3f4be1d88345821de43a09144b69b903a5f4119601934b
SHA512 5dc058df4c30339748b409a23d8941a51aa534a1419b56ebad4dbf2dceec0240f87fc7bfce9c23f862ac3c761c245fdb52261aa63fd15b69ebe65a7b6b4bdcf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13f860b562ff05cbbdbc2182dfffa04e
SHA1 1a78995f29ea33cf9f51029675cc09ba03996afa
SHA256 f9f0014b21eabfe6f2c3e3e124b73665aec052bfd1c663db8899653ea84e2b33
SHA512 b5ed76e108fdc8a2bc4c6dc530f312fab6cf0dc06dedf9571afe9b10c4f91e71b5b603e323fcb071609af4658f91cd4dec0e7f32dccd6b886279fd6ae4c0af63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 4e76ea72c69127af968c9f33a18f8e97
SHA1 d12dc5fa6465dbb8edd46a1b70f9dcdde07fb787
SHA256 dfc04471b310af03a1dc90eb616d1481a2a4b4881be22895a2840475923a6ddc
SHA512 30ba6d4a0a1a223b0e8a2e2ad3aa7621fef1526b217c495503ed5491d40e99b8a5f550abadbe4d24ea7c9456edeb42a951a175b3f501ec2c41261cc53484000f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5faf1c4f6394f94888dc4e8908fe9eb0
SHA1 440b7c2388efec929ba422d44a59bfc36d75fbcf
SHA256 1c645d05e818f82fad41326814adcc3745531cba3f54d5ab394c49821a85a203
SHA512 e3c428f28f55309718cf026ff3e325b90b1a3e494afa37e1492626703d7fc8cb1778fd8da08c9654e657c3a0bbf412e86c7fe3be83c9639524f07223604b6364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 edceecec67be58a4c6506dfed2458b4a
SHA1 b3015865a186e0ab969d9c1ea10029e23a04c691
SHA256 6e6b199e0bd6074417f260f940d76543c503befdddc045893b68c649cd22f73a
SHA512 97e4784ae4954deab15773492835cc0048138e9ebf8ae70812092d258209d139451b22a92f69364b333a6cd9c9d047a347abac504ab3ada4578c1a6cbb1fefb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8d3386509503a450da501004ea6af0c8
SHA1 f3c2395df34e0874fbb437c4225763273f3deec4
SHA256 448ca72f193a4c25651dbea02e1783a21e57fb22bf9e2f50fc10e53833c68a83
SHA512 580e15dee7e1ea836d82089b4b30011de04ca19463faedfd4507e65e2acaae10c7e4708eaebd39040c69d7c91c92f197344955ecb3ad43db6aec5f5aaf721b6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58f1e47aef24c85a8a1cb1ddf76a7bf6
SHA1 5ef78d0f4fde2a487d57d73d61077bbbdbb42a5d
SHA256 b960254cedc4ef7651e7bcd15059ab2f2cd8e5384df99ba84c9c06bd85dae9c9
SHA512 273d764252e0803e8973216ee9822226f0674fae1836c313698b94e3e3252321bfdf57a3b2d021e54985814b6df6875b5a301845ad50795b9d0b34434870e9d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19efe5560e435a953b9a26bfa1fcbb69
SHA1 4f9cd95d9573fb69808b7dc9fd5194b6f1a3c53d
SHA256 555beb86fdb584e3d2843137165009ae76fe9ad3e2f74551bc71edb2d2d45cdd
SHA512 8e39f1fc5e3b708b798c905e69f0c34a469205cf882b3ab78b7ff08e6293ba9759f9653fd11de409f213ea29ff3fc22d1ae6eb9ed83e410de8b91a9b43e93b65

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b04d3bb50df66d75b832fde4511ec212
SHA1 fab323154078e64cf85488acfa7a349eeadcb585
SHA256 ec7251dc6e16604621631a560c480e15c0a8dd71aedcf554e4fa0fe2ab9b0e09
SHA512 7183452599bcfa1fb3ea13f0cfd6f3fd9feb9110cef7e4251128b54038959baeacc9a3540f29ee284ebf3732dcc6be72ee627f80e6d2398895b19848aed391f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc50b31e9af6d6570f1c7fefa5e16121
SHA1 a5de3c9f942beccbfdc062ac4a06ad8416b2aabd
SHA256 c30562034e9dd9a49a127eee8fabc9e2d4c524c14bc9484f7ec0f2a5864fa5ab
SHA512 2e6fcdb09c9e4d195429e9bc53c5fd2b757ee45a2a0eb668ea74e345bd5ffb770e7d69abfc31e3c19c9c2c5dc6c9792ac701b369bba82487545d6f59b4ef39f2

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-15 04:48

Reported

2024-02-15 04:53

Platform

win10-20240214-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1ca69a53ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414786103" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b014de48ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9fc3c161ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 8 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4968 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 408 wrote to memory of 4568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2088 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 4416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 4416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4392 wrote to memory of 2708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4392 wrote to memory of 2708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 460 wrote to memory of 952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3004 wrote to memory of 5128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3004 wrote to memory of 5128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3004 wrote to memory of 5128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3004 wrote to memory of 5128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3004 wrote to memory of 5128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe

"C:\Users\Admin\AppData\Local\Temp\3dd225a6b9d45f5598b987747f4dced0f3957a21889a3457bbeef8fb4b0f0105.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa22589758,0x7ffa22589768,0x7ffa22589778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffa22589758,0x7ffa22589768,0x7ffa22589778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa22589758,0x7ffa22589768,0x7ffa22589778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.0.1618971649\1409416247" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1648 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {737e8dc1-6723-488b-ae72-06ebaa236302} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 1816 283bc0d7858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.1.95643133\736948939" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9487e332-9f9a-4b5a-8c4d-9eb1c0def8bf} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 2208 283bbfe4458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.2.2128914660\1817839035" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2824 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a90f61a7-bb9b-477b-8fd5-8e27d3388e21} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 2836 283c02d1458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.3.933284649\1880039680" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3472 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f677f06-18bc-41ac-914f-ec3e7f504b75} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 3496 283b105ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.6.2073084206\1779960766" -childID 5 -isForBrowser -prefsHandle 4772 -prefMapHandle 5000 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b6bc18e-dc7f-4669-8fb1-a28baff73199} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4992 283c29a2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.5.812600938\1965235840" -childID 4 -isForBrowser -prefsHandle 4776 -prefMapHandle 4780 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66666fa-17ac-4f61-b34f-a0284bee87b6} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4788 283c29a2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.4.1536004374\1752434106" -childID 3 -isForBrowser -prefsHandle 4636 -prefMapHandle 4640 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66e3f389-b3e0-4175-ae55-2f158c77aee8} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4656 283c29a1658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.8.947019384\1891926551" -childID 7 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19f6cb2b-288d-4f85-a46a-27985c5a37af} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5536 283c202ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.7.821760260\1251142471" -childID 6 -isForBrowser -prefsHandle 4840 -prefMapHandle 5372 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4263036b-8ba3-42a8-bd75-3b9f2476de1d} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5332 283c202e258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3540 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3684 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1832,i,5353814921384382242,2058854667182851555,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1832,i,5353814921384382242,2058854667182851555,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1864,i,2826687343115210483,16657889131698880358,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1864,i,2826687343115210483,16657889131698880358,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4644 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4616 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3804 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1708 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.9.1832133333\1279078021" -parentBuildID 20221007134813 -prefsHandle 5988 -prefMapHandle 5992 -prefsLen 27380 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8197e46-e755-41fa-8f95-3bd99beb8382} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6004 283bd78ab58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.10.944338468\358061264" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5408 -prefMapHandle 4256 -prefsLen 27380 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e41a36-61f1-4bf6-a239-da885e6dae32} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6020 283bf162f58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.11.47988315\98893060" -childID 8 -isForBrowser -prefsHandle 6188 -prefMapHandle 6168 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ecaa916-2cc2-4c1d-8474-cb0d2a9e07a0} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6196 283c03e4e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1012 --field-trial-handle=1860,i,3820033817739413943,18326821103673316059,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.licdn.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:50948 tcp
N/A 127.0.0.1:50974 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c76.gcp.gvt2.com udp
SA 34.1.52.129:443 e2c76.gcp.gvt2.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 129.52.1.34.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
DE 142.250.184.227:443 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 216.239.34.117:443 beacons2.gvt2.com tcp
US 216.239.34.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 117.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp

Files

memory/2556-0-0x00000255E4620000-0x00000255E4630000-memory.dmp

memory/2556-16-0x00000255E4F00000-0x00000255E4F10000-memory.dmp

memory/2556-35-0x00000255E4910000-0x00000255E4912000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XI4YFT7I.cookie

MD5 11ad302a11835b203dd8f1d0fe43a077
SHA1 b4610cea47e30cf0d489cedb90a5b1bb38b84c54
SHA256 4084e912727d29c2483f8cacc67273df4eab2453e8b0039d5d4f273bd8eb2993
SHA512 730e9a16fcfed59b611810577203e75ad3f9e3915bbc4d39e8648a15f0a3e35ab3e963f77578f20ed6cf4a9b4960a90716157268d594b94961823cd6560e6a43

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O640W5MM.cookie

MD5 7106829d19f4066e94517b1c6ce9e965
SHA1 4999bbd61362c9bc8594419c5487a2e98d57d15c
SHA256 feae73c3f764f238a0b82656ad0eacb08489c21e21af57866241abc5b266ffbd
SHA512 6a79a2b2e8132e71d16531db90c346da41a224d320c415228e326229f02071d3dfa0e7c8c1b64d4193eda4198c93d4078a5b377fa19614008bac52b2e6cb5408

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9f11f679eedfa7d8393f8983ecf593f5
SHA1 088e544ba1d2e7d41999ad5da927cee9e7abbef5
SHA256 3734373443799191fadf5461564bda6ed795e37089471d45271eb7101d7f443e
SHA512 ad5cba28c1be4d5da459e569176be40cb60466fe3f8187b3eae0bc5f3de9256ab4c11f3e825cda9ae1ea8ff83d4abadbb49e4e7483bf0ed5c538ca1220cda22d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 05cd1bddce7a9e37f7fa208e22be5a7a
SHA1 ed426db99d4d833f174ff10cc00687866616b0a0
SHA256 6adc9f6d80fd680a43dd8660fb0cd2d73082d774fe57764c3033ec0100002621
SHA512 67cc9a50ed7f044854a94888399b95d6446917a0f186bc697f3b26f1ae70e768c63cc4860cadcd0c90bec0692a41f2616eb2181f486e34cdec51c60a744cc776

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\78ZFW1NO.cookie

MD5 bf60ea1a4fa9fb1a3dd2a608146ca8c6
SHA1 69e0b1190c28635ccf1ed9e6d70780f5f41086a7
SHA256 53f0ede3eefc155d16eacad9965eb767f9ee8f337a7ef9a7d1858f31d46a9e67
SHA512 d9f09b716373f19fb9fcc5e783d2a057df01322b587749142563f7bd2dfdb2e71432a3d72c80e56047ab86feacfbdb07c518f5b2cec255cf0774fcc2e0343fed

memory/8-144-0x00000296D29F0000-0x00000296D2A10000-memory.dmp

memory/8-146-0x00000296D2F80000-0x00000296D3080000-memory.dmp

memory/348-158-0x000001ADED4E0000-0x000001ADED500000-memory.dmp

memory/348-182-0x000001ADEC8C0000-0x000001ADEC8E0000-memory.dmp

memory/4968-207-0x0000019E58180000-0x0000019E581A0000-memory.dmp

memory/8-211-0x00000297D38C0000-0x00000297D38E0000-memory.dmp

memory/8-224-0x00000297D3E00000-0x00000297D3E02000-memory.dmp

memory/8-232-0x00000297D3E20000-0x00000297D3E22000-memory.dmp

memory/4968-234-0x0000019E583D0000-0x0000019E583D2000-memory.dmp

memory/4968-241-0x0000019E58450000-0x0000019E58452000-memory.dmp

memory/4968-250-0x0000019E58FB0000-0x0000019E58FB2000-memory.dmp

memory/8-252-0x00000297D3F90000-0x00000297D3F92000-memory.dmp

memory/4968-254-0x0000019E58FF0000-0x0000019E58FF2000-memory.dmp

memory/8-258-0x00000297D3FB0000-0x00000297D3FB2000-memory.dmp

memory/4968-265-0x0000019E596B0000-0x0000019E596B2000-memory.dmp

memory/4968-268-0x0000019E596D0000-0x0000019E596D2000-memory.dmp

memory/8-267-0x00000297D3FC0000-0x00000297D3FC2000-memory.dmp

memory/4968-276-0x0000019E596E0000-0x0000019E596E2000-memory.dmp

memory/4968-280-0x0000019E596F0000-0x0000019E596F2000-memory.dmp

memory/2556-303-0x00000255EAEF0000-0x00000255EAEF1000-memory.dmp

memory/2556-305-0x00000255EB200000-0x00000255EB201000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q72796FK\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 325f6e65cbb9905aafbf3c26736a30ac
SHA1 987941da0cd1f028da8f17e0e4a8f3c77f539edc
SHA256 48e75cf6403cca7bedaa8513cb3e742d55085512dd7471fc8ef6523620873df6
SHA512 7e48775ccfd2df17caa0dd85401faa283eb1011292f38e4bdf0355b1318eb9c5dd91914707f56720ed873611b7bff325b8b062460aa4278013d696472304c96b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DWDCIOCL.cookie

MD5 fe8baad87db54a657c90b406d2e6d46e
SHA1 b2b54c7212cc2291d11e2fca8ffb176a91167bdd
SHA256 880cf4fcab1ae7d2d567e02627cab17ee8512843293b329ce66b6727b0501ac1
SHA512 a78dd812ac9efa897a1ea1a974e5cf785ff4b38967c4afbc947937a5262821fb37bd8e1e754d43c141cb22a8de2db8616632d7c8b172442f9a8dac008dce950d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 ecfaf64c2bd77327aef14b288044c674
SHA1 aaaa761f06b1dd2985ac5c1fc0ed5a41b08cfc04
SHA256 7cf374cf6b3a4c186da6d8a1614fab0abff1aa9e4243dfc4f3309b5b4bf74fdb
SHA512 035fd63fc4fd6270d76dafa8f256b72d47efa5f84a841853ce6fb8ba236f00c0edf0b661a8222db230f06c9a2484b878ca563346708f0bf06e4c3e9db89594db

memory/4968-412-0x0000019E5E2A0000-0x0000019E5E2C0000-memory.dmp

memory/4968-414-0x0000019E5E2A0000-0x0000019E5E2C0000-memory.dmp

memory/4568-549-0x000001FE8CF00000-0x000001FE8D000000-memory.dmp

memory/4568-566-0x000001FE9E600000-0x000001FE9E700000-memory.dmp

memory/4968-586-0x0000019E476F0000-0x0000019E47700000-memory.dmp

memory/4968-591-0x0000019E476F0000-0x0000019E47700000-memory.dmp

memory/4968-593-0x0000019E476F0000-0x0000019E47700000-memory.dmp

memory/4968-589-0x0000019E476F0000-0x0000019E47700000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TXEEVWL8\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\mfr11xe\imagestore.dat

MD5 c53ca67e7830fd60ac7720727c9721e6
SHA1 57a0e08ae5451f175c3c580e53c059eba615e73f
SHA256 b6c2f7a061cb220a1064d9ca04adff5317fa2bbea7ff21a8385278c03cc898dc
SHA512 f4e61d8241a7b8334ddddea876f025dacf0a98e9943d2bfd0770ad80ac205efef9945bc4424c4224c3ce714a6927271bee0d9c9fe261761a8f94f2b2b52aef4a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HNL2USGR\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 566b92f6faa8aea9812c7f42ff74e21c
SHA1 2c97ba72e29dc18677363b3b9313472780410208
SHA256 de9cdbd6591240e831fb00a74abf35321d7d3bfe74a6d10e5262aeb0d0074669
SHA512 70531d1ad97c1fb79ddf5b68f7826401582dae4fbfca5be5a66f52c947dd87d7c6bc45be06170af8b7b7819ffd1054e27a154b236412f008283db5e8956fedad

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QRUVHSSF\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YPUWBQV2.cookie

MD5 5a7d56f158df2b877a6078a3e535711c
SHA1 7b8a7fb4aeca7e9fbbed7a1d610a68c080030ef0
SHA256 479e5b7f04368fa48355ed3af3e28e39f0eb57dd6b0c82b01f2562259cb9c9ca
SHA512 5941ebe757111eb8956161fea6fe0cac4917ae79406bab57b8ee5dedde72ba8f3c9f37fc97e867c4c34285edead80815ac1ab9cba5fbfe3494d5f3abfbd94fef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ec7e8af369a128b0420805425f5cd9
SHA1 9f179adb5bbf97bd5b8a0744a6b84c3aa135bea0
SHA256 b5a5b8d1cb32f22fe90d7b73fafaf237f34933491ef43e7091257ee585a1fda3
SHA512 f1c86c171524d210450d3de8aad45cc335b6fd1077cd4b73ed8429cd5f04a20350dc83842717e1b3560811df5516968e0d849160e16e04f9137e01ec85036bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\fb63604e-c22b-455b-a527-a108fbbc6562

MD5 056a35fa358f6d443ab335773ccb8017
SHA1 8dc4000934bbe3745de336d7578ee7b12ea9e00d
SHA256 ec27fe9341d88741a85292c552a56bf2953d9f9f9092099dfb124fe058bcc3b6
SHA512 525fa2afbcdcb236c32c591ce0a2d2a04de046bd5dd9a3b42a9aab5602385d8032c0d425df570df7828d3d5ed7252fd89099a38b782edcb7652be7ab4719e3c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\23cf59a9-042e-4076-9dd5-d82cf596e6a3

MD5 d09c7456a17472a4d8474e54e7c82a2e
SHA1 1948d330e7e1f36f60bba9a9c9c07808d657f3ac
SHA256 6da2bebf0c665f6d33eadbd2560b05afe362d745c40a2d2ef16a55d1743118fa
SHA512 5a8b67720d7973c5c93d8c40a61ad7f9e401c0598aa5cd5e53b93f76097ea22f400adeae2b3b38c9ef9639351c740bde675ea5cfbde5cc864dad05d80e38d359

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\db\data.safe.bin

MD5 b5513b0f312fd7832572822073d89129
SHA1 c05751bc24024c64ef34419bb6cfbe1a91fcb0a0
SHA256 9705b40393e38dd8622303b67770142a33273bc9d6443800ae2f91a9900c376b
SHA512 b441fbde172e98daa9cc983b6ff813de49053c88529357ed2e4eb7d0c1f575a6cabc56754861723e3a8d67eb0ae53d1b77a65b0f29b9b4c947af9d0b73d5bd39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

MD5 d609359ec3502f9828d03f2e6d6b478b
SHA1 a87f5933f52572b9ae4addb60363a61a9c6e26c4
SHA256 f70a36f3f7c07ca1e2264f9f364ce930b75a1aa054d6b510ff5890ab9cfc5823
SHA512 295cdc41348bb2826d6248eb0996f944be58f8f329c72e884b1a45a653fdcb042dfe18868f308fb49e48e9640c270c6683916e85836961066fb10fca6c767d76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1DCLZVLO\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ES788XE9\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ES788XE9\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\desktop_polymer[1].js

MD5 25b045b26064f2b932023bd10c939866
SHA1 84b2677fafaa563252bbec75adf9a06da7216be3
SHA256 e948daa8e6c2c747a7a7788e93cb296721d1e5ab2724b29eb41af3cbd8504b5b
SHA512 35a6130c83e05357e145f3779fe1301a4b33121ec127d3d67f044cc66fe5f0be5a77b99c0ee1b905245fb07b2b0a54c0f7e9ffa2cbf5e1b87bd7eaffe9c93640

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\rs=AGKMywFTtniNACXuAWHb4uuD8tqS7DsB1A[1].css

MD5 4aba7e954711eb6b8ca721697050e893
SHA1 3ea057232693aa1727b7929dd47ed2f4175892a7
SHA256 533453667facedf001b50391f4ddb3aa7c00744df246b3e51d63f7187b9e3968
SHA512 93ca33314fe058cbbf4ee70bb6847fa1c53cefdf6606a3e5b4fc4d7eb05ca031b085e919013785fcf4c8404a95edce347a4f926d7ea8a9a878340c2754d22422

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1DCLZVLO\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B0ES0DVZ\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 fe1a88fbbe5ab9a099e108ab16f0ad5b
SHA1 5146fbb8f53185079036482b360a38a882cab323
SHA256 6fbe354315a859b104a49ece794f29b51b630c29fa16acfa82c217afb04f22dd
SHA512 9762995332513a7e436184b2dc64a23c2baaa9da92ca24bfa74e6f902443c18c39d2d6f399cc1c7595b98743a69e2e783f544f7576ec3c8bd5e3f5278834ba18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 9d4dac3aae1414c7079ff4adf142e5e5
SHA1 5c775d9688b00ff0b38d31a5383945ec3565404e
SHA256 c35e9d5635f1d125b86a809b407c7d81050e5a63211a39f6da62fe3249207235
SHA512 aa238f3d93e3705400c75140d3f08836300384fc4052c1333050ed8c30be66c84b65f9ba181c179e35a44c78d75e0f6f1d64bf8ba02848b0011d9a37be9459a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ES788XE9\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ES788XE9\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ES788XE9\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 06d4beab56cbc94983dd22fe29e14b10
SHA1 e041973d3f8b41d90b56e824f618f41470ed7795
SHA256 d0bb55068a9d5c64f3dc1af159c8be143af5c9257541f5c52d0611756d1cfdf8
SHA512 e03ec8e2452bc6fec07e8a96e26fc208893191030093aac9f2e9159dc70166e3232fe9f819343deaea811c5892c3dc0706cc2dfc23e84db8d4e3793274ddfe46

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a99bc4627c98b0eb4ba5d1a405580429
SHA1 3b76e86158d9e55120778cc1fab892d2828f9444
SHA256 49c8faf2a7901f72f35559d3c18ca1383d733d5f9159533a840350f06d94af21
SHA512 57e76c34a3eb4ddd8edfd8b29084957a0079a0207e7537eb2fc08d7ade09738f2d33b849266cb0ac2f95908eee4aa7dd4f2034e73d9654af134f1aec51254364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f9314c5c4a6349927a462e4a201ef77f
SHA1 3244a1a73e8405f05aab9ba407d7a2b389ada827
SHA256 10ec66ccaee88e3753ba188c9c4dce360abe21d5e6114df525195f6d477a4c01
SHA512 704691a6fdd419cbfcf3df87b3d9d8d151b06e0fe8ee505217aacce7949f2cbb7d34e50ad0dc76eac2720100b3bb3acd0d59b7aa3eaa604e9182371f84c290d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab04a0a9cf64cc1aef8744e8861a1822
SHA1 ac368d0ef141a81f0e0693cd7a1649cfed23941a
SHA256 7919137e66f0f45e4c2f4d63906f45001ce0a487f89f5d7d4786c830d4ca7c07
SHA512 c9c5872c4dbba0800f93a34fdac3322f9084396d6c5b4af3b57f32fb02e2d3f8f5e959985ca79e988d52dc3c8272fc1469c30dc7060f11fe05d65fb30100552a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f3f4bb47e076f284a030e60b4b49335
SHA1 91a5105c432f21353bd8bb9bd50059ab7a509711
SHA256 3795306bbfc8f1c91c4fffc23ab7a88e021de2680e85294b5dd41791080e20c6
SHA512 3f68ec5648ed40bc6b50ca98cee59e4ec9109647640898167b00d0e6c372734606dd551ffe297f2e5362f267a24065c166a9499a96a6e9e016fdedec715f0689

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1TLUKOBH\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H5G2UR6E.cookie

MD5 b498c187ec1adcca7379222602402ae0
SHA1 fdf0bcdda2234dd777994a71d3527c6682e63d91
SHA256 ade3c5f1a0d06c1090140c64d86156612202bde7bf6332d012f331350ef633f3
SHA512 8c4af066aefdd394f4834bb03049e14bc7167d00c7d491d17ba4a8d7ee0dc0cb7a1c27cba543d6a7959a23740f53e530e9a1405277a53884c47ea85f973bfacd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 133348edd5bde22224f82d8dbf0176b2
SHA1 87a461305ba848739489d40c6d690071f2a4d2f0
SHA256 b076b537d86c78ee33a11304235f4ba9c05a1ba1bef182183c9e78ce95a936d1
SHA512 d9ac031a3889d67b28aeeb633fabe3ce2709b85b9b8682723375b7973dcaa0482684c16c257f5509f24e338c0af905ffae4fe6dca975c692529bc058ac8b2381

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1DCLZVLO\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1DCLZVLO\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 32f69af4d1f64e2b26085c35135d9f97
SHA1 bc979d4a8fd4a087d89ea55daf816f1b2ac28480
SHA256 1290b906b2e268be75ed86a0476e48ed9874bdb3ac89a8730796639ae5942530
SHA512 fe984df1aaa809648ea8a4c94263580823cc4d58ab2919130855b4c72a8305ce80611e4d1f019508406d41f1c95bb21853c1643ad2c992c1dd850d2fa7a0c5c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b9a3b90619b104e486528d4954e5822
SHA1 4dc3b8f9e83493ea9fc9498dde59b197d8aa6549
SHA256 e3328ce6b14b777ef5f841ab46ce49ad2930fa320751b381103c2dc820cb099f
SHA512 bf3346b370130976169554c6776333679b8fc61c1d98291376d6c7a1a8ada61b86d494907aab01a370a03809d569d72822b08714cbe4d665d1c9b1221f579ac1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6YG2YJMZ\KFOlCnqEu92Fr1MmWUlvBg[1].woff2

MD5 90f0b37f809b546f34189807169e9a76
SHA1 ee8c931951df57cd7b7c8758053c72ebebf22297
SHA256 9dcacf1d025168ee2f84aaf40bad826f08b43c94db12eb59dbe2a06a3e98bfb2
SHA512 bd5ff2334a74edb6a68a394096d9ae01bd744d799a49b33e1fd95176cbec8b40d8e19f24b9f424f43b5053f11b8dd50b488bffedd5b04edbaa160756dd1c7628

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\R8SMK8RR.cookie

MD5 d4506ff249d5cc200644b97dcd6d28fb
SHA1 e986c3c6c0f81602a607fa8fb3e92601d8423037
SHA256 8a5e9790f2479a6d061eb4c6fbdd5757317cbb32e4a203e2e94264cbd32fd95b
SHA512 ab493855e0a31a2383e87be4956d63571378cd43892669064afdb459d7ae4ffb337f3697d3979a4b6b9c860bc13a914759eee9cbc6293058e6b03eeaf681070a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b9aabd15f88141046722bec2b7251cb9
SHA1 9d4ad0a5bfb2b2c464626ef059ec9d09165de758
SHA256 a6849ab892589e61c9ce527984920015c19dc060aee4c1074532ca97ca8d8983
SHA512 833e3b08b661937782ab1bd51b25bfd78f00f59aa7a5a1c79079ad67550208bdfd76c9fd17d0be44c270a2e94e47fdaf19d7c6847b6772971437148d7130c4c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69977e53dd344f8954af576bf25d0eca
SHA1 4f00399ebdc030e0856ef6470d9767faf194a0dc
SHA256 38592973a067ccd65833a08eb6c434863cd080ec2dc661ca385824472c876e89
SHA512 6b4a4bd2927235b20b766e5642525510557c0d08cf2a2ff1dd13c859b893625866a2e273010af6b19c5a95b128e3110c53e43ca4eda19715c53578daa5da0abf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 ab0095e9440ad9e7ae6069eed1b52a9a
SHA1 58547337c57d4a6adc658c5d731dc49585a5d426
SHA256 863e2e27086ae4b2f524a7b482eaea42b0a27dc9ac265e26a9672b18a52b1eae
SHA512 ad796857d33b2c3ed2bbbb7ac7e1a972e2e7e78f3fc81c9534869f3652646f3733098d9b1c24d99f778079fa6187e70fae3353568b62b08427fd96d7469332a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ff026db72a27d65b7697aa78f549e0c
SHA1 1763a74e4ecdf1fd117a1e818084e60b5dae1387
SHA256 9c6dfd57d5d3b7fcc8e4060f0a68ffea86e95c429a3836379da8e475d623061a
SHA512 59e227c82d39f13553d0a920c963b0df647ac005e1b06ef7344ef5e28f7453296a1c63bafa7182e53680553152e672b75d07a8391f2934dccc5f22018e1f10de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c219529a966d31ce39c3af68db549027
SHA1 97befeed0b0f22d9fc0efd070908c3f79d96d9ef
SHA256 2981a58d3f1312a222f3d6fc187dd2990175599c0b09a5ca0d0f1d5367cd9149
SHA512 225720742c9678b83f020750029289c6455a3898bf209c99f55b72105b8cac94657403cdeb6096854f6e4b5b784656aaf4ce2d0b70ca9d54438fd119494bc90b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 9445404ebd52604a20ced201a91bca63
SHA1 882035a2ad21d138a91554e7bc65b39928859369
SHA256 89afb7f7da541e670d812d10893a185de850ad1529998124824e1473e3c7d385
SHA512 6d0df3ad736fa954c864ca5a34a831445c0232796767c5d3993fbf0313776533ff54f89512659ad3be865d508bf27afe4246ba1dad4f53add956ff1a1517c696

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 8c5ff9bfde8e7ad5c2408cf76c59760f
SHA1 46d342f55a011c9f7b3db1b7ce2e277b8a2ef68b
SHA256 266ae6c18a4791e63682ed943752c18c05ca4d2e89cdaa1219e622ac1aeb10da
SHA512 8ccb6e059e4480dd44afaffe2d663d69df649b678d59da420f401a8ed0c45f1d4e02e636f3874d3f5ee53dafd0e7d427bd54b46cd69716a13dacd1340788c5e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 bd4d47853ffe82306c92c768adc8676c
SHA1 d2633e98cc581759d3f81c8a758ccaf54c82476e
SHA256 76926f29ca7cc3673af1003b6943529a0d0bdb4ebd398b06106195f83d38bac4
SHA512 a4fa4fb249849333a5403800682e783e854509058aab6b268595a0dcf60cbb0bfbc0f5bc921452447c0708fe9172ff150521b8b75c039f297cbd4104c6e323a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 05d22e70c9554034c34942fb4afc9c89
SHA1 a7bfd9b798a252c5498c54d0d38e6a44e2cb3962
SHA256 32e83fb525f93e2726ff841efb846163916551c9ec811c0c27d3b5bb1de56a6d
SHA512 a73a2cf59ec111f7b94b87129d30b2f8f8def17f4d3083a2f3005aeeb514b72f9b393e85103c151643ffc13823b9624648e0593468039398fc4d7e809eeb9da0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 89b63aba60fce10d756f94b37711f6a7
SHA1 848297d35cdb4bdccc9051250203f4a73fafaa56
SHA256 18da7c5428fc7f6d033b871921442802db78c7175fedda262f25cbdc737dd90d
SHA512 6fa2a51a55b8b8089b9b4cdfb448691846cc95a747844bab14d7d1b02be226f7004c0e3a106c27b6a9006598d2395af49e83f8cfc343ae62c69c82b5621d3baa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 b86041feb4ce339adc3d303e98eeee85
SHA1 8f60e318d833a3bb822e1ff5fb261eba50af59da
SHA256 c38ecadd847d6cf3f12ffe84fa6bc928f0c323d645168cc272e8a67da930f274
SHA512 a0b631f791894a1a70aecb90b51c85bf5ad677e123b2038ce64a9e778021dfbfdef9ff478f73c136d737396688de09abb33ef315708bcad9b3a7a4c23f2fd0a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 3bfd83d82bb8295213ca8c8f34b3fac7
SHA1 72760aa286ceb4d1712b4eb3b89e08ffdbae1175
SHA256 6adf779e270f66baaae427f58ed61ecbf71e8e593ec9a6b755f74c77d550dc76
SHA512 968a485a2633689727b3b5143c269882950d25fe37b0002314754d0adfc08da933fcc5f85ddc8717251c45cd78ab264b02f9ea547408a24fa8887e21ae9bebd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4ff4303212bac1aca70305cbbecdadc
SHA1 5bfb338d3a0d2ace092e75130464395d8ee7a324
SHA256 ff1b2ba5897bd77bac86ade0b841599837acca5c9a11d75bf1552c4dcdabff02
SHA512 fc1ed749e215d5e23fe5fdbb95f521bfce376fbdfc930f1272b63068292217557b8f78f09a8d71a1c20a256663206bb3e59c454ee2aadf6dfdf6aef83d0cf863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f44cd0392d7296ea3e71ae7c34b5bdef
SHA1 f6d97abb5665f56a56ea5e9577f9992d7dd7c8d9
SHA256 d32020aef9f6e18eedc9bd9ff764418634b3d213b5e6e128ed6212dcce15bb42
SHA512 165cab33ae1621d85e5cc3fdf0c8827aa7e8e50a999d2d5367d667f4aa6fabdffda6f2508d853ab5d9768ec06a894a0752425ded16775a7096e06cad9eeb7c87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5908ef.TMP

MD5 ec067b8e095dd3da00af2bbe454bfbd0
SHA1 b02dbeddf1c9090043f9a50bc75364f15da8d8ff
SHA256 6c04ea540c5ffd0d67738b1fbd32b2bdc0fd6877ea6effc55251423b20d09a56
SHA512 7a60acaf63ff9802a6d64d6a47c50366bf9c75b3e35b04c8b36c5cadb9cd7d49a2a58981aca1d580bb77d16081ab0bec746767ee12bdb0219b9a9c1ab37b1e0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e8997fd936619685949ea8ccf2e93b9c
SHA1 5ea4cd7da0bb7f2a3661680d26d4b30ddfd8e061
SHA256 32982994812657e6292cc9a6fd8b4bed1ec5d261a1f3d9fa6057a16ab46554c9
SHA512 96c58f3e0e47ff37dcb12b017f90583c324f66820f1d6dfeebab55250f5a8d7b81a149022d8fbbaec5ee560a080e35c06cfb9cfbf665df1874dd00434561c233

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QO11DTQH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 843f988b28ec31b7104fdc9cf6d418c2
SHA1 00c3dde0d1ae65f2260e5be5d70e7dafe3624b4c
SHA256 6ef0f96cbd0faa676e89c712ed43abbd6ce8f0d43cb56ac5d72808a7841c01ef
SHA512 d7a4ffd7ae9a92a7b6423e22d901eecb4d9befbf52ae03744fd5c071daa89f11a1261be68bd08872ce0f5897af2a2893572db55ac85f45af21ec17289d196add

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07254d2cdc6569f743497e1f305edd5c
SHA1 2ef3db3699407e892ad2f88608bafbb294b73e03
SHA256 63620e9bc488c5053035effcce9f25863f87646c8e10d3ba7c1fe6c0dc04f64c
SHA512 0dba487c708a8cbf9ec7d863d162178397e4bdfbc271a20bafffb22c6a85f9d38bb56e5438ee362dcdb70e0a7e9378d6aae1c63fa2eae5a989ffa0ccf3793c73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{e5c57bd6-9125-42f8-96e4-4d22f22f5742}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\idb\2218772157yCt7-%iCt7-%rfe0sepdo.sqlite

MD5 c147dc8978c866d17f766f7a7b054b69
SHA1 6e07f22667db8c828f845c6f41cd400a9ec6f29d
SHA256 a5f701213c5e03e21d94db0169aacd7e4b640b904457e63421e1daa2a8453a9e
SHA512 5f37e0d5f609d4c89d03c5279272f325b9b9ef6a3e1dda99faca7ef38a97597687b439ef7151af7ef0cd72e6f8a3c5f8c2aae63be5f4d9c2d5c934bc538541f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596354.TMP

MD5 3aa0b97d012a98f13b72f8c4150781f5
SHA1 f9aa0fcbe7739815398f6b76289555d3ac494d69
SHA256 170956c4c1ec9c4e2310196f48d054330a5cfbfa8d4ad6dcc09db0f2cd92087b
SHA512 44ec39340b452f4cd5d31b65e5119a9d01e49f9fded8fedc0c55b917ef491a0b64f20c9a6d56b8c831b06addeb6382674a9c78669332b9e51b48037ce80cb3bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 281f7590e9d9744144840bd708ab10b2
SHA1 df8bb0666e86a1f8917e1c5269502989d0082f07
SHA256 db845622d89985411981e2266e9021b7fde381f17427684de7ae6d80ea9a49cb
SHA512 44007e4a1ec04149c8d25b604cb343c647b8546fd795c71d0e7be456a24e8f98cb68541d2a9f39d6e2204ffddf090486da1358b0219810f60bc3d13a1e296794

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 79a68c832a2efb58364ce06290ee00ca
SHA1 03acad4d3ac1d6a6698bfc15f42a1679bddf5df4
SHA256 e5239dea72d7e2265a3160e3c9d0e6a2bea7e4b6d1720b3f59fa63b2ff4ae495
SHA512 4eea968f991e878417df9f333e1967f3015bfa6c5b5329ff6b2bf17287f5a215b078e47be077f682dc7e2a7c3857d404f2d43e564d390713d1271d82c5245c9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b646f546983f0f442a92a5d2802a7a6
SHA1 c632682ded40810b1a5ecec2347f4887cfce9ad4
SHA256 068a3e9c18ec1a3e01b0e5b7e8c1448b723fad366ae0f5359cb1c65c4d8828a3
SHA512 0650d33fed4875b85256d999fa7ec0ce4c6fd147c0ac538f904c28e3ac213fa528c9da708c0ad4a394d1bd1765d1b336f639a55ffea0a7e3157985c0ce622573

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b8a0af1a06473a332724bbae762342a9
SHA1 7ef46134003e4d87727839a1e34042f1659b26b1
SHA256 1b567542e468fb48888a0edfc1fae26a48b9c6e054ae5ac4d7f844a97ff99334
SHA512 b3e96214d1e90d85823109476137555479847df4a2f8690791387b0a9bbfaab70f3de9b61ab4e2a6a9c45aba1adfa0d49ed0d07389570ba7162042413087bee2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b9733f677964dca9aef2d6a8b5f241b
SHA1 63900ea1edd0038904bc5ed7b4a12c7aac462f6c
SHA256 15c33a4921829706c8100723e56153982ba6606059d90ee915b1caf908fb869c
SHA512 1a2b6bd10f07ef03c8a9e8bd039f152d0dee771fce2103e1239c6bbb9330a1a624fe86fc27bcf14aaa52c3f08d60fbda60ac295284fd045f656d3696690a2ed9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{75ce41f7-875f-4273-820d-79d583303615}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{f637aa61-13b2-4a55-a028-916483707337}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{54cec5a0-d0b5-40fa-8cf3-7926382d699b}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37c28d6574800eac25ad8b7bc7b2449f
SHA1 518dbc65d8bbd073e7e07412c3d4780711fe14af
SHA256 b41710a1033613fb824419c4cbda8db8fecde757d1af99e380383da1dedade2f
SHA512 06fd7aca910332273efbd071cbb6d4a4d19f42e7488024dc608194e81e1a0784ed1d5a9ea02b0c1ded62f1d1879900ce4af768bdd55a6750809a11f350644ffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f503050bda83eedb94b9699d8774111c
SHA1 efc98e98d9b7de060f43bf5bcaf60e70c9be2181
SHA256 6c7507e1751589a7b44201f6b3ead7f4af31fe01f5982ff1ccb0035ce985cb0b
SHA512 7a30a8791cf56ec097ee3f74f81071dd5e01a33de7d5174391e08d3e6011ef242eaa88de95c37ffb6fe47e111930022e6ee0bc249058f4335108574508b1acce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f04861841584063e60e846b8c31455be
SHA1 b8db6b3a96ff3a8848de554469ec643fe209412c
SHA256 5e5bfdf3b754a93f7a8edb83a6b93597887fff34bf0923eb261e97424165842a
SHA512 f7fbd6ff6989ba18c8928c9f29b14c456db0c470d2531c1061408da7ab7824373fd103a5f5d96b4545dc82b07f41755ac9c424ace03d8ef07489883b99403979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13e1ee73a7d37189a26cbdfd0c869582
SHA1 229fb331554215ddafcf33df1087df571be3877e
SHA256 7638cb1502384ec083d918b840eaef839bbc3c8a8c3eff1f482ac49914c4604c
SHA512 4b26d659617de69d67ef71012212964fef3995d517acb0f635582a1abb78d700862c029fd985c33e0572bde3aaac305291b4059065f6be029ae4ffe66061b393

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 5d3aabbb10cefc797381ea94b5a88c2d
SHA1 dfa3d4deaba6f8dfd4324d29d3ca2fc159a76af2
SHA256 5b747c16df8bee8f42a967aa82f4aa3fc8d4485dd678e7329650eb5dd189b48c
SHA512 9bfec3ab380ae30a8ebc8da93060ef0011695e193c7d4ef05d33fce752dcc59a97dbbe1666f1f16a33c55dbea34ee5e00390a10d2c8ea935ef9960e303261995

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

MD5 64aa70d31af7e57e62de8476f26bf0a8
SHA1 3d80263e1d493d3bdd5a5a441c79e3e355b0325f
SHA256 f3d91dca1f4665bc852942848fd660e589f952961d041c2fd61fa1a3c294655d
SHA512 397bf1251bd3367e187135dcbeafeb2075c93ba5d93ce4d7ddd562dd9a5dd9c97087b2a9eb2976b6d2783b8b4d3d4fa3be42eb77f0d7d41c6b5a49c3aed1dd09

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\81F611A46CC47CB341A0E6978FD9E4BF0915EEC6

MD5 82bb9cab29d2cecf327a87ad9cfa72f8
SHA1 3fd3a069cb57a05ef7f7b6defc88feb5567c0b24
SHA256 401a063d1692498499ffdc6d35ec0ad6fe42a5d79c63106ad644053c4cd832af
SHA512 515a907842b7a44b43f8fe95bd5236f4226a83ef95bb5366d25f18d7ba6493819bbe2b3f60192b1921ec9aebaab41ff829959aaea44b22358b3fc9c8981a96c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

MD5 448d01a694eb9b88cf835950890cbdba
SHA1 477c67aadb45ac6eb0daa80ab81aa6034c33b2dd
SHA256 abb9fbf6095c71108f1ec6578359834ec0530e4a0371a82101d34a1534db379d
SHA512 8d9686a3959dfac02500b29724dceaa8346899bebec0e27f5f5e6702d61e6b97c2f1a17cbdc605c10a5c3f64a1a89ccf732679d0f6adbb4e357ca189a3542796

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\4FDA145388BCC5CA8EB0A879437DE01B0B0A573B

MD5 90321879a661ab0b0108aaada662de00
SHA1 4380917e7093fca73f0d5e40a0456ef442a58cea
SHA256 21a2c5ba51552663b9e7fea76e0444a3d2d836ba85ac8259d7d13448fc078d92
SHA512 d0e26478e65d31657abe4d6ab44a8a01f5860a7fef715d8097d4414dd6c7322e2bcd6857b56461030bb8338415bd8b3bb47faedb17eeac80cc6a3bf5c53733a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\14E2D2979892E3C2DF302AC4DA8C69EBA2322A65

MD5 e1077b2ed34ebea689d7dc31246b7e33
SHA1 685079311e0a778f6b6544b9191afe8607b409bc
SHA256 af4ae892087cc29f8c1124a146edd3826a3914d709db85c243cddfea11c8831d
SHA512 424bf00c621394b10588f56503a3422815ff1c4c466b25969afafa6a498d094580f2f73c8c44dbbe98c61badcacf642eb5bf912b83c0b47e734c3c3657a734fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\targeting.snapshot.json

MD5 6105849b0790a29982f66b6f0efa01bf
SHA1 aa1030b33cd29bbdf9a60cc38811d832d961b85f
SHA256 3834e39ac8c28028b976afc12cce6babe2086a06f264e52675f9ab3ed531f1c7
SHA512 57e4f6bb5ab5847fa5ad69e8fc476883b7f0201da34d828816b4ec0bc22631c5a94da22ca3b9422040cf45ba3f306fd9b8d6c2831f1d6f4fde88173cdd2c2668

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\5F07B74E63CD9C642F80A10EA17EC626CC84BD97

MD5 fd5f1e7af3ee740dae4d6e6d576369a8
SHA1 c5cb96306c35e8bfa04617bc59ca50849e437d4b
SHA256 33e3d387deded43874f6bd79c35e729ab71dcfaa78edffed057299d4504e9037
SHA512 df63f49f0fa2e210fdaa24a4fbd8ff219532a774727c01cde3785c6ce688345e51ea353ef24e41d93aff2d974df7be05d71d0262ec566742acb37ac0cd285c12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\8E852988EC2FE1F308B8D5A45B53B3995EC46E9C

MD5 5d9d8946cd4685562738634335301bdf
SHA1 5912bd836d112e697ec2a2aedca1b22cbc28cb48
SHA256 59c7202e013e6034260d4e908c2c4b402b671f10fa345fe3e8abbdd0ae9bd979
SHA512 d294da12d6daf7eaa54c86e9502222dcaa8a22e94d7baa22a859e06f618e0d9c0593a95a99b89a6466cbee0f19c1fab619126543272796e091528653d42ad720

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\6AFA5993FE2305ED0FD62F43A9B3987E5CA7ABE1

MD5 e4eb8b162ac09ad05495e8d5d4c33f2b
SHA1 5a8cbcf6e1031d9586cba59331cbd41e81fedbe0
SHA256 3839f663424925d4a5ec2a9599b4c3c3927792e2d18cfbd4dc267b21fdbfe78c
SHA512 64259b2e8b0281ef91dd2a0b76ea10f1ba4071b1126aa685c1d34af32f5924d97c411c97f5c5d8efba59edfafbe38570bc7114b320a0c5abfa3c9648143e4cc6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\4F9E4FEE65B341A559A6F259B1AFCF2F24D5E56F

MD5 1f108dc747c48a9e7810e4f63a6ca907
SHA1 457afadf71edb50ec0ec34ad0bbe85b05def0806
SHA256 be904aa1a6e9fc5bc9348bd61467d4955880cd98261c34640b3c32ac2e306e31
SHA512 363329cd8d391fa4772be240cdbf87bcf96ec51211ef31e193ba63cdf986120ab5aadd5e62b0d3b8497fea36e3aceb7a9b22e40e5349a0e4d9fce5dbbc0f192e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\08C32D0A9269BA5922EC288E145F271E370A1E99

MD5 62280d0eb31fbe9648df17441e0dce5b
SHA1 8df35e515b1998785ccc834d6db0b70f63229483
SHA256 95b6989a6c08fc106e646954f3aabcc44086f1713bc8b19788534fd36e5986e8
SHA512 37ff477487edac31a3a0572906653b45f79fc7d7d83d8008968b067e951f256385c196f0bcff0d02b45c9902e9cf92cb87829389b6712e1b6ad7faeb81a2f2b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\FE1F5B94E735CF25E43C634E82ECB06C772BE012

MD5 56f0890026398dbfeb4bc706d55abac1
SHA1 6de67ccfb312cabca320488ee1a9bd14c8942175
SHA256 f3346d9115d6837f102a3bcd0431dd3c468d2530b51cfa10cc176668c3ca90f2
SHA512 d35245873b538cb4f5fca9d09413c5ba19c870cbdf51c6c218e4ca1fd4701936f5b611aa4a6806e158d223c10cb808f8af5ec74a8fb038e16798ecb7a547de3d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B0868FD27511481547E3D8FC2314D62E615F9439

MD5 c16a6e23004da740fc9efa12f7bc190c
SHA1 0d44ec6093304edcefbd852b82c4414dd53f57b1
SHA256 0129f0283eeb1bcd347572d16f0263339075fd41624a5e6cdc43a6e3ecb67cd3
SHA512 1974e3f26812bd3d7d56826c9172338e663f8ce95666a7174d910dcfe4dce7a7cf5e8869b7907ad1562ba6d05790ecc1c97b142819ee2c0096a7dc4e4279f4bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\EE2EC7D386BC5812E48FF99FE3F549F31F5BA813

MD5 d2a7dae3c71b0f1fd99c7709330f0a4d
SHA1 a1ab709b9dadc2ec20995b2a3f3eabf1cd46690b
SHA256 7e186c1849a30987b6a130f5154157f15bf5bfc037a1f601f63db7d3024ff5b0
SHA512 a66be06dfb47bc44d52f0afd4d3ccbdc7ee23f7f4528f38b14d40248ebf49e09d16df1b2801196d12b9a59868a942d55c31d3855b07306d3082507a3cc130a57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\F54CF67C8A467883BA16CA1C6B51702F39B3D61A

MD5 31b0df7bdbf0cd254ff8b3169d3a78b8
SHA1 50f640d9c3a1909d78392cd0fa795d3b89eb5366
SHA256 b1c4f852cbf743320fab3c8ca0458a042d86647e76c9d1d77e101538d7a41b84
SHA512 ac49ca2395f1a8d2ec4896f09382431c0e796f66ca031900c3a03983af9b7b4bb10b5acba3b31312400afe7b7b5ffa12b6b8df8821da6a7a20a71a094cc4674b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\8F217E5E83E9F39889833807B401870489588B94

MD5 2415b5049a1551fcfb5f2076640fd21b
SHA1 6f77cb578bbd03f686ab80d798d36b80ce56067f
SHA256 8bcf4e18bb2def3d9b14f3232f65697d45e3576c8e07f6219d303a345111e373
SHA512 54e3a7fa8737e7aa68ddc6c073b870b0d37589068319956a69d40618ab228fbde1765d6bdbedcf033e3d146b5b1f43f9b7f2a120a6d0145541c0cf9c0dd1f641

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\22DCD43523E3BCF77BCE3E366183AF02D486B2B8

MD5 94e07ef9d330386799d2e069701ef2ac
SHA1 fb5236eb9e5d96a0e30b3ad92c16f2e6c3f99e30
SHA256 c18dd7a931d860e74da960c91b9fc01ad026bf05b2709ed4171ee0c4826da472
SHA512 e008fc50454fd519d15dfe317bfdd0520bf219383d8d455ba214b5ca9ca2613ede27c1433b0d355e6680b5e4195a5ea712440ccfc7845003fb206a4cf9a9cc99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\3368A773D127E0B0A21FA7D31531A7C56C2A0C43

MD5 2fcd6641d168bad7814c4787aefcd9ef
SHA1 73ef7ebb4f296db2a0cbdd8002e14a48cf877b36
SHA256 0c7b344c3f2151e60b1bb67a3beaf8569853739771c8e496be26440a10783a57
SHA512 25a89cde9b1cf5358ff5c1b93f799d2bdff711a7e9a2e7155da06080174b77cc47c1aa87453edcc7037043a8821ba6f4d42d838db7c50a24057f14762a1f99fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\CDF3FEC4E0EEC18F2087C67EF16ECBE69FB8AED9

MD5 68a9a432cf413ade8188adee83908093
SHA1 95a61ea1c641a2fe7d5e764a34749095554731dd
SHA256 3ab7ac86e2a6e17ebe6ce3a86f926bd8e48155b541121967a76adb75a1a6d25b
SHA512 788cc971a528802cdf9844cc42438df1fdfe555491476e0a21c5aa04e125705f1e0def9c265576d77673e165c9779710e877198b0c1edb77870dc3ea806cc8a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\DC990C2E9B8378070C100B26A893DB305F84C5FA

MD5 4ff7d8928f5f4201a9b42b915b8c04ff
SHA1 0ddc0b4c4b33f2e492774bd448968b04578092fa
SHA256 8237fbab263c3d554c5ce7d315154822a39dddd8f40ae5dc710b660ec71d53e4
SHA512 34573bd7abb8934ec53c0f5e1ffc1447fb3a1d725955380b5026e19e9cb42a03efb683d0c3c3e79d604995bb3bb99c8a516507d1d4f9b0ef1aa4db3417be35f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\40EE86962A167F85FF635E63C180D94A8BE50B96

MD5 f20f9656d979bb0fd8b88aaf26632f08
SHA1 24d494727104f26321d45017d467562000f9d626
SHA256 4ab9993cc65b9cd7762c2fd2b61928c4d1f477e467724fc85f039473473305e2
SHA512 1e86d4db7d0df016ef1961f7001e4e0a27d5dcdd67eafa090baa5139d99911449c840c98fba20262a2a12796c46dcb6e7dddfaf901da6b181801c69cadbe7c08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\14FF324BEE8F75081FE9C38BDD3C16ACD05B921B

MD5 78a27a10a1854b41e048e6e4c9f66f16
SHA1 b394c09856bf7a4915b4a8c352fe78c5b827d411
SHA256 ca3d074574346c5d42435d909da22cd88a162dd47c6b6580e2c12131f3bd405a
SHA512 520aa88a871d51c78c9e9d030765116012ec78be152526455424665cef393cd644b0f9d29997f5044187e5d05911acaa86264199e6d94fd958fcfeb3c4ba1b81

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\3D2EE65213655611AE063776EA786EF2A8F7901B

MD5 6a34506dfd2d0e4f2004e37619b96980
SHA1 5cec9948c3e4df3f88a0caedd1621571cf9fc0a1
SHA256 ed1ee36d4f99d00bebbdcd86bb202b581515410aca5e880d32407ca8e54b5311
SHA512 298f89a5508a45cebc1e3e181c4931f2a6cd41b592ddcef1ff75f3d1c7c9d94b2e3e5a1429b41f47bea1d0a622d49099fbe8d841ed278f018f1cc84d9dce75ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\3ADEBC46DAEA2D77E1DF4B4AB6C524084F97786F

MD5 ffc95796d1dc7d3791209616e420b904
SHA1 7b14e608d62981d68aa098300d469028966a73b6
SHA256 3138aef02f9fc728a2d4d4ea465868f0b27bab15d2b5ab6f17484022645dd128
SHA512 2c29e35e3f5c1b8d5045bdfe6f3ec5b67337d41fcc1c9f436217d2ba7ceaf088e3f951235456b94caba43bf50b44db6f959be9c9dcbeb8233fec8a3cbfd2eb04

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\1FF9FC80CF39083D96E02A745517FF30CC74D1A1

MD5 80dc3623cf27f8e255b96178284d8936
SHA1 100ce2d5781b120dcada799be9652f74ff90cecf
SHA256 7d10da4a78aabe7e9ec1bd4aa2b8321084495241053be96729d2d96534bd32ca
SHA512 16ec1ca581bee19ecce4aa69a6551d930ec3d61d2edd3b3b3d38fa654530e883afd83a4f61ecd54aa4f8a38b28cd8ad336046ca6f27c8462bba7acfc9e8c907e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\C3D6E7D6E6858F8C96CCE419A9664E45BD4AEE98

MD5 cff74f50aee79e852263e868a463570d
SHA1 a29ac577ccee0a3a4a65b93f31ca5c738a9a1778
SHA256 ac80aefa6cffddbbca5efac521948787bae84ef04517263e7140873eaf939e4b
SHA512 e32145872cd3cf34eace2e77a7cd35edec70d96fd4f2453ef359db5afba09f37475b03fea35f2bd388d45f9007cf6cfa97e0812aa89a8c36ae778c48cc27815f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\F296CC0CB1185C9A281664B8D8A74F6FD9F1BBC5

MD5 a860848e6f6012286484a57de9fc5d6c
SHA1 91d2e54f384af2d6ff904884688b21d539ffb09d
SHA256 62cf20f109ab101c9434f0f1fe524543c5e2e8e50507c12ee45c1ec3a9a35b72
SHA512 204b3f08e6c0f2a0097699e70d1eae5ec58dc6d0e34fe3aae23997c84f81db98563f4b21021025f46f0ce1eca6af151afcb3ce1223c8d9735c11dd0ad0b9974c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\2550FDABB65ABC15BB2125D4F45E26670CEF2375

MD5 6efe3a2d2ebb6fe19342833553ef51fd
SHA1 52a4552768923a0fc737079523ace02c0519c468
SHA256 72350152e97edd6e8b567aa4c7838c69320eb6d0e63fca3df78c1658d3c6e146
SHA512 0f38b7e2577e8b90df22b29454ddf056081a43cc3fabd881e6c3e933e886089c18532c0a989c35c4530704562be55e2650fc01069cdb3105430fd44af63a880e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\E5B3040FE954960C4AE937961B172D33F8A49F51

MD5 78b6483828b89206fee53f9c903c05d4
SHA1 ac187e61573249564e20549d6713dc5f357188d2
SHA256 cac0badda5a45d8ce50620fbfe4fe71fe2c922bdf5a2272f7e601477993ab0bd
SHA512 b3c4f484b72f6b95ac7f6a5264c42944bbc55607c8b29993280de7a80f0dc557e73293e11d69d8fc00e80ca04f053988166b48bb0d972001039ecaa7527ce05b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\7D140FC8B10FA0CFC53F8E57E0114852088512C9

MD5 14898d083716783a3828010e5e38e516
SHA1 17e5b712517a5e09b3f87fe5da1f8bbf270e4b87
SHA256 422244bb93533e77e80566db3d11b05d14bd00d44afe6ad47c6f340234a6fa0a
SHA512 3e8b96436d3b39de5b604af4cc9653f67a2d14e7515e0af23b9196582faf07bb7cf12cbeace41d6f2b14b1f3943b2b6024c5e26f31bfdbdca01e42737bac05a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B3E448A876B34E821E365527D2AECCA735441C98

MD5 742252ddbe8ba6e4c8381a219c3d7797
SHA1 91958967aaa711056588345bdd46344730178533
SHA256 3b668f7843830b642493318fff0b987726bffa7f280821aba2ccdac6c6f9503f
SHA512 bc3f5ee29f9efaaa88585dccd76b1d5ef1f723f419c675016a695e166525fcac07c4eab019f321df5889d54d4cd25701063f2e1e29d4952db22c745bddebb255

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\2965A34A6840D5D6EE6F7501F96C7853A99885AC

MD5 cdd6d18ab98ab048cab06c3bed162081
SHA1 c64cf4ee8fbeaef1a91721c1229a24d1bda6f193
SHA256 cb65f0486ac0597ab74a347e934093e965ec77852491c66190eb838ac937fe74
SHA512 b03c67f6e88ad83f9cec88fd9109887c5a862ab32e2638c037641c20ac5c0a5afed376e390080a97d38637368b2a2d0e35427d689f5bddf572a2e132e20b1eb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\48614B6BB9D208B93EB55FACE83B7D860638380B

MD5 280e5a7fe986dcaaea834230e495486c
SHA1 a300fc0713338102f0835acc659476120e585ef3
SHA256 be1ae82ddb0f2bfce8539f8377c1ba1d3912382ca60528635212a652fc7f2e99
SHA512 97117b812cba3e0c3452acbf8b01d369566d5f240127d5924304bf8368219bcf50177935bbe7e218af56ae2a10383fa0b0153e682b5a4b94241f16e3a66d64bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\09444BD0D61BB42233E6BE4E25328A8102578DB7

MD5 ae4eceee2cc03e673f71265ec6d27381
SHA1 b59aa04674828cf34d0fc86f27fa000893e7c3d0
SHA256 de992c2b3d67dc51c8ca12b73dfd148066b3b6cdea94503e47dc33a8559e132f
SHA512 4e2c856c72d28ea2caf6e1df8cc03af2af8797600b8f2d395a1a6562546937df772caf74ed4a6f70d6d530ec9129088b32d8af64d23311a1cd5e3fa90ce01a8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\0749EB9701150767FCDD1996E925D85763F42DBC

MD5 af903408123f08e66abc7bc660b14dd4
SHA1 8010dbfad3bd170f34ee6ec795c33f514d904d41
SHA256 16fc95a05093e6f64232ad110e3df7b911828c544054b6c8515645b1928a1d66
SHA512 e113fae01a5ae46a8e381c63211f483c31f4c1a1c737bb51d8a233c2faf66ddb9a1d15e09f5d2e70c4fe48b6ae869fd126d92fa0071d8fb84b7a3b46943051a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\FA94356C059072B3C227C035241482B2520FA502

MD5 eb4477ffff5d22409c3936b3a4ad83e6
SHA1 733af12af2cf9191a886cdf23acf8b22198e5211
SHA256 acea33d889529c3222f1916a4a434971047218da82d5827b5fecfdbdb5797ec0
SHA512 19b2b3a2110037c51bc3e70c259fe9361cd24e1f1eccd401abcab8b1cdbe30d1d87ec4db410cedc4e82db1cd36a2497c024bc468f7e9f14a875bae78b5e748e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\3206D2EA08342BCB9ECF9584DA158B007134AF6D

MD5 d1d69d829cab20e0612c65a386af5e7d
SHA1 629ae816672e6d17713fa6fcec9495d59956a609
SHA256 6f02d5bf31886ee05f0e95229b086aa884353aa07aeebc18a149cce98f4dbe10
SHA512 e56623035993fadb9afc932344f88fdf6ce2d43c328850427983f3077b91d62df6b00f209cb8ec722cf714d5564b5e6ec0ece51c16c7bacd55739cacfab1fdc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B20635A9E3239966DF1AF8702BD403FE7FB90005

MD5 42b99591f8ac5f83d3b1c3afe79e1c9c
SHA1 d670c17ba94bd19e67216f0512e61495ac0c06b5
SHA256 76f220ef8c58f12eba8675532a8dfb62303be78f8ebbca29b642723f014cc827
SHA512 5d8d41181b60724e2e654e7b929cbb3b763325be236c510d1b36fb5e9329e54892780abe09a7504ef6523996f3e8f84288b15e7e0758814364e0ee4a7a8a209f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 ccea104383707b38ee2c5f46d6960421
SHA1 03fe2a908f84f87b673b644c305cc228f2e4ea46
SHA256 dc56b42214e63b8c9b5776d4d2e376f7688bd8964730c18da3760f131c83c967
SHA512 a42344c94664feb460c797624439dd8af9536d0f204942cfd710b1a5d098c4163b893787d924cb3310205b570b3a2e9739fd82f135b68e41a458448ffc11a9e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\BEE0923BB88504499A3AFAF3BF80F6C9CE01F868

MD5 d35c9848ac945e67024f7061b430549e
SHA1 7e9f3f01894f375eccf168f5a42f0d560ca5cacf
SHA256 ff870e9d31ffad5e6632c2953fa5bcb9fd989677b656392b815cf58c64d69917
SHA512 7aa287abc8593ee644f24313c0e69fcf90e5e20aa00a022f9c18e330e4bf93431a9316fa005722cb1e8edca2980fb1da4eaa9dbefc14c7f44860ebc067d7eb36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\3453A4706449E16AFA8B39DC0961BDD851D3CC78

MD5 475d4b0fcebbc501b9c966cbe95809e6
SHA1 1659fb5074e51f67a27c63c0f840aad3759c9bab
SHA256 fa7f99a4454cf44ee3b0bc9f2f897c49430a9788986fcbe51ee6fc86f4bf4c38
SHA512 75afa1c04e3632d6332f68ec72e3eeca16c80fa4889e954adf633b83cfcb9df0f505c381838b812ff749c4eb7c944ff7e06b7be16828bdf9fb235166b5180c52

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\2A3BCCFB997FB8DF06ABE885C569CBE556AD65B6

MD5 809e595e980a69621639a28e2bd01cbf
SHA1 75a23601ca9f64b573b40ffa4fe91572e2e91484
SHA256 61c0619aecf95b832a0e3c216da7f3d9cb37b20811ca7233afbb0661589de76b
SHA512 12258f5db93129a571f982a9275bcf7ef5bf0e914570908b2fd5e283acdec3620e64d3b752640f4cd399515e44cc40bde83efb61cf900be50d38fb3729fcd055

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00

MD5 e454d48d91e46a5e839d8cb00d7a6523
SHA1 8169a9efa071ad4a815fe5e99c372b1de9461e9b
SHA256 a0f1304acf523ce5c55005fa505dbc5e7be64e8f072b46fdad7d52f5ad7419df
SHA512 a9a7fb88ef8968f9c52dd0155da07d9a0726a8656bb4d24fe190977b50716b2fb5532349b4e082bd36b710a5aba89e30a5ceff514f2b5093734a5853cd1f9d09

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 6ed2cb9936df43b333c8a93b1c035d36
SHA1 16cc06bc4ea6fe0a90606284cefa1299a5801c52
SHA256 cd037c1821db3473feffcd8802e4c2ffef6d38805b9adf0330de98da90f96fc8
SHA512 90f1370a0a497707affe4bf347f1d317557165fa3dad674908d089a9f37e7db027648163723f8ba8026c47d7198c0d56644c67bf6b8a2480f2e46cb183d466db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E

MD5 88bad1ccf65cfffd3a4c5ee349987ae1
SHA1 dc5d49e259885889f9d089a5ea468fb35cb060e9
SHA256 2664645b07fc436a9cf6590dcabc8055384971f296fc4b51b253f21c442b78e2
SHA512 5268e7f284b815b9c64a4fc6d91267491548bc8dd2dbdfe37136f0bfaaa16471852eabe0aaf48ab5ac0d8688ed9d64218c7019635a5f072ff5cff2891848c0d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\552D7E776EF97053734643ADC0C74EEAE5E0BE4C

MD5 ee7955ed50b140e74fd493dc9e53a038
SHA1 e654897e89fc8e95c525e009f19f53128ce35378
SHA256 49564e17ce897e9b6cbd70d55e5a83c123b63ebc0153122ce726759aeccef39d
SHA512 e16c9d9ca8ff50ca7e2b0cc4381229773b1d37a4cecc15d159ee19d9d91e48911fe9bdaa02fd5a763eef99769c6dc6ae5396ccc3a38ba83fdf6a8af75009d52b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

MD5 002473f64ad619119cfc37000a52d31a
SHA1 c066fe0f81ef51f671e922c2a80064e4601401ae
SHA256 e6ef13cb5c5922ad467333e592fbbb472ce75416603d28dc9aed4aa5347d11f8
SHA512 8d94c798bc51847d523dec701c1560f2f97c008bf577820707966da2974f7e02f2a5d0e594787c0be45b2d3ca031a3bb987c9093f509e7ce091b09ed5b114068

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 6884dbddcfbeee1d15236fd23818c9bd
SHA1 b79f79ff702f9838de15f0ed57e05c8e2db0aa01
SHA256 2003bd17170c0a2b2231e5eb2f5e6680ca2ed6224626235d13eb8354733fba2e
SHA512 299cc41dfad102d1d05a42c3b50e67360e30219d75063370fb18beed1d6c27eb318c784a716b1589726b9620c8210338c3ebeb7d3df0e3d827bdfb55b2b04805

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\DCC7FB835C6936E595F9B4F680D5035B83C92405

MD5 65004a58d9e50604393e39e0fb706e5e
SHA1 851c7cfee69f104d5c84729429307ff352b618e7
SHA256 5eaa85fef96652cce8a58127b9ad9ee74060db8f7333d7fbc1615c009faa07b6
SHA512 aa9c73fbb65a7a5f54a058678e6e79ab68d3166ae94f232c960457b45b4938bc129ad742084c83e31adbb74ca6b61ca230503fd60404465ef173d6eaa95ec236

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 3323a1021ee280a271ed3d6c868cb33d
SHA1 ef6722781a6ef1d219a2223fe0cc922288e8ce46
SHA256 039c07eb1595dd4952cd6c9460daa30b2e9f10161c1c36355dd7a2ff83b0346f
SHA512 869789dd39d83982c28263a2080454ac690eda08f0cddafcc7a8605f63b4ecbd04709b3aa88d02801a2b6bc371e55e281f4f18573a03f3d6d84770611e5fe875

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 bf73024d7f4104b11ba0fe71774f1152
SHA1 2e32052f483e057b163b82e4d3adafd4f9f77e99
SHA256 5b3a330cb8130cb6495b4fb7fb9d4574249f45fc83fe61177a714ada84396e2d
SHA512 2542dba6618be10bbf1ffebfb37583e02831ab3959fc79a847de9256137050f6c893299f99e667015eb4745b1d701153107bdd541ca81add52fcc1f6356eb6b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 38025e4b2117d995ed1f8dbde39691d9
SHA1 e6bf53eae73f51d5fddf02594a17ab84134dd9ae
SHA256 b1227262244b6115343cb10ffb4aa6c4def4b5766562ed35b20f02cec4988ada
SHA512 5c38854c74e938a6cebb975081d822ae5a301fd55c1fd2d161511d75c29d2599ce7d681d8992e99d8f19be2ba23dc01f628a77b91ef7dc6e04a1c3a87ed51bce

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 43d8a56b3456aa0cc65b278f7ee6372e
SHA1 317a9b4a4330fd3d001b1e4c7efacf3f153558fd
SHA256 5f9a2cb4b9d41f5b61b0b5e4672a2b3f567460a5227c33dc32cd3a7abd62da4b
SHA512 38747f0d22ec2da8d74e8cbed8264e9bcb90934eb881d502cc2889e81b27d847479e6bf8d27b0f668847b639c1b5de825e2ed34bc6bc7b8e9b05115e21c21d83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\bookmarkbackups\bookmarks-2024-02-15.jsonlz4.tmp

MD5 0e62dd9fc763dea539fcca65a9951baf
SHA1 1dfb9c248e3c9669899fcab87c465c36cfb7779a
SHA256 2cd76503ade56e37f2d997f73f19ac1b156cd3493ee7f33c4887949b4d51cfe3
SHA512 1c0a4be5f18271d4e3c175581a1b09451d974a72b3a249fab3c7742abfba55c90a26393ec0c7b787ac09bf37fb206f5a7b4977c797ad60bdb7dd2e79f3f3ab18