Malware Analysis Report

2024-11-16 15:47

Sample ID 240219-rlpyjsed89
Target 80f5f062bb7cce972a6e49035ffde4af.exe
SHA256 3ed356b88af2907fcad812a2ca7fb093f31d6f14e5e54889215a60d913627f8a
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3ed356b88af2907fcad812a2ca7fb093f31d6f14e5e54889215a60d913627f8a

Threat Level: Known bad

The file 80f5f062bb7cce972a6e49035ffde4af.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 14:17

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 14:17

Reported

2024-02-19 14:19

Platform

win7-20231215-en

Max time kernel

45s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ce166b3e63da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92C214A1-CF31-11EE-AD08-DED0D00124D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92BD51E1-CF31-11EE-AD08-DED0D00124D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2756 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2756 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2756 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2756 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3036 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3036 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3036 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3036 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1528 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1528 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1528 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1528 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2304 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2304 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2304 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2880 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2880 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2880 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2880 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2468 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe

"C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66e9758,0x7fef66e9768,0x7fef66e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef66e9758,0x7fef66e9768,0x7fef66e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef66e9758,0x7fef66e9768,0x7fef66e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.0.1803346329\907442654" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1208 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43b441fe-bac1-445d-a694-0de059d80bf9} 920 "\\.\pipe\gecko-crash-server-pipe.920" 1344 104d9858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.1.197712228\811987072" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11c1ff9-856a-4a2a-b5a8-7e2a38d94d5b} 920 "\\.\pipe\gecko-crash-server-pipe.920" 1552 f6ebe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.2.52917205\293687383" -childID 1 -isForBrowser -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e660f24-5af6-4863-951c-f0bbef7b7326} 920 "\\.\pipe\gecko-crash-server-pipe.920" 2136 1a091858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2036 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2044 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2116 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1400,i,13760844712881706046,12574673198526188259,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 --field-trial-handle=1400,i,13760844712881706046,12574673198526188259,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1380,i,3479717771878684022,8215923970515793012,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 --field-trial-handle=1380,i,3479717771878684022,8215923970515793012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2820 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.3.1983560388\247837621" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eb4ce0a-c906-49a5-bce1-5f68fa1cf4ac} 920 "\\.\pipe\gecko-crash-server-pipe.920" 652 e61858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.4.1949928325\1574438943" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3216 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ca4dd56-9170-4797-9be4-4756088b9c10} 920 "\\.\pipe\gecko-crash-server-pipe.920" 3768 1d379d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.5.1370138947\637380482" -childID 4 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e7e2ee3-16af-47f6-ab50-5d7bee40ffbf} 920 "\\.\pipe\gecko-crash-server-pipe.920" 3932 1d37ac58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3376 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.6.1972666017\1921326126" -childID 5 -isForBrowser -prefsHandle 3436 -prefMapHandle 3444 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fee12ae6-24ca-47e1-9dce-7cea4c122683} 920 "\\.\pipe\gecko-crash-server-pipe.920" 3404 1b1acb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.7.1813044175\1649060029" -childID 6 -isForBrowser -prefsHandle 4276 -prefMapHandle 4280 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b849c701-f608-41c3-871c-eaabaffebf1e} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4264 20dc3f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.8.318655745\1140732184" -childID 7 -isForBrowser -prefsHandle 4444 -prefMapHandle 4448 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bc436ea-c605-44aa-b754-96940178b7f6} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4432 20dc4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.9.749748038\83711792" -parentBuildID 20221007134813 -prefsHandle 1948 -prefMapHandle 1936 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6349d43a-d92b-41f1-96a1-c5dd635db55c} 920 "\\.\pipe\gecko-crash-server-pipe.920" 3388 1b1a9b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.10.1595945505\429283329" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3572 -prefMapHandle 3564 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f10f80-69e1-4f45-a758-2cbf5bc68881} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4316 1b1aaa58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4032 --field-trial-handle=1288,i,3711595403118076938,16648849408965531548,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.11.457983221\1292263477" -childID 8 -isForBrowser -prefsHandle 4764 -prefMapHandle 4752 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a084247d-3096-40cd-85f2-5c29d0f921b3} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4776 1e71c558 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.204.78:443 www.youtube.com tcp
DE 157.240.251.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50138 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50148 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
GB 216.58.212.195:443 beacons3.gvt2.com tcp
GB 216.58.212.195:443 beacons3.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp

Files

memory/2880-0-0x0000000000790000-0x0000000000791000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92C214A1-CF31-11EE-AD08-DED0D00124D2}.dat

MD5 956fda7708bb0d4c9a8c0f59588ea2b9
SHA1 cc162fbb5c1fc98b9c6d39f080d64d58885f7be9
SHA256 e7e7bfac8bc498d9a65bd81c39af5975469d1b47a7275de1b397bc5a1aeedfe5
SHA512 8344b6d38e2c52df82f1d2cc2a05eb281a744cbe494e8c026bd8e37b885d6a0bb3b2a0b912bbc49ea185119ced3b81b4bac88112e419b767fdd97e2110a37553

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92BAF081-CF31-11EE-AD08-DED0D00124D2}.dat

MD5 a68ee94f3e86cc54ecde65dcdaf09a92
SHA1 013118923ddb5a826c59a166c27a726e5b3703e2
SHA256 3589908dc732e9e0feef6c6711e86afda2127a629b407ebebdec1031bf26da4e
SHA512 75ad5d6a029ed1216e7785338f06f2b91d2a4c4775fec71bf3ba5d7338d504e137d8fc8243e1b2ca4a861257e409289cc1b0657c6c998154c2baaf8c4cd6fa47

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92C23BB1-CF31-11EE-AD08-DED0D00124D2}.dat

MD5 827b458243cc93bcafcd47fb43e4934d
SHA1 70cc96f8e1ceae3b102a6e93ce669115f447ca6f
SHA256 eb460d5b8756a5d04ef85dcd19c60fe9e9cd28ad489511d909774a161625aed5
SHA512 3799e4e53789288708289e10564d5c5ae8f2b8e264db5cc293a441e1e822aab04bd336f6a2484859125b03445153457412c1854e990805864bd3a214eacedf24

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92BAF081-CF31-11EE-AD08-DED0D00124D2}.dat

MD5 c29d2b3c85ade5002bd963fe0dcd2158
SHA1 5f5e096930ac376b01c2d3974b4555fd362a565b
SHA256 3d22f6ff6ec061ea23663776004c209ab5115e74923d49708265b69b753f2011
SHA512 e7492813d10479f01c11193a4d636a9069b1f8af54e22a79b672c7753ed6ea4e377a2e04b6cd3619f34124f1331cda72d5c3ceed69bf0a85d8b08e2be5fc3e44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c31a148f06bdce102983773ec8ee6a21
SHA1 afa5676ffa031f795dcf8ef126801c650bdba8ee
SHA256 78c28eef3a969d32b84d958b4e3e27327e06ed3abed55a831165ddb40fbdd7ac
SHA512 aba1ff069c8d6048b686752e98272f73039fb1286786ef7084a4a96b9f1b32340ece844cea3e18905a9b883a6533fa99ae806fce743f67f6c11b24f6c34a0404

C:\Users\Admin\AppData\Local\Temp\Cab8DAF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f306f550f0860f0e00e6f49d22e71731
SHA1 8a2a477badd2518ce5157e2818048965e104322c
SHA256 34bd0c05d56cfd5e2bb9a598c60e7997b01b3be205ab03e771ef3f860b69c3a5
SHA512 779b78c94ea7f4663cac67b39f39916089357dc20be1ae9a6a56db30f5fedc960626539604b8dd0bb87b69254875c09ae490d6747f2c064cd561e0c918e24df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b1e61565370ced4389e1fb9cf2eea34
SHA1 b3247b7d4a124b21c5acb430f207dfacf097f1bf
SHA256 98c2b007222adfaa8b008a1088da7cdf8f49a4edea94dda5913549eb607f0f74
SHA512 c9cd08e193323351b5b6ef9e3ad5062e1072242a0d4380e7d6dec73a7ffa23a0283eb8ef5595bfd86a4d87ba53c0c5bdb8a83454e856160f42dba7c7f92ed362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 47e777df117fca2f476b8f3a0e0cb917
SHA1 889b9a0ab431eb7ea19ec167fb44d11819326626
SHA256 a62877618af31dccc961174925b3c13236ab1937db6feb4122bd512b2dfcb4e5
SHA512 d8edc8c12fa9531a297e3ff5b0f3637814930d149e99e5b331a655d4640543f86f092cf4128ef3b0929d899068ce8789696a0a573fc1204d75e7ed1af17428cd

C:\Users\Admin\AppData\Local\Temp\Tar8E5D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6214f2b5e71a9d704428f593fa6c182
SHA1 35d996f2a6cca4400947a9b67c7b2908de9f5aa3
SHA256 8a50b0dcdce4213a164bf97a187a380ddfa6e109498c2185592adb169c2289ce
SHA512 1b5771898ed6c2abcb9756eaf63fe5f8571b7c1b359f94d70e548bc03699b568ce29920eb282591491b60344361c191313e2f7d37da099122c9efa4328411a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 989d8767f6c6675c654008328cd9e341
SHA1 7998fc9685949920dd9ab1da27ab9b9d7bc71328
SHA256 b620aa9f76964349ccd6094b1e470edbde405c363c3f6f55191c27054c9e4895
SHA512 7daef2dc3453b14759579924b2295b3b41ffad1dc4fd2ade70bd9b3cc8070737f22a5a280c7b0e9fdafc77ca90b2596f08350136454b30d67c87a18ade811e00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 8d2417fa0ad41f32c2e520d6b7c44e4a
SHA1 a0c6e6ca67b5c42bb2323a2e384028625334759f
SHA256 a65d5bb5005b94122ef13e6d461731683b98b33ee70df3ce2d6e4ffa654a6b3e
SHA512 1e069caeb675b001e1a1e85458663fe99f7109cdd164c702786789fb718314404e7d1b55d085581b7274ee2e57950b910c09dbf2c30c4865b09b635653717c88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 c2f37a53e1229f18a11550fb0d761f86
SHA1 31cae345d1358129268ce286db4c04d7c452230c
SHA256 c301221202142cfb5bb535614292c60fa6aaf2a7af7e1c7e8e059a1c2b5cc102
SHA512 95c10155b82cc8d8bc98e03807770b27a8cfbe34607f424386ee178c8d593761886589aa1b577391e50fd2ec5d1c89b7f7f5f085882921992d3a847606e65d12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff34aed61a5efdb914c93caf64714a6
SHA1 b77858cfdda016f5406900b1bb01215465615313
SHA256 692f6bba5cf400b2ffbc0669e9e1b19646113d4d33062508976c26ebe2d57603
SHA512 07e73a51b003f151f7257ae0bd77c358234403c4f6148544e8475282e7bd180cbeebd1e7c938285b93e956fa3c64ec2e8542d71383b3de49257c5faed7a7ff09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 167e61ddea545596433a7cf046340c52
SHA1 b3f060988f2cef5b88ff69ea6613c8b6f04120e8
SHA256 b217cb1f2969821ba4094ee04d9db25720a47f0df780f7c7c8bada6afce0cb0f
SHA512 4864b65db67f667f18b0f6bce1bbccd3c8d36f0bcaa0b56d198a101147f8dcdc2fdc52ae6209aed80eae93447816ee173fa8a6d1e0ab488d459d2c85bc3a322c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 7fb4a9cb39038c99b3e29a8976aedbea
SHA1 3ebcb8b336e68d30284170a43fe6ba5a598e61d3
SHA256 118b764cda6c415eeabf51fdb704cd78cb01d20af5beb00759eb2c1310bd387e
SHA512 4a99b294b7bb60a2b4fee79c0146183d17ab823c43bb01cd74300f18dd6c748cc0bec8aa24247d615ec39ff50e26f20a263ecccc4a525c66dd427ac253252f48

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S38MZ88A\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PMNPMUH1.txt

MD5 847e5a3a50317c73efb8786578ff07ca
SHA1 114d45135b428a0ea08c228db61ca07a8e49d54d
SHA256 f181bcfd6d052a102eec1dad807f37772b6791f8881930491a6499f09e2a0e56
SHA512 7420a75f45bb3d42ff9750aa7e5690922839e7c14f12d81b901f68c6ae7da9c61f01603d464717b5231102717d36817bb48af2a2d708d258ba1e9d4695687c65

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 7c07b304ecf8022d20e25a7c563c5d58
SHA1 d50313ae379c94139cd9454fb4e3a40812bc741a
SHA256 27e70f371c5a99fe170f824db07c2d5b46daa6c2ff6d15a9010417a0e955cf12
SHA512 557b01bc21d418b94c5523ec439f0f07526ee4e5560913c0ba00c78a8b935c9e01211e766f89376607830add75e2944a14981d9e5339c5dc5a49e8c19fa14189

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 71dc0437b9f7e54ab1c365f16507e73c
SHA1 107522e19040baccd39221a3921b9649f8e2c2a5
SHA256 b72d285d0423ca05b0a424269617c09adf749422b10f07be5fdfb898a5fe6276
SHA512 96715faa2e438c09017ab36a54054f8a74641d37cd9f5b25416408628fb39f88f46762c3db9c86938bae238cca72dca27a4f66c68db7df8c4cb1f9eaba554505

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 0659a19aa9d85bb2187d9b8d32d06f79
SHA1 bc1a9a2c5feca62b4f4b363e332e241d2fb8a275
SHA256 3d50a24a0daa7a83dd25a03bad0ec640b8f4fcc0c62226f6d45992f4f5c82c76
SHA512 c384b4e907a52d74eb16af18622c0a78ce66a911de7bb21e2ef380e9c825e6c34f669f7bcc4b2891a995a1d4580cc888fb8e49f38a4f358bb65b053215e3b5d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09d42f43a8d0c7567e2b27e463862ff4
SHA1 df35cc4aad03ff7f1e813017d45d35e5dc128b14
SHA256 677e5536977258618406839b3cc749829fc315e4c410d9b7b745d8ac38a61446
SHA512 0abd5b5bf2404b0bfb2a6957417ba85a5b014b84a3d7b962a4a0a2627be8e3ad036a22480a4297c18131e09982c6882ed8c76cc7d28c148b090c542cedabe67f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7abb40374481028cb6acc4ab73d23df5
SHA1 2ef93c6d83a2464ebe291e2dcc61a12b00e65daa
SHA256 98eab293e85e46c5db00cbafc0bda7d78fd7666cbe0ed36f78ec1c62a6085206
SHA512 418b4ac2d63f4e17ae893bf0e27510a07cb7234a3610abc3eda74efac471dbb79b0d79f51897b38a33fd4a4575780f84ad0f8146dd298ba08c7a4adb099bba6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21752f243ea3d3ce98f2d69d6fca432f
SHA1 d3b49c23ec1623728f12a9a63e12d89739db7d13
SHA256 7de1b3b74cbac54e73f24f71896147ec1bd11bfffa80d226d8cb2b6c7edb853a
SHA512 a275bddba57d8162ef37605897bb21292c58704134d0dbf2f2d863f058ffa47118e1a54937dd8b59b7af973dcd4e0daaf1b279f93618935db15a2fa4bc2ba4c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f6f39f3aaea30b7232c788a5267a2fd
SHA1 919aeb87c92c78036d9a4e9c28ab6382943f2ad0
SHA256 4219097428935ddcdb165c5cc3f94ac8dd5e01c08cc97cec992aa38bf1ecbc3e
SHA512 06ca0fd9731e40798f8536b01f511451bf2fa88c3ec488589f0682484c399d5f909c3365e67f72a6989299d58092d7973247308bcdc98b833c4cf85e284c41bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e80682a31d32e589d3a1adf94031e343
SHA1 671b411c403630e6cb9520a93ab6ba0e307ef23f
SHA256 d7b5a71390c9abf3640bdb0edefa73fa4c62ee273e13cc2d455044b1eca8ebf4
SHA512 ec90c351ac5b2e817b66f40b4020ff7f1dd03a2c9b9231fe96399aac71b2406a195e220fb62bca98a08c65a8d4de54769c021d45029f45200732d16ef05228af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df34811f209c8e5ae6c20e7273629373
SHA1 9da9f0816597e7cee3fc2c43c7b0fc300f8fabde
SHA256 6c3f696467bdf74f69f57925655dd3847722159ad70c01124e228a2195240174
SHA512 072cb95d18a6c97abd407092a5f86b64a17467ce62b73113dfadf1870eae2d694f5ac6d901b336979e11b8d1812a629853aab62975876e22ce38db1357eb0a4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb0240bce915e4e6f8ed0e3550d77fa8
SHA1 9e4231379973c8b0a5d32e5498b2a9047b3cc43f
SHA256 001fa66a9897238ba7aac008c54736163b9586da32b79520bfd3078b4bca36fe
SHA512 043f3d6647f36af467a50336001a17847ed5c234a11f9e2be5bd6f907be1949fc648588dd2d11f2215c294379b95fb5271a84535d6e79a0265755214e50ba188

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec28c87e472222dab3ced9bf44e9e790
SHA1 9e4134a3057b106c225f5677ebbb8f2e5d9624ff
SHA256 fdded3d1e0d1e848d0a8977d1d8275df897b59b8fc3c4df06392ae6caf8ea523
SHA512 1fa9935b7e7f108327b58b991429ca59e42d083a7a7d61792135ec333658924fc88194082cbfdcaa60186ded93ad1bc1c8f84ebe91f95077935215cdcd54056f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3bd392d7ef304a2032893ab7699c69a
SHA1 f7d63c05384020b7cbe905b3e2836e5fe8b0db6d
SHA256 69300591688aa326963389b6c63e2eceb21be7a82f3309bd6e4d337a514ac571
SHA512 1eafa85e2cc8d030953e7c1822a9224132c9a94a5c6c2f3420bd0fa54b71d60cd1fe8b416d45cfae771b3582e519e91c79a32eabd857e9e2e3ac346c55501e35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56eaa1217b509935da90fca7b41a6501
SHA1 ed1b1d66cf0bafb7c95faf595beff77c4df964b7
SHA256 d7e0a0c1ff137c0dcd31713fab32922f1fca5c929aeac453ae8391b69967c4c5
SHA512 4c526275bc5674ff8001f191ff40855f4985b2382c2fab46956db63bc526bdf1d438c9442ab1230c915706773d13910feef4937b6f9dd1f17d3e556b5ca9e6d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

memory/2880-875-0x0000000000790000-0x0000000000791000-memory.dmp

\??\pipe\crashpad_1632_PUCNVWFYIAKNDVIT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf76e485.TMP

MD5 41d87bd3a2e8d9965c8abedf4a22c9d6
SHA1 5269715796673bd1a1e3d60a5579d53e0ca9adca
SHA256 4169d89452a48df196c6fd1b288220a5a725d72d0bacfa20642e9678ab4871be
SHA512 62d7329a717ffb20470cc9aa64d4ffdd87ae5842fd7a4d5fdc82c096d7ef2ccd0dd75d01cb41bd60f2b26f122cd95a8cddba36b1f59504377de6832765877dab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c23b89a8-836e-46b1-a2a5-7abe377a00bf.tmp

MD5 c66b135b2947cae7826b57ae33e68a1d
SHA1 dd51a47e556dff03b6cb361a6ed5aacab6181b99
SHA256 777258b78ea630a338ba5621af42d2b55209e6eec9efa4d770db9ead47ce10cb
SHA512 a4f43379d16265be0cfb0dee851b21ec926f0ecfddec40998c54906cf05683bd81984567b4963bdb1c8141a82664186ea2cd5df51f661a0cbe992eba7dd12e5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 131deca75a435672bdb61e8b62c21c2a
SHA1 8ece79d41d68a714d49b3272038a76c45f1b2e9b
SHA256 a6258047c526246f092ebd18444f0f1c9cda2c9041c73e39caecf3bfb18523f3
SHA512 51eb7d17635b34a3ab9c853aea91af162d1cda93047765ec05a1f3908b341fc121d241af2d38be2358bda5fd54665cf5e066496051fbf74e062c581451d886e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\143e966f-21e6-466f-ad66-f2316df9c343

MD5 9e3b2ae5662e5279d04ceea95e3da75e
SHA1 e7c667f1b380c8d30ffe653c6eb8862e6fe6ee28
SHA256 b031ec4b9ec3a4ad00b3dd58e66cc492a2a5f420b3acaf8770270da8586d2627
SHA512 be67dd6e6e21284a76ef014f06fb736a803eb4894be019db9e006adde90d8646bb39b2145364993f23b36ab96dd3b612620d3bd9a5484b3de64f7092a6be96e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\b6b03905-a8ca-404d-8591-8f2d2f4f663c

MD5 9f1c2ab3e3b89f3eca43c2ac4ea4597b
SHA1 b5d6d5a14bbcab66169f755fb7946c06ffcef6b4
SHA256 8ae8d873ee89a7bb352d19e1d653b9998605314847bb51dac00a5e3d5c4afcc1
SHA512 9211755f548f3d50c7a3ae9cc86f173e962d6e4d93c79bb565ad0062b11f56c07dec0cdfd59a1696831db1d989189cc83930d1e9c68ce2bcc17407c50b21bbc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 19be8fda4eb91b2b3fd5175a0ac55679
SHA1 b6948b0497a2e6e5231b2cb2d87c91e0a7d21804
SHA256 d07b6f4e6a032b7ffdfee443424903627547707d4efd9d7ccf459e07288281de
SHA512 c79a662e79a0b8532a180f31925d09b85833d4da69f5f6614f0dabf8174579da12c63dc6774b32b8d858b450311f1fa3bf7b33936d52b44a354587f7cb63a210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 a71ffdb01c80719f7fe9dee976dbec6e
SHA1 019d722a93b057344fc9524b0d07cf35ebfca753
SHA256 bacadbbd38cf801d944d827650589c2f5d73af4be7082cf44dd7ac425f835e79
SHA512 3c6cba720f443e8e82580ca339ffb463f3a98d3ccca9d7a012b0dfb1a8dc12acd6850914caefc49c29f9f2f9f3c2fcef8ec510ecf5d31bc0098b7eb3962574fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 b8051d9d3cc27cd4e1975c405a47f30e
SHA1 ae6db2812317a5563021fa94c94154b3456f689a
SHA256 0d603e65c9d95828ae20a185f01584d7630f55448e7229d2c83a0b8b0c073570
SHA512 6d443eb85daa3093a118860504894cfb55a4e66006093a6b93bb71b618ff7968eb2a979de506091de2c22e55242fa5d6e565e4448b52a17e22019b72ac13e218

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 dd0e7a365e693c451036b8cbd84d6351
SHA1 2881d46eb9175b41aa73038a95bfd09e274d1b65
SHA256 d97d69b4b62609977dac8c6d648af27ce3dfe5acf67b1d6c3e591312e6ec33e7
SHA512 bc85fe30e03470bcf94afd12195f7e3c134de8a5a829005ed065878863cccdc0c0de7fe3e07976ec23850bf957cf564503aced31d32794dc3666eaa3bda00cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 c308b4dbcdcd7381a121d92af37ed463
SHA1 191f55671a6634fc35388b46d33dcacb8a407509
SHA256 03e286d01e63b2588a402920f1eea1183d092d876253e5f6daef30b1e2ee3e65
SHA512 376f3dbe28d82d0798396cb9af19e072319bd7e2aab7e1195bba30221698f3cbc5084d95c707d285720033272ea37c8428c7c9247ead2f1ccd85af3b4ae11cf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 2bb163291d180858f6e5a033e17b51f7
SHA1 920a82eeebe4060d8d0e1d128f21fa8949a76a11
SHA256 d34746f42a10f4b2483d7e97868e729ca95c607a6808968b8fbc988b45588fbe
SHA512 a0861f5192533ab724c80f01dd48c04a34e9fd03f97477c7b0753a43b7a04ea037e5d9f5eb0628273912fa873f6e97ee29949b8a604faf65c9b0c2ab4693ca78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 f600ca9e4a9ec307bc6b7d0380f6379d
SHA1 547c9cba99d466493d965bf8081b3ab85ff4d4dd
SHA256 b3021bc02cb8f08fa04e01faa95c6fdb914d7d7741b239c8a417cd374b08c2a9
SHA512 11b961c01f70ae0281ce53b10c8b80ac1e0a0cc132f2e8d5290ecec48e7941c02aced2c7ca84f271b826a9f281bc8934adc44517aa43e5c6b1f93a3ad767d0bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 4ad5e82ad09816c3e35975e432122dbc
SHA1 cbc1ce45a9edb80f3bf16e73b35e68d9e80afc16
SHA256 2c2528d5b5f0358073a457298e2992495989202b806a598d48ad0ee7c639a927
SHA512 07e46f0ee069494308c426c71d84875881d06b0d6052f1babc63c40aac7a5640744c5605bf3d3ec0d4e2ecb0342addb35b90810b27a6c3541eb7b3aa6ee44e9e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a328ac8dce977ce3e7e031046ae65800
SHA1 5056dc7d180f43e76f757ef056fedffa6f1974d2
SHA256 c601395de7ed2f81ace0ab5bc4144ed90b8606e641894f702b4fc7afc94d5f18
SHA512 730e3088453b6f408e4cdf444a91ad94a529fb08be9304e594a356d2ea4b150ebd1e80d49b6dc0eb4eead2e1d8056344f3c5f18dd74550afe7c71f6998a8204b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 16fae347e663b2aa8e5996be9877ad14
SHA1 f019ae26e6a541839b40e8b6a2fe71a265fe7f85
SHA256 d54689a259d09a39c10b3d83910fb10efa890f448a71e08e1c71b1dc324b6327
SHA512 ec17fc22224521eb3f46ab5581e8e02c5398e7e9745d5cd1d81fd05a40b2d58a96376767f6ab7588c6313e87fe0c75875b3f39412ebd5d3be136b1c129f8bbca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77312e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e0999a150c44f9fe5dfb2a122771b6b0
SHA1 570427d62523a6fc93f9a69db9e839dd2fc2942b
SHA256 193bca7616fa4d3821c63f672913d92a19d3f2dd4bdca2703656ec4c936d986f
SHA512 3c0606c4dec96f76fbc1147bb7ab4aa55d8bd56c34582f4f367b6d222110a6fee8a45a80de9c2e8afe0a2d9338c34a4d599dc59a28988a70fe1b311d1bb94898

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\234\{1b993b46-1207-4855-8c3d-db2e4aa62eea}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 3866558a4b792a7870288bf794865b51
SHA1 bd82541e22ef7e40455a846e7253d718241e9326
SHA256 f05d0b793038f55ef70895f2e953d9a7a0fee555640fb5fba9034d9180743de2
SHA512 bab5744d2dc0babe5246478f3e224c748cc990cb4f82e364ba76b928c9264df69ad29a8fe6e9d1bf44ee8b4c7a3f9a1e748c17ab14d80186ea42503b1fff6d2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 8ec609d4ad1fb4783158a34933c47a47
SHA1 4cb19da432755b2a60c9820e568b162746bd024c
SHA256 4c694f3eba19bc19182719db50c635f085746c78ef6effe99b46486d79f832b6
SHA512 627260863a27dd88c8c6e8438940e75a3dc9b4e07e9c75f73c14b8794a7c975b909a79ed6f98ad3a8a03ea3254f82f9862683f0355db83f426832648f057da43

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\idb\2185270529yCt7-%iCt7-%r5e1s1p4o.sqlite

MD5 0cbe643ed2ba442d21f61901cff25b8b
SHA1 e00f4bd000a6ca6f4cfbea18758970b5b0545e4b
SHA256 97fec86d69d35dad6dec2607e5bd901690868f02eb00b60e00e887ea11ed1259
SHA512 8e53ad2159b7be4bc8a7750ab6d276d11a0ee07f86c2deca124396b0ec50fc8d32efb9c37abe9daa658fd5dd7b9cf665464dfda675bb85989f438adc75147346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d88571840534030cdba486c43645962a
SHA1 f9db9787616617502c3e3ec2910484f460d5d3be
SHA256 5b559fb2e65b87f27d5c0ace27eeced31c4785be67cc542888d234b57727e870
SHA512 695701641370b033f0a84ce348be4a4e12b72e8ef951c8917b75ad7296a9119b37b4c18375e488d5c43b3a9d651d94f23361fcbf29fb3be68f63e10334b6744b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 95b61d7516b28c8be49ccd85cc5d36bb
SHA1 d386d397109806ada27c948100a53f0ada42366d
SHA256 3cd467a73abeb9ea01f2f7e8e1e3035575aa4c55bcf95e3eefe198f808e4583d
SHA512 6de664701d4ee2af5b07a868d76ef040f1813158a084ab2b7c1ece349e3d222b67cc7d1e9cede1eddd3c91e6082b964c88f7746645234e3edc77702edb6cfa32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31b922c698bf4694be76fd3ad28fdd78
SHA1 a423f07fd4979e3a2a86c0c91ddc7ba2bbfd9028
SHA256 e78f6781196c7091eaa938b6a42b9e2043a8ef8769968e2d91c5c75ea9b927a1
SHA512 f8694b094e5551a0b3aa6cffaae530f08545aba4335ff50876bfad20c574c8d1c4c470c93e0fe3ba108e9f0096b9326850c7d7da418d9e2393cec103de66190c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5c89b76e92bb6af83e7b84679f0e220f
SHA1 1d7948c382877049b23d631f05d9d541e6c89bc3
SHA256 93cf5247041a09bc47b13728b2afd97e67ff7251ac1d0d67e31869419c2320d2
SHA512 dd5fd96050b73350b2deada3d53ef29f538a4c169e1008f0cbec283531bd8db96e509d6d7afc74815a99d90b13ad0f68d7ac97ea46c041d1ce60f3f9fdc87cd2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\60\{f58d5242-ae10-438e-bd12-6a476471e13c}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3deecf4aadbee3d05c32b792ae46e168
SHA1 3fdcb603fd1bece9444db3a8f9d2c01a7a6438ea
SHA256 199f46dc6562ec21eff850043bdc6117943b8456f8f157d99dac7b544cdc3c5a
SHA512 89775301dbc4c2dcebbade5dc8386e6be8e2eaf0186e462aa26c0e506a8c0dfc0c24c766c35a13529a1547e19592374b874efc964e5af5e7bccc440d41745eec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 254f98161508cb121b3ec6c6baa82be7
SHA1 6f432d41eafcce940391809acc0e5b644a9ed738
SHA256 3510a0eeaafe377bcbc22c5179aaf61feb2faad668ce4ca9a1855b1271e4981a
SHA512 cbb0c971447d27ec96d3b20404fcf0def97eb70cebb99b7c42096b1b878fcb7268fe68e6a7b1ca283738f9c282ec45e9de84d7b4fe9b184402ec278ed2113f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e5de448a900eb72ae831400bf3f94bba
SHA1 a1e646380fdf3dbae7fe10b22bae0cdaf75e6da2
SHA256 289079e2723f5817affeacb26ddac76155136e516061440c2d50fe255a9b3f34
SHA512 6a06c7b8ab5dd3e19a1ddfd6e5da1f489dff9f127a11a193467d236aa9739cb1fb693816322c042625797b7b3948ccabc17ba521064cf671286dc226d42ad00b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82186bc8f3a2cbf6c7a8d8a506e67a9a
SHA1 88f932d94db93bf59ed1783ec3b00a1dc4c6edd9
SHA256 9a16ed47d7d8d77a5b426fe022c6c6af392bbe95e1daaa803cdc29120adb698b
SHA512 da3866efa9b25e53daf345651c137d2485853e22fd0a560afe1b18585ed187ba4bb8e76b48be81d4476e7055e426974ce9a0553106a145b62f4fed9d30d77b15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2166d33c5ccda869b0c294b0a64f2d74
SHA1 43c3267e0870dd2e0891cacbbde72c1fc8130c7f
SHA256 137b05aa2fad24a2a2285c437f3deee93a8a5247b21ed6dcc4789f149a2fec41
SHA512 96bb2855c52fdac4ff16b44a12015c35a8e10788759ede810b9494afab0c8b3b6d781ae3293c2dcad3f290cbdfe48b9f68e0a1b5c0c7ec88e3dda98af0feccfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9de2e315742c390b1a39828cd6be3b9f
SHA1 c8676a742f106fecdfcdefac1985b6d13a68dd8d
SHA256 e02c8ea1d24c12275af615125849c3e2aec33e9970fe21aadbbfa89cfba9ad6e
SHA512 3c65ba75db42ac5261132d7dc87ca8c9b5a7fa7379a08368b8adf49a27fd388a1440c18592ca0d2198584d0c38c65808a7d578ea1f59b82c7640eb784f860ddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6745471aae202bc3692eed979153f99
SHA1 38cf324ef76a9c0b5ef57baa930a8987b9250ea1
SHA256 9fd8e625f77142f6ae76522b6cfae4dea392cbcfe4d547bf1024555ca1dda523
SHA512 cdd00e21ccbab394ddb61c0e21559d8a0903435a45ce6b64d146cf3c8300817321763f9f0733cb50a147736e5695ced6f432f965c639801c423d89a0a128cdfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8e0eae0be33b2db8e0358661c897c4
SHA1 ee350728282e619872c83f9c3994eb218a6d3c14
SHA256 cf46639b274807e165b7fc0b504818bcfdd86a3b89e114a03b0919bceb7b1f2a
SHA512 b99313f2f1eb065c2716c33ba10df205209aa94137e3060b1cc512c23b217e8ee4a22a6c5d4299dcd70b4128f5adecacc99d1b45eaffa192ead8120719c72b89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaa0ef0c799249afcbbaf739e2b20888
SHA1 991617e082962494ee293b9938dcc48e614d658d
SHA256 4e0e64e08ea8607c6d8e5cf1cfb40c8d91c8e4f39e1a86bf0bc4e570d93b0d7b
SHA512 b0bde12a8165af683fe3b168f0b9aba03c17553667675d74ff9eae574d33e23b83591d3087b3bd44910fcb1c7fd5c0753c9ffab8326a2134fbad15822d4c01a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 aa1a655c0f43f0ce936c7d8a3d035f59
SHA1 32d15f71dac86bde4c0f96331a896df01082c85e
SHA256 91b780813a384eed80af3ae2ccec187193ee3b429488566144d2146568936cd2
SHA512 fe8b099624ded68dbcecf4514e8c0a0a079a5f072f8c86a0dbc45f79da56eb43068d2324c2a32e8dad919402059d667699169bcdc1d03295a068e0c7d7b7a2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e853b09a668ba83acabfb2ebc47fa93
SHA1 75807df5a2b3b928c70bcda515df35f4c682da37
SHA256 1777847b5944af8f24279046c4c1063caeb3aed6a927ff598f7b5176cb4f2922
SHA512 16e130eb34746ba895ceb0d7669674789f02fcc9b07df76e17be802d9fda48197e23cb50f2125d899709c45f0e496d765aa2c66f56bc14c16f7f4ce4f9ba3c3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8e2683c010619cbacee662ea30fab22
SHA1 de3746fb3c410ecdd8a75b8a09a614bce76d39c8
SHA256 b1262f7394e2659302a2f46243ff9290c02da7be620e45849daf0c5617670869
SHA512 eb95512da148634102c351fabe9edf3135d55706aa56ed4b234ce2b87a8636c79eb5263ee240b6f89f035196d6694adf46ab18da363085ad440c4687d56a8e18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be4b584de6fd974cb520cb8b2d0ba0b5
SHA1 634cfe4938d981c6ebd97d32a88bd1d9ab8c9b13
SHA256 8ba2543f8744028617074efbed71b6d383815662fb01ca92b347e6ff4e2bbf4f
SHA512 5453754b73c09683325021d5452fa96d93c5db06447554c3492797f1dba76b43498a725f4d8668f944bf01f65b19c2485e52c25ba080a214c63d9a090b4be1b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb0fe36bf1d69a0ccca05e51c77d354e
SHA1 2624d03a97597e61dc1581e7863be92d0ebee885
SHA256 27bfa560bff63a232685f01344f539eccc0cec42d3cf49582430ff68f35447b7
SHA512 3b0ebd861ea183b813c51764c8205282c2a91a0e039bf1738288ccf61d65eae4d43c8ba69e75795bc657af203d0b1db3767d47f88f589fccc812220e8a63c79c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88348bb748367624c2ef62eadbe48466
SHA1 290b00396be9a81fcb657a64adfec3c043dfb73f
SHA256 9c94efe7106f85e168816b0cd89e1210943accb32a3f2686cd0885830cf62860
SHA512 29edd8ecfb8bdcae228ddbf366cdc3c66dd2be24e4a87591e0323c5598cbaa824f8549f93db4949e3020275417c1c1ccbfb05e7df07a8bf64760868a45396510

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 6b6aa7185f5fc722d3e697ce682d1184
SHA1 44b8dec29c775d2aa391d60098366b8896e338a8
SHA256 3f56d2479d8154c953edb5bd98ba85d784206c06a5c49d3388b2a43946ffb4ce
SHA512 6594d7f70e6525f01bf3bab8a3f2dd7fc9efa2294eac829b86e3a6032432bccd8dbf6062594dcea72225d85174ebf150e10d2de4bc2e1d6a9d0ebddc828236c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 476f5b0f65c20efedb726fd559c0b716
SHA1 af07344c9bdc5c99fbdaacb033f1a98ec9ae0bcd
SHA256 6b95f20fece1de7bbc1c0226b0ebb3cbdb988029dc934fc08dcb1392d68016af
SHA512 89579e2675352af2686c8d18c7e3b909aed12aa03e6878600928616ea98fce1eb0b602c2c3c42e2d5ad42852bfb18fc4cbacbd8c0cce04e20b440bfc3b42faf9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 227e7a67137c35a8ea115d8b2117ca68
SHA1 21ba19198c3eaea07b18bf8244ccb92d425e120e
SHA256 1bb95d4344ade03c3823b7a615e2ed5e415901abba9eedfcbdf1ae38d49dec50
SHA512 4a531eca4615b0fc61dabb62489fda6f063c41fa4af80d25c6e828a0116bb34addbc94ab990e05afccefde3048c068b5640aef0178c442dd87cb93c94ffb8bec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cff430fcfd7b92b1093983953ab06d1f
SHA1 36b2cf5c3a94e054dfc30d95e62b72ad674b9234
SHA256 d09b83610180ad45832e1e9fcabdbafdc738af870bcb8d36d21419d11fcb6e81
SHA512 693e0165923d4b82dedef0843bc1a033acaf7bcbde30a7aa5ae55cb76683158445ff283088c7ecfa3f570bc6042341a594f7816265bc36683301dacbe4cbdc20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 dc2d2ba176cc7dbf2b6f0abf6c60bd85
SHA1 81200a3c17a492be3da5a3312b528c5a4028c26d
SHA256 4f7f07ee1b66c3b5349cc9a37c531de9599372dfacba213ff51483def2649879
SHA512 05bc21a815f6faa24d2f163b093dd8ad4d2b441051c545604f89aeedbdd6f6e161413e60afec6902778535203b4489e60f8c2af737e55a6b31962812b7f47346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f013fb668d14dbdf868b6c6c98b62d4
SHA1 c9fac246c0d28d14c7d8b1e26ce7761ca233d2fb
SHA256 2f9dbabaeccb5fb76aa4234d16958aed92e21e647aa6b1835d271f37c1cdb813
SHA512 4e27480a2feadcc95f35f717065cf2cedfcbc93056e51e541c33d0e5f22a2e07a64e0c0e4bad1b1bbc77daddb7c4600b63fbe32d1a4f3936b97b7a8fa0a633af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 34ef8aa4f85c0ae0858bf1fc6c28ff57
SHA1 08394e3f98b986336f06b2beb4bf84187ab8d483
SHA256 bb309ff5dc2476e29d9fcb14992ded97b608a51f8b877bc5cf1fed63b921e3f8
SHA512 12cf009acc08d6c721950c7dce6a844ed5c70d127f4b9376d8a692c1f3633ee2cf9d3053c022fecfe59b60bc6ae1716b990169442a51188eb91310489f2ee1d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\46121cbb-805a-4ad4-98c7-2bbc268083e6.tmp

MD5 3cf5d0b7fcd1cfacda499a0461c596ce
SHA1 01de0975b91367d22ce7dd611c02183f8c4e8d8c
SHA256 8a59f0207449ce53b8f3862c52fde24410c7dde81883de6167f2cb8b3f5760d5
SHA512 b3b51bda55b09a39707905ee82c978850dac1038152b197e0bba98b21308e2702db63a1ed4e6bc3bb12d7c768511f8217a102ca1c8fdfcf2ea955e28d13a36fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f52bb313d33e4bc6b41c8d841cfcf75
SHA1 f872071c4df247e28efca3c2dfae570a3c2f4a74
SHA256 a7e3a028a614570286ce16d0d12f72f61dd849e30e88b4820f9a515c3cd2d2cc
SHA512 8e71c652c13809a2c4bba6ee566df171678b59bbdbc16825d6b7eedad96decb22bc0b61dda2b0bbba783aa002131f893ce99bf60c84a38217cf4588b81de9381

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2929076b92e09e21c21748ad3e453040
SHA1 3350072d168bbde90fa3538cdc2e53cae0aed57e
SHA256 a0d5902e9488ac7b21c82f60dcf8a84ce79265a402e7f163e26f861fb4eb9e56
SHA512 487b16548fd20de412805455e1294a6bb8b3ad8ea4928f5d774fd07bcd09cf1f77323d00a43402e0fc76ddb902a58d6ff506b06f475602a0e84a9ec28c6fb392

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7b03a30b2f22590bba2a2175fb61eda2
SHA1 8c6c09e3582062e17cf5a55233fe47026c7597b3
SHA256 2e471f81274bbb367ee3f6223581f6e9c2afbde213ac15ee91aa133c1672804b
SHA512 63200039d3fbb895bff34d1662440615c433c899298bf2c3bbfc73b8becd3ad2902fc1491abc69dfe4078befb9a705c1e826e53c3db6c2790645d95d7da101bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffc4c655dea3283cd1ec29b0d89c941d
SHA1 310e8bef19b0e4f89bd7239e86699c5129da732f
SHA256 49a977c2e08326fbf2b5cfa1ec5446885d789802c06e5e5af213960630a2d10f
SHA512 7ecbbae8c488c818e6713d20f40c09776f0e8c6a75a7cbfb7860fea218ba7c6e5dde7b50b17146f8afbbd1bc1c9651974cc16f898643115331f6c6bad372d49c

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 14:17

Reported

2024-02-19 14:19

Platform

win10v2004-20231215-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528258727342794" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{955146BC-6AEA-40B2-AB14-48D40F90E1DD} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4536 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 3272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4208 wrote to memory of 4108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4208 wrote to memory of 4108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2260 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2260 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1916 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1916 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3700 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4452 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4452 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4536 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4536 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 3476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4536 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4536 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 412 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe

"C:\Users\Admin\AppData\Local\Temp\80f5f062bb7cce972a6e49035ffde4af.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffecc9d46f8,0x7ffecc9d4708,0x7ffecc9d4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecc5e9758,0x7ffecc5e9768,0x7ffecc5e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffecc5e9758,0x7ffecc5e9768,0x7ffecc5e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffecc5e9758,0x7ffecc5e9768,0x7ffecc5e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14003801891132148009,1181994186315977044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14003801891132148009,1181994186315977044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14857969644202809031,4489918939616094607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14857969644202809031,4489918939616094607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,4049943657946309999,17721452295550992173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,4049943657946309999,17721452295550992173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.0.1011255728\2070445263" -parentBuildID 20221007134813 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6159c7a-11fa-42dd-acdd-a0c7e6800a58} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 1940 1f55e0d6458 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18347914820176480815,6111275400617351708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,2953843630460671118,10418424373237751407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6826262274128854102,17402936709479270441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.1.2095317422\2115124062" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c098b7d-778f-47e5-8ea4-703a55810140} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 2416 1f55dffc358 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.2.810586247\1503728406" -childID 1 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {256d7160-9702-429c-9659-da8635c3dbe3} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 3668 1f561ec9558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.5.1926185269\1271603780" -childID 4 -isForBrowser -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e4c55f1-cf69-4b83-b682-0578a1feda9e} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4652 1f563d70258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.6.932588086\2024096060" -childID 5 -isForBrowser -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a058910f-b61b-493c-8b3b-1fecb2fd2cc4} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4680 1f564699858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4696 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.4.554426852\1911725386" -childID 3 -isForBrowser -prefsHandle 4168 -prefMapHandle 4176 -prefsLen 21766 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5ed812-12cb-4edb-8180-f36357611813} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4280 1f551867558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2000,i,3752444367756879912,13010507056089705279,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=2000,i,3752444367756879912,13010507056089705279,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3984 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3816 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.3.1800913394\392764783" -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3904 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cbd381e-60bb-4260-b7b8-729bf7382177} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 3984 1f55186cd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1972,i,8951328001234530823,5158463421149737074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1972,i,8951328001234530823,5158463421149737074,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4936 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.7.1179661715\541708684" -parentBuildID 20221007134813 -prefsHandle 5868 -prefMapHandle 5876 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fd28f19-9843-42c4-98c2-88a19e9067cb} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 5888 1f5644a6358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.8.1417192323\1136638264" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3968 -prefMapHandle 3028 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {148f65b1-03ab-413d-b840-5c4607d19c8a} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 2908 1f5644a5158 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.9.997491248\1199344423" -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6040 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25e249b1-1293-48b0-9e1e-57ffb96c614b} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 6048 1f5633d4958 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6368 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.10.665582061\1184843232" -childID 7 -isForBrowser -prefsHandle 4376 -prefMapHandle 5676 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efcee3d2-beac-4e87-9f93-accd627643c0} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4204 1f551862b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.11.2001232516\982525689" -childID 8 -isForBrowser -prefsHandle 6584 -prefMapHandle 3588 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcd45ca3-1777-4594-a26d-52e9141643b7} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 6268 1f551867b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.12.269595967\929161711" -childID 9 -isForBrowser -prefsHandle 6232 -prefMapHandle 6228 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee24962a-a006-4675-9ba8-fa6bc9a4bdc9} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 6292 1f55f46ae58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5619250360643507322,11724549812773587689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 --field-trial-handle=2016,i,13568798227666101428,11974863873688087170,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
GB 216.58.204.78:443 www.youtube.com udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 rr4---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.233:443 rr4---sn-5hne6n6e.googlevideo.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 233.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:54687 tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:58091 tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c77.gcp.gvt2.com udp
IL 34.0.72.251:443 e2c77.gcp.gvt2.com tcp
US 8.8.8.8:53 251.72.0.34.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c39.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 172.217.0.67:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 67.0.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b810b01c5f47e2b44bbdd46d6b9571de
SHA1 8e3d866cf56193ca92a9b74d1c0e4520b5a74fdc
SHA256 d1100cf9e4db12cc60cce6e0e2e3d9697e762c219f6068eb55a1390777bf4b45
SHA512 6bbf900b2f7614dd17aa6d5febe3ad1100851e2309ba2cd5219c5aa5af7bf830eec2cc88071d37987aa7e3f527b8df5b2d85e8b21b18fcb071baaab1a2eadae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8ae25b226e0662d256cdb32f2777f840
SHA1 39594f82a6dd98b6e4a341648cd56e9efc6aa16e
SHA256 935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207
SHA512 e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\LOCAL\crashpad_4208_OFWLNVULSRGJLXDC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eacf7c9bdbdbac015bcf1c85253fa202
SHA1 5576a5d4b74706e2b2d711a5d88916a3dc50deee
SHA256 7de09321f1c4f24326a9ab1d7126984c11f066275f432766e40a70ab294e1ff5
SHA512 4381d880c6902790f0da79a6e6544354dd10eb7bdfb01db467d649db1798043c143055493478c055eb4ffca8c9a91429ea054c33de8d58eda5cb3ad4c91ac957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9c7666f300cca53e03af9acdad4b1204
SHA1 2907ff134e4f2f250a09d45b56494602305fd8c6
SHA256 1fd358e9e546a95508d042c9ec9447d21ffc485ba50b89514fe0c97be90d0c0c
SHA512 8d5b306a3ccf9f9f4364c7f5bf4734cf0b459fa1fb0f4fcdf38ab953a053180cf0efa68e03c95bcc6c42d9cccc19bd3fc918c25412f20494a09a80af8542ee66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e8d8f687-ef06-4e42-adae-b0e7611a4658.tmp

MD5 223840887fcaee0ff89823a606675b81
SHA1 e3a00a6f851a08446be261bb53d38c3e2aa0f9d3
SHA256 d80e856f02736b855e05f02dbbec9badea2b0dad34b7890fcb6d672f80848156
SHA512 811b9ba9d93bc59359bc40a0d61064d193944c2a1a5ffb5ce7c071530e8fbfd009f6579db3038bb42036210529f0c1aa7dafa71e65631fe9c7bf4bbbb317b461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfbbf333a15c220e8a14588bb26d08fc
SHA1 32a910f7e8d2964677bfa34b26055457039c9e4b
SHA256 0aee3cf1c8543f82663a1343981834d7fa2577b8e184a091f337a9644489bd65
SHA512 36bdcdee8a0e02fc4c2de5d251664f9089166cb8cb37435a5f4b231d10a2414c3c4692dd66c8c63c400d217ab595109b8b3c34f22c50d367c76c08b2dde1a936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4ac84272586e2c7395f73645ff9d5de
SHA1 339fe3feba826f8a24232f7231a63edab2c6e182
SHA256 0c343e5e5e26ffc4d4c6c2c51f846405b679584ffec0b4139b63c9667abb587f
SHA512 12fbbfa7ba39c2c03773590d54ae221c267ad9afdf2a9eed50f3d02f7c9b9ffa5553aa59d2ca630f2657d6046e9c9cb0a9450c3beac6d11fd1b8e74631d906c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af3e9ddfca1db28bc4565a1d490501e3
SHA1 0cc8978eb17448b0991dcf768de193f531ccdf8b
SHA256 c70b3709ac7c55aa6debe1445a36d04a459263e0f39ecdf722f39f11c6e72753
SHA512 a7f6aa551bb1d9e56c7ae009ea67a8344958df6bae786a64cf2c9d68cc1c11c214c1f709c35f4f085ab030c21e3d2f713675aa4081e7abed84acebc3bff74835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2420a36744ea956a2794e69eb42b6303
SHA1 da2bd98172bcdf978ba53bdb50cfeb3b5a615a07
SHA256 b4aa7c97021fb8d1b14aeb65ce1bca7fa020edb3ad8b394092cf0745409924b4
SHA512 7f1188b2e99d48c87230c41b5d19be6ca36c8ccfec16fab272d821cbf26e87eec4f8bffcb90780686f72da821deaad673fd31a6163a13c5b8241baa989184e8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e31936b85c52c0589dc545d25831a18
SHA1 5dd7c0810c353498dcc946d93f5241bdcc125b29
SHA256 f2490a268e3fe3f99bc64f612b5a30e15b32af70635465d8b18acfeed570473d
SHA512 308c9f5624a5b14e62797bd57efc54b7340263c62395916d488c991b9e81fcd41debbe1c402dbeae5302cc6ac7b3efc7af215e8dfe27748fa79332274e52cdd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c2351893e50f63f7c0ca52468380a25
SHA1 e6508b0506e9c799f1f941c40f4efb95d1369cce
SHA256 1d3cb04e98b2ed8c920b48bf57adbbf0c64ae4c87c54ca750f798c33d0069303
SHA512 12ef6acbdd4d739f24450e76b39b53fae0c8dd1a84b88d55a621127006ae5e5c83454681e60a2d4122bb8332d46ea83b3ef56626cfd4284eeb22f5408902abfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\2f0575d0-7f7f-42b7-9945-af577568dc5e

MD5 0e7125da262983117363f393f2e34f2a
SHA1 bf3251eed2415beddb6f9c1ff524df579fdb2727
SHA256 b47a473434f41feec04c06c90b165acc771afa3799706d9ebaa73cf3a27675fa
SHA512 48c82499c11c33979ae654d3cbe82c05380ca1429abe35e984c6705f742b86f1c6b1f42a234257928892f988e86455fb327222f0266d6e1957b2d6d494a02163

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\8751bae0-f1d2-440b-8d5a-d41ee729abb9

MD5 741af9bb03d466979c332a44aa1da4be
SHA1 d3c8401549f660aefb01f331411b6593b3383b1a
SHA256 6ad4f228ed57e6a4a90833b76dc9d23f8a180b995627d40f6d5d1809b9f5378c
SHA512 5f054970272b917a3478af0625d569767b2cebf05099883c6974922362e67626b1552a53d47e989d66f5c7c0bab400a722b8c47c278faa180ae34c99aed7e89c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d47d2ca460a03c2e1a6734d9475face1
SHA1 8019619356ab15b62d73f54f742aa2185a89c752
SHA256 c2515b0e0352cd17da63f8be3c763bd335cfda3a9077e5f6c0c1c6cb89cf619b
SHA512 2f53040620fcac4eeb8c81d8f5f043f522c630f85e11c1053ea02865d6f72ccbd0cad0b97ca03e79ee7b4833ce0f8cec85216e6c2c8fa03447933bd9f0cf427c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 32285f43af25cf830ab6440997697e09
SHA1 7efbb132a52d29f46877487f4dd576ace33711b4
SHA256 540030c006ecd189f2853246fb959691cc6d3df5c4634689d07e5df6a6c97f56
SHA512 7bee6e1d00e16821e52f3d85af8bd3f6fc39a92563329ee56e64953fd94696d5931f26948dbea99161a0a3a2f0c080750eed86e7a6f7b84fac06c0494cac675f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 25e019a8bc869e45fc114ff50e8e7bd2
SHA1 e7a684816a7392babca6489b475f8b9554e9e2ef
SHA256 ea75f0ff677800c53a326f22b281270079337127bf87278f7f62860bce19af46
SHA512 3b08535a4795700761414cdd213e596693023c93e464da2af76cda8ac2a253cf52e925eb469033b0161c6365a200116046f2ba44c4d19e37bf1fdae0a1e5730b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

MD5 2381833c310c27ba15937399e9dcc01c
SHA1 ac8b7c487df33f9afd05e26d8f8e6f8e493459c7
SHA256 eaf4df9f0ae361ba595c899908c92922ae101cc9c39aaa9a75eb46ce2e252b2f
SHA512 5c3f1b577dad7eb7cee3f687b261e2a145fad0a0947529b08770aac0c6a16344ac7ffacee0e30f579294f58b9b28b96e1230d71fd079f4e1771ae25da51a0e66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

MD5 57307f12d90bc2ac1313afbd74bf8556
SHA1 84e398d2432a88f528dabe66eb9505feac3c6883
SHA256 2b5fc928e7e48120b7fe879f2c8d00baeb4816f9e393b66c0a08e465bb063d6e
SHA512 b4f3590eef1685c0734769edb6c32cf30d68f82517be317f950c254d14d1aa11893b3304fb9c048ef5b35e272f551e428e5685aede191940d74c288ebe5ec896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2d10bb0aa4ad273db1a9af5a30182ba
SHA1 39d74ca6f6e46e6a03aee24770322dc5afa5f595
SHA256 aee6c4d88821402d1e33f2e4a82223c556470f07612165a1f056aedae0be29c4
SHA512 60ed8bb3683ad681d2be0a9dc358d628dd39b739cb4d6054a62e2a651a42ae90c052a092fd7a5221cb42887b323773ffa865066f92afa920806af30c33c8ffea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d8b873426fca7446b669d7d0acfdf7c7
SHA1 387d6bf167f7bb2c96ef9c229929d5d08905910f
SHA256 43590161bc36cb0988e65238ec006b0035208da26742d3c44b8d0a2785074118
SHA512 388ea77529d9ea4d2ff55fa82545c1af3be66aaddd101e5ca906bc7523617a069abd6de5d4dba25458815a7f156ae4fddb689321ad66e12cda68f0af67181dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9894320d2cd9af905014c17824d69039
SHA1 f6cf6bda9db560bbe0c39501f2800d6b4c004f77
SHA256 71a73bbf4c1364af1880eab061d7c3104e904f061652cd37e0393de82c6cf310
SHA512 dc7180c715fc9d2ac24b021e9854b570cc16ce356d680c8c3d61d5ea38f23c54b6d39c524e06e06156f02dd1f1d009caeab4f39cf64fdcea4dbab44968ec4ef5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 121510c1483c9de9fdb590c20526ec0a
SHA1 96443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256 cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512 b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b76816c699e838d9d314538d2df5aaf
SHA1 7c9fb18a2097acbba5d6b6f667ec35b6ded6ffc6
SHA256 c591d8663a6617bedf6465143412387ff174b624d13a2744bf33b9a6caf4b240
SHA512 e9650db02350069dfd8349aa7bc699fb95dac249b95ab5e648541d7918d787a31b643441538801cd525a6f55c91b654ff4348c319aebb30d672f208947254350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71c35a9aeb34f5ef393a660513012ba4
SHA1 c4081af1eab1b9c81488132df2cba2b3483eb0b0
SHA256 751805231a0bbd520127e0e967a831adbb262aa825cd71605807e2a3db8a3630
SHA512 0558f71b1a38f29e1415fe3f7b0f458b2f02699de9e013bfdc17896e6f244e404d09b9e8a998bd4ab8422b7f86bef50be80403ded6e7c06181d67adce3bbe577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 02a15d2af7873ff53b2a858d292ffb76
SHA1 1d8b0041f07c848e8564d7510fa2d077c4d340d0
SHA256 71c6c73ea03329f754af21307e297fdadf0f192b4457aaab3358328550be606e
SHA512 e329f3084898f9165ac206699fcbd40349f62fb2dea16c5be69b2f7bd034d6dc00294bae95120352e6a96ef5467c9645fd11a835e456a2976d045b1cb6768eb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dfb7a86f3b36c43bf651dd6f3dbbea27
SHA1 acacb5edad6db84795db150ee785b7b398b8958e
SHA256 3c912bdeea4d76f9d0ffd636faca040280ff446e35306ac3117996c34be32af3
SHA512 abb8de6cf7159a54b819f17078dbb88f161f1470fb8d8a994a0d611a85f1de50c6ed779fd465b6f470e0251ba764bffbbba0c653d03a8b9877c9b2eec0c4cf22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3700_488062224\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1361a9bb18c1d570436b461ccf964cfd
SHA1 4870322d3f1dce34409ebe8ed3e57997781c39a4
SHA256 fc157e5c9f943d7da3748c050ada93f3c017c2be9cccb4c99a697bd0a0f44ffe
SHA512 30fbba99253bf0c0382935de2aafacf9b5ba5e62a6a6429644c94cbde253d9a4151cda384762cb6dad4ecf0475ca7b883088376d00e317a5b04b7e97ea1e097b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3cb1035950f94356744feb544fe84d2e
SHA1 7efdded8dcd4bb14ecfbc54dcf6d08f16e581f67
SHA256 79c94e019d4b2f322316d895f1cdd4293b349698894f3c3e0e3b665cc519b4df
SHA512 57e1c37dad1724c20c5c25ffe33450d95ff18448bd97a6246b32c70707a67e1dd4f9ca3776a47721b97847f650b5dda4059e7613d9bd29ab336f2b958ba7eb46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8139bcf0ba0701e8d8a401bad5bb0203
SHA1 9dc0de77035fadcbd301ff883f0a9a75b02e9708
SHA256 4e13582b288c0491a5c09826be7c579c7abbb9f5b558dfde60bcf2cc2fab7f4c
SHA512 2b354a3ff63422ffb33d046170a2228b86cbe623412d933603e00582283cfc0fdf2dc519c46e2bbd0e829f63e880b23d9c99cf2fd8a21a4dd1b9cf7a46301a8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 773ab3e30eb8bacb7527b6d0f7e51788
SHA1 a3d1e24bd984c3737c823671aa69765fd6320cec
SHA256 eec11126292d02e79f4bb1adeb7e98693f8fa72628f220957cdd91725a32289c
SHA512 4a4163e45d32484e719abc4d8276388ed0caa12bb236b200c2c1b0c66656d7d8f5bf527840e3a450c0f827fc054b69154462ea62b259444bce640a255e1efd70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a3e89af8847972d2a8e9cc209c2dcd2f
SHA1 e8e1786309d6a46993b20a79c5fb65486d48e2e6
SHA256 cf034bd24014cef2e967784d43ded8e7a2dad058d37e9e7103b1f898a5f1a559
SHA512 4412762741f38647f8d3ba791f802a83abb974c77cfefeccad80ccd1a0c97ee1d410ad0cdcafdbe659f151f12f6ce7ff62500f26074923a55ae0f4807e7ac304

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{6a84dfbd-7daa-4f61-9319-daa59cbeadf1}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++www.youtube.com\idb\3091227660yCt7-%iCt7-%r6e2s2pfo.sqlite

MD5 ac0fd2baafcfea46fd8a0ba2b2e525c0
SHA1 1dcd1339dd69d11318115219d5147e2e1ed76c6a
SHA256 fb1cf0b4886ee72d77087c670f0cdb736f3af3f70cde44eebd5ac54fbe589231
SHA512 4bb45496c59f25fb4c5d644993856fe032784d399e6e54287a969bb526955b55b3f685b7672e451af26508654438d965ac09da862628266f62b22ae6f26f2325

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 e473bc9839e56febfe0ba37362e9e84d
SHA1 409129fc892635abc2b2ca5bffd9973c89a3ef58
SHA256 d78f04393833a515752ece9a7ecb50d4dafce08fdf615c79bd0ea95daedfa5a1
SHA512 45aa032afd06cfd8b904d2709bf892bcf9069cf9318d9b23b39d9960eb8d0423f81f83ef47baddbc8c3a32fcb58d1b79ed61db3ede81f11d17c1e6e114a38294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbab66d3e1130e57c8950cb707e376e2
SHA1 1a7546d1135d2e7de71c8c8a66f869bdf8603895
SHA256 9a0bd2c99d069f10cfc8c13c0e3b4fe24378d66690609547c4dca526793378a7
SHA512 3065095fafe52f82e91dfe8468592b1d8b95742c23c277ae1cd63deb76a0d1d85aeb80a88aea3340f09aab69ad65ed09daade55efd5d3aa40ad5c8465d305798

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5874ae.TMP

MD5 93c77c5851fa4a9c571c75120378d6d4
SHA1 0f0333501f9d8b3457400f798484bf4d216a6d9d
SHA256 58f858a122348ab15a52606d32427abdf71745dbb326bf2c9db42ed01f33d613
SHA512 f7607b208bcc3c833ae1256821450a1a6845ac5e7d24203ddd5208733f8ed4c1238dc8500f1e39ba6c7a55329aae1dec64637ee1a514a4a749b00823ebc44c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7ca258d1d4819f4509ab47dbfe65dc6
SHA1 6744b38e828651f7e399b1af5defa5f585d04153
SHA256 0180e829aed76bddc8e901fa7f4c798424ba1fe0546258cc8dbd7ba9ebc6ab09
SHA512 36ab150f3ca8e03b22e3ad210eba7500b02fbe8dba698cb5d3998bf7cfdddd557c8df3a60d7e3f818b954adeabc24d4402a9349afa0f4f2e7b5f467ebee756b4

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 2903a413213f2d6dec512af706b82ac7
SHA1 0ef49a691d4c1684996a1d5f55c4fef618d62984
SHA256 9cd23dd2562e201f761ed09b7c76ff98814f916ec193271da13f6c0a5fc3a826
SHA512 55b5aca2d4e414610503480bb382e26b59cacbcdcf1bfb8d799697901ed54ca897a96ce9ba8eff13bfec11477fc0688bd8430236ba65ec624ca563e16ff60fe0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 636fe3fb641b81dbea00094aaf5463fb
SHA1 2826228a8a1eef3ac1968b9ec34cb4a5c3010f5b
SHA256 6060d097f1fe14f46b989b0a9c066c9ba78441e9bb6626d70c480df59e553fae
SHA512 3a5482ba6681b40e9c6ac82973ffa4bf7ce81c7ac8e5bcd5dac5238a9a66fd1afd9d2f6e4c0b055895a9340c9b35a8030f3b36a03a2c9ddf45d034b96746015f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d5d50f5d5392c3dfb9720e4fa247a98b
SHA1 1ea95bf8b266ae7e75dc7855c1d7458bb8408668
SHA256 e0a386bd2a99507035a24f4053f907e83033f570df8d5e1b4d44dece06ee5cb6
SHA512 aff0a9ddc4a6c2054fcc33c5624f1bc7e70ce6b1a090edc6f1378245851ac235e0c615020891451e93917b04d53cbdb286d29e833748aaf40c5a323c3d0d4881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 07d1599644d9d351c0edeac0948a08e2
SHA1 57851cb9245ec0e3bbe5e3929f83d16dae46b33c
SHA256 90e0411e9beb88af0eed93e63ad65281dd5e2020d444bf04111ee0087a9fdc5d
SHA512 e7981c49b0359b12ace9de7af4f5ef52f1b4dfdb1a0a828810e9779cb5ee8710e76231db390877cc515dc919fb66d5c289e3b06f5928816b67e25ed6ac49dbe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b061d67177753a8f492f0811ea8ff093
SHA1 26dca1d01323a166c83d66f7c58761a564c2b9e9
SHA256 e2611c7564aa07cb97c4f393a21d0c417d17fdf379f80fae223a2849f3098631
SHA512 df9c1566709d3f862a6a372ab960092b3ce77f233e71b8c9a9d297bd904befccf362f78ba675231a2ccf7c51fb8e07ea73d11370d2e954f7b2e8dc45b34cc7de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 2b9776807df1c30ef66c45ef60237487
SHA1 17e925fab39688d0d907687da86f566e283ee63b
SHA256 58a7c2031d7dbf5bda9614b64123996aa3bfcb5a783f901145baf087066c04a8
SHA512 e67162fb491ca513627e9fcb69a5db19a15129856ea3d01c2f0b5add061811bc5a0d4b6d8e53e4d7fe155b3bdf4a786cff697df5165368616589b411f8fafcf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2cf2e951140957b6fb5b4bf677c2cf4e
SHA1 d036129c6e736c52fc5303c8d2e0773645b2f7e3
SHA256 2c9668225323315ca453f0b324c020eae9b60db17454bac43382eb7efdf8a39c
SHA512 a1e1f1f28590e89d97ac9bf7598c4e037556fe80c596555e96e6c0505fb818b84d4aa05ba67a480761d86a9be8ea37614764e1a9ae0091b57b0b26c573cc3acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b3b3a2a25257cac2926de3c7ca377d77
SHA1 722c60c46ae895110fb1c8beb92cb2add490758e
SHA256 377c00695a5d2fc56c554f6823521be5d44a0e969c0d5ae2fc854fff7b831654
SHA512 43cfadedf3e2e13fdd0cb608263abb38d0809d0d1548755ab97047b75ae70921e5c47a9ba8618c9282350ddb201c94850e88516ad41bbb56c190fb30d0520eb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 dc3b8c50e8c0eb3efdb4f61a11b07f95
SHA1 d0ff754f54871d9d06fda35d7ed84a396473cbe2
SHA256 fa158e2b238e5515c36f41e294701218c9b1c9908aba7382469b4a82820c9b35
SHA512 50c7bf882fe3e7e42078ca3c2b720ce87d450fcd4263f984e47a126d914cdb314ee6f1920ca22e196e9487df4d8a863a66c4590565b9d7f8ff7aba25e40c1b2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 6113d9f8b5839ba1672a924487efc6b8
SHA1 936ee83885f93c86290d3e6785a7aa57bbc948d5
SHA256 06b5e5a492bf40fcbf52c71bd4181409df6d8766baf268919a18d8a1c60f09ba
SHA512 76ecc189cf732b835244687a435db5070ed839fa4fa5e784e50c0a4b4c5e0c5fbba931059cb17651723c3b9b8446f40a66225a2e5bd0ff907e1948820747d836

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 e7509c0974f418f9abc9cfbe6680c85e
SHA1 1b05ca39e4e5007eb16292ac9153dd09e6e8b491
SHA256 5dfeecb28f2faf93c24e4755b3bdd2d1d32bac448f7ec94ea3eab9e934a425f4
SHA512 f16b7a2ef1e574328a918c42a6291ba3bb8fb146104de2f10471228d122ca27cec21e06fe3ed74192f6b72f01895c6c527f2706a9aa6c582b8d270f4a58d7d42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++www.youtube.com\cache\morgue\5\{e12d44cd-6e14-48a7-9d56-ec01e8ad1e05}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++www.youtube.com\cache\morgue\136\{6bc89400-fabc-4387-b990-2c3bd370f888}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{3849f56b-85ff-44cd-95ae-9ac88f0f238d}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 48a1f77ccf0f523f5c2864f20fc9c4e6
SHA1 a97d896b97804750932a9e8444f7a65cfbb295a2
SHA256 0097fe392f2479647d8c9f3840c7ac49f8296b1908bf0e99722a86f223037ed8
SHA512 e89189bc54043bb14f6535b55ba9aec1f27cc36defeaa5274e5f22acc50854bd9b34073a41649a4cbd66abf456bca5b1a695354bc4de3569c9bba9a494e05098

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 56bbd02e76615ce931487c0d64c556c7
SHA1 ddd3ab5c6c400bdea08641358b6d97dd84808c3b
SHA256 9bc8f9a8c8bbd13054b8466280da0d7d03058aa3f130c50fc20e42d5f1d966c5
SHA512 51bd335d4f66e0fb77adc3f7e1be13dd394a6d7cb03fbe2346a56bd25384a6468088630846d56c6e3922015cde2ff74116aee733cac8fef96b901b0a76969821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 26009145d15eb91da5fcdc138770618b
SHA1 17c5dff4b9fc5e5a98f93cdf35ceb5ffa4c2f8e2
SHA256 85cd6bf80a72139a65e56632c333d648f0ebcd9bd8c1fd526557949f93ad7e8b
SHA512 187744cfdcf34bb94c50e175873a35e48a937ca816e6cea13870698e00b4edcbecb2a17f79e5f5f0980de4e0f7fe02327ad4917a10839c4e69bde5b791979696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 00e4719e921c916759eaaeb965fb9b6e
SHA1 f0e7c979c0a1e85ac78d9dd231502fb425b18cd0
SHA256 5026526565cff03c7fac8772152e339d2161d8b473c2be9f2bd85937a47aa6d8
SHA512 b67fdeaad9acbe718c8713b6c4ce3dc7c4d76726f94febc6539d245e47b8893c744c338d6c2b18c5cad99e9d0141d1ce514e53d67dbc8d1d825e5eb08c5a5781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 769287d0597f2baa517207a337bf038f
SHA1 3db7e68e2009f19907d2287caebf99eec0b8287b
SHA256 5e930a1c171d4599bb6daaf71ac52b2b50eb0f15e1ac08c0ba651fb27dd06b0d
SHA512 f504f98bc5550d19e1fb186fe35c0c9d67411259ea37e87404d503af6c04b3a6724959499f2be17ef753fed53bf892f0c27f6dc11ded18a7d22eb6e3c28d7d3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fd8392c61b09939912f71b0958b3f344
SHA1 690a71d553015564d492921f4791cd65359b721d
SHA256 74c5e6f1257e81a3c5c3f19a77486d81282c66bff751e26bc58673d7ff7d66e3
SHA512 4f1111b4d47048097d8d488c1b3e91769adb12706e217e6d464b5d9c6ec22091c09643cf5281226d3c6ebee6e178a4d2a6ed576840731848f34edaf16154c8df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a44a.TMP

MD5 005d2cbecd35ea657b7e9e8f6746044c
SHA1 ac2754b52fe2f7ff7ce514ff63df0e9787417f3a
SHA256 62590a2673410ac82360f71d00c7ea6cfd3137851ef09b2e729c459770139b7b
SHA512 11f9076eaa93fbd50aeea17dfafbad5f71b0f43202a912dc5b767d9bc0c42bff271336e5d3102a4caf99973ad2eb254bc29d4c4448a50a02652e8d24722d633e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 468f56c49e928f7324bb12c425b1028f
SHA1 e62a69dce5978ebc31f113e66c8a298cd812192e
SHA256 281f7992219e8282dcc55a27a46c7b7391381f3b17e23bfd859804051ba46228
SHA512 ae9a65b88d3c9868245d161547f4759b58c16935a50c3e0b4c17d966b302ef7253c66539b14c6897f2eaf53da75848ded6c7c4086cb48f2a2d6b9eddab45209b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 982a868f8e838477ce4dbcc61a1f1849
SHA1 65354d8e13a3de7d3e5b00e2e729838774f3715c
SHA256 f573fe49dd43a383adc31695aee816599d21b366f9fe7a539d916cb96b4fbe89
SHA512 f21e5ef9f98790f786eb12f94a01892bf7780a6022cfcb1637d0660b03c81abbe1c1c3c57e373727d7fbe046f798dcc5b0b46a36516f49c294944378de7215d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 a6a6429d6a40d519b8302ba85468bd5e
SHA1 8ba0bd85761c7fd2efdd2cd79c95644c6fe17976
SHA256 c307d54fcee53c212a0521ac00f1d0fa08fb0d0ad8a7e1211add81b2b6cca4be
SHA512 693e4c4ed5fd047b06f33a592a69575d3db3ff5fc2cc7645bc06d6af42765d053121fb524b8dbdc5e41a9f72305b84a4a0dc996424961aee3dc0f5272572869d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 95b4805836c6d43c683adbcce74f6ae6
SHA1 455ea152e5e6fe6f462b337a431333e18d814396
SHA256 1501f48d09b189e7f0214954ea507925fcd0ba80cd8ca2ad1bcccdbaad9072e1
SHA512 ce96567484ba89afa0777a5780c853f1f3d1a0e75ce6aeb72ee3acaf778b62e528026748d19d3b8ac2e04e79c50998bf2260f2514ff5c053fc0ae278fffead1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 13466d8d20e89e35959827032e6d6a51
SHA1 e91eb48272d4eee7980247632c0c4890e1cfd970
SHA256 f1ce9f1e895d734c880328ab669716ab286e3ef107f1cb1fa54cf4a66d35ea2e
SHA512 0896cc5024a70bca78a920b54fb7c63cc147b64188d35454bb5e45b7ede3b859c6b760935971e69012a04b22e208fa4ad0f0e663895fe9a567ad296be19ece67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 82f1abb198df1f61f16606e55330f21c
SHA1 b6428a279be448da73792d52058601705871d78b
SHA256 fa54b15b2150d4ba39ae61143f402a518c9468f7da08361d492dd02ffbeed559
SHA512 27515c9734950bdfa6fe5490156123852dbdc22938fdfcfba131cd463842ce57594fec4fbdadd2016b12643acc132ee6b36dd283bedad36b94a65ad66a77a4c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 426d8e217829ed1343ae4a592b79f6c5
SHA1 e444f83ed8524ce6862cb85e6a587215a2a8415e
SHA256 0ad7610390db0e850386726817f3755424106fa3eeb3a4a9addf7b0ae101d98e
SHA512 d9b5820223b2386a3deb57d46d7087591a39d14c8c179bc7f402c65b2f54254e006d4184172412823efa0ebd20e64a81515aefff39d65db307698cbbab8b2d93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4e786492c677f64e5a7b174003634f04
SHA1 9e8e95b8eb5b095ab28f40b191964c3cd209b295
SHA256 85eb24ed83570c11e6988d1988f8786456f39e7910ed64bb85b48f530462fbcb
SHA512 f6a885b4696c701acb30f5e741519ee3ccb354940f94ca3d7c718a7c156e137f7ddc93a1ef76facd1c6e87fa116df56b619c58932a0aa472971a2b938a61bc63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 d28a8b2a61482fffe479ec9daad82b2a
SHA1 d63bebbd4f05ad58b31dca7f676b2ada83570c35
SHA256 a790e45c7a6149b4a0289159f413027eb763b78ab9448f7039dd953357460ed4
SHA512 edf84a59f7fbe1b80b43f07412895980347dda2e44f3cc04252cdfc3676925de593099164f2bc3fc999ef8a84fec5b803f5d6c37cbdcf159d7173a34b11f31b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f49d83be1fc94075070d2accc852c91
SHA1 f4286fb30eae5cf705069248ec887436331d2d2e
SHA256 a0f7707eab37dc61f0e831f476ece7ba48fe65188b50ebd81c1030a15526385f
SHA512 0aad8abbdda4d397f19444f63c4d527f4566222225c37f873a79af4e5a776d18d1e7dfc4d7874c8650c138fcd75bf838623ee20cce29622cc496612fa91d68d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c08ed4bea75c4a701e5099150ec0db1
SHA1 0f21d629ebbda2c82819fd557149c4381ffe756c
SHA256 abf114c102b1186c3d8d8e588ea44fe08b51a0e1a6b87a742c8b03a05910160f
SHA512 fa84227c209a6e86808b1625976254f6332d550a577f9621545f5e462b998f24a64f529b7362157315b9784f4ae4337d87e21f3eab719a8663350b988873a129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62dea470273073d231bbb3368da7c94e
SHA1 33cb43b04ad62b47145f2f2935d0c4dd1850159f
SHA256 eaafbef5aa2ad0c199237d0ec5045ad75b70397451fdb9151bd0e93f3cf99a86
SHA512 ae0b993ed9766b126b1192f11cf9dccbe17a0b47aee477dec97afc7bb1cf994b061b6c6056227ad39c7171213ef4c55a219b813bb3549d9b5e9fdf60db743013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2295c4a483867fa08fca991b4f58de5b
SHA1 e77c44a99509835115af8511fec8f968e008f30c
SHA256 576a610d4913192ca507a631d4e88d21fefc0f963c20e65d4ea48725c1d5f791
SHA512 b06af282c1c0165f803eb7dec521e1acd29537a4e34e01f30767a08ab0b4e2d658e785cf271e7bc2e26d0de34ee5527cb08578e732278a66ffd6d71e1499a879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 1ccfec0095eafbfadaed6121bba85a50
SHA1 42138a9ad0f9100933ae9771a0570b388886130f
SHA256 233c7744c658121611b9a44ee51a360c515567f912caa14a0c23d330ca1156d4
SHA512 e707689cf462b6f89cb6d91acdf69ad1de4e15698688cc2697affb9a2ba1b1f45d12835d9fd76203f4d17265b10b4e3ee490e9f86514ce648978115a035afc27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 c9365d9c2fc80267ed9a8e35fd7de29c
SHA1 05904ccddf60ece380b41beb09506d995a93437c
SHA256 e4ec74a14c01eae12976a9159e08816cc8b9e37f8f65c7ad0a823a0e3b5177bd
SHA512 ec7677614e9cb9586dcfe13d72c33d7d62f1de10d5ea2789477206ba63fda06946415c1ad37224fa22baf84f80067b13e16bae0ed1765887424ead5e80108fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 b09800abba264700a099ffc8280a30ed
SHA1 e7b45cb04557361f4736a7bd63533d87ca9ed3d2
SHA256 3d568a4aac6779408397cdb5aad0071805fdb1b9fc848058bd757271c3f5c8d9
SHA512 fff412f8c8ab5fc5e097a1f9a4040f68863625e96f11923aa4dbe8f65991db90bb2aa1e8d50a85a276edccbc370b8ed6baad08ec90c59c147c152a4e6f91de21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 677fb61bef5fa1202a8f0523e4782887
SHA1 eebbb0cc2335618d37e61f73e957a107e4b2366c
SHA256 94f3cdddd62891402d55c6fceb813dab275d542ef664fa1a234bf0e0ce1d20db
SHA512 7c253d05f3aa6cd06d5ea5adde3cfc72f3d89aa19a161bfdf28744fe144f08f58bbed14f446b6c3b4aeae11b65c2ed6ea120a46546040ce7d76cbf173d3051e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b596becb4c24bcfd3abec28f22ae7682
SHA1 8d6f69b435e7175236660a53dc5ae8b96c186c1a
SHA256 b0f8edc2e4e058a834197873a359951477aeca03cfd89b78f566fd4f419bbce8
SHA512 739d7ea59e1fa4cadf1f5ea50939baf5a5975cefc345670f99a518bb3b48d8b5952671c65f861682fe55b3f7b2c6950995e23bb9c34157e34fd393d94ee774fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d072c8db191089b9a75c43c59fc258d4
SHA1 f5221338d8c786baebb3ceb6ad97b8731ddcece5
SHA256 e5dd60a3b585813ee403f4b9aa3d8a0b4a18937f42c12a786fc318ec9ec4d74c
SHA512 33d04e5d316392da6cb8196aea46c1abb57b857bcc9dc50201a6b2c65c32bd1557a4cb870913098a660c88da002cb109982539c7369384a7ff3544b039b4826d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 10ce40ee2e8418cbbff81d2a9dff42eb
SHA1 efd8add977c8a4368e5ca36e57c0f4096acafbe3
SHA256 1ce85a5b75204406cc99ebd300c20918ae96c63d17a5d95579011d73841547d6
SHA512 f426134302e90c6686ed3145bbb823c5e1df85376c12bf1ed5b661e4977bbc658e8d705820b8374071fa47aa889346304c1ed391b64750e9737a9dc83ce05926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\15903076-bde0-4063-b58c-7a809f61531f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c958d78c5773c74a0d34d66f36ca9b26
SHA1 94eb9a98cc82bd2b18965b16a29b5334eb8ae278
SHA256 63f5f9b069121c3f070c11c91f7cba81a159a29c660326c65b3901be2c36b4fe
SHA512 4a8c4546c7c01957925ccefd1633931432dd74125705af176a24aa4788bac8d574fbb61602b6d3310c6918893f97cb7578edd8649c8d3d05ad4a70296526a148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23dcd37456ebaf499ee2ddf8e1fed46d
SHA1 849c8ed01baababa782ce1cfb2eb05b4a9030766
SHA256 2044aa2f76ddf6f454de41dd58d30ac15c02e14e2ca129a48a06cba56dd8b1d8
SHA512 de49ab6a0c22174dbeabcef72ea9570a8dad3fd890519bdc71785eb7753e38a1a578e0844b0d0786095e899e6b93734e34696b113951f5293d2a297e4b838545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bcf0354fe7605593e0351245e6b41909
SHA1 3fa5146fb1000f8a5260c8a0baad7f08cf20ca8f
SHA256 7c1722007d50d94b1d3063706fdd42df611d884e10cf602d21f4907ccf2c813c
SHA512 5adf48b0f4ac1504e03f19d04b16c8eced997e7cd1a619b649340052141ee41495d2e195ea44b38c3b37af1e54f2038916f266b90a22a7fd7a83404f6e9b9889

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dcdd4f68ff80aeb7fdbf292bfb88ad0d
SHA1 15c81ef5fc76076b0be5bf27b25407309788872f
SHA256 a159e7a50ef5b134034d384ce5f59f105e477c6dc5a77f8c53441c76b4462165
SHA512 f13128bac7c66e1ada42e03550f90701558eaa80c1862ea321ab7d628b566571cf5f9a585aeb23401fb927d31342eb0132ec33c6251e47dddd61bc6c4fcd77a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e966dce58dd629aa56ef1b62f6479ee
SHA1 f57d2587d7d6066f90cab3fb0440def77ef27cea
SHA256 305662525d6ccc89dc218ab88f540d9e7d49fc7e015820ac4d037fea3e7a0864
SHA512 a1c3da6970ae0876c9e2b1fb35a0702a44a8b8277fbd6e57cfab6ee94745cb7fede2db20e4135d4b2c35e6bafb9ab4fea452366011cb49043fdc1f572c923d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed7d318a1eee1c953789c5fbc1c17dd7
SHA1 a64ae1ed52ef9ca523bad73a2cf06eb7a38733cc
SHA256 c9da3a2a6dc09b3139db9a4b734e9c4ea5194a1b964468bf92f031fbef2af33d
SHA512 a2c7349d238df41fe41646477dac2240ccb82ae3253258ff2d7f530fd7619cf7a1f2f709d87c7f4e18780986e85b65af8ad7bdb14bb895d4a78b458689a12865

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 709f7544bd3e74c424113e6853948595
SHA1 a8c1d9e6c8493091727f0e303e45ab92b773343a
SHA256 0f2a35c8b824d54b483d0b2ea10964bb7af8eb6b1c86d40efbac4c55e1123a2f
SHA512 c2ed4cbb5e48d04eeb63c94d7d88acec5af101c2da003a34379023d8454d810ae357d0b4265da7027af38889fe307ca597f815111295ed62520f39aabeb2020a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 7378f426d93d2f806b536db7d5d1ef37
SHA1 3b7a025816a583f4d77e2d446666cec3d280143e
SHA256 d40eeb6f1bcee392df7288d7ebb484b3e8fc769fa52d13a41804d59573799087
SHA512 44fbb6d3b806dc28ad340c33163649a12fbae9bd70823ad39da45a36e3325efaea3e4d060702d0aa08f417592b7a512b967610e361b08101e7f981bb9cedea5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595e14.TMP

MD5 b4d71bb736550e3c5a967e0493b486b7
SHA1 6826d97d73329730f5f68636f310d779adbb9770
SHA256 3bbd16f1d875b2057816138464036da36d2e27ee4542b252cb861cdb53ba2c5b
SHA512 04452f251fc556271b26d07d8422a16b36f4b69fb4171253ed214dc17aafc4db2e64bf6ab5e795beaac1ad4d55186715aef41417ac0f1830f279889dd743412c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9d8cd95850e46ce8bfda255e0e8134f5
SHA1 f8a8c705ab61a446a085848fab82ef9155f62adf
SHA256 484ed3b073e0921fe7bd1283f6db16600f52010d7c3a7f296e2476d5ddd3c948
SHA512 6793e0864c389300a9107a7a5438fa7da6320c3e9cefc07f6b118626600b59c861ed9d9eec854246fb106ee41e338157d7fb54e7061743fe9a5e9a4c01035c69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c40735c4d975e0b1b4eec90e32d55ce0
SHA1 aa237aca9a509b4500e54271b382c8b6f2e223f4
SHA256 f9d334938eaa98b7bc6974efc2dd57ac59e94d63e7fc89ebc2137997dcb8e516
SHA512 e3652fc4ce6e35c1fac75dfa536072be8e2dac50b7475333ece30b3beb0985fa54fc02d5b391d86b2faadfc074a76e1b118360e435db6c7865576d6639bd9dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b68c106598ec4a85c9b771a6ff51bdd8
SHA1 cc5bcb5b7976de813047bfd254278ace7fde471c
SHA256 6eb5e62dec59c97378b2b4cb6f83822fa50894af9e65911d50e03f9c76e59d86
SHA512 883d3e76750f6b148093ba4b37310e66689617b6ef1fb5bb58756b907a3bb914434384a217d8b497cefc368b4f4b79e0fa11a1c548c11e09c96cd1a70fb1f7c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8a8f9692482172038da096be292464ea
SHA1 81707d8ff57ce77b4e79bdd8627b85d252c394c1
SHA256 959b169c9cb9cc1fc7a138459d94ed2585ea4c0e9a880c4096d7c062cc872b01
SHA512 d856e3d4e23f334dcdf7cc13ba1fe502216ed088446c41bf3e099dd14b75e84f7937f3f20f281cb551a01fd1e55490455657d6ccd67e694bcdb688e7cee933b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da367defd69068217853538788139ff8
SHA1 778608b2fc1e089627c2dd7cebfb98ada36dfc83
SHA256 774505494d76abad8d5244cff0ffcbcd78c864e7f7e96a4a97ea17b275ed13fb
SHA512 6c7a5a7296a4d08f5566d2b5d1d0988ab972785e3076d6dcaeb1c9544afa6081c1d7bc356702ed90c68e8daaf1ea1b32d397b687a90050fa9ac4ec2933666b6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cbe2aa9b47c27139f6cadb625872a66b
SHA1 e72e98965130dca1bf4b4c2fdfd6207765fa03a4
SHA256 c4e4a6ffe083c94661a7f03083343f1eff323b501e625c9ffef0ad6e01f29d98
SHA512 139098b0d84dd786dae3e3eb3a65cd2f9ac54b7a3e58eae1025d6886dc0ef0d8a4079a31b13b2839e241e885e147e8e155112fd443d61be6ccaa82c52bd4f1e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 86eac13ae042c5838d20274274d5d82d
SHA1 a1edc2336435162d57edd8e9a4a2b7ce2d693fdf
SHA256 2c700f68f9355697fcfb8a1be428158cc2937d2e0d01c0afbaed92cb2cb0c125
SHA512 313452f845e01faa3b45d9b37dd7db8bd1f2596684762d9affd50c1479c73592f06160f459c1fb11e4f7f38d185208b9c86c373f1abf34349daa3314382e337f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 4c44a4c4705e1e7ff214516345726b38
SHA1 c50da19ec6fbd99ee4c4f305e9ece188e0d19233
SHA256 7202e097880e3d2f06bd216cc9277332b95ff8b7d3a676d3ce89b869eebed990
SHA512 58c1de9c2d940b1d6195d96320c3b15030439ab71b1bf6a0d9e67c88213a3d1d29602a3079fbe4ce9cde6e6879020c05c237e1a7517c942b6c26f9da681da979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11a831bb78e113ead3d96c972c15b77c
SHA1 dc76608b8b496fce638993de46c6e81535694147
SHA256 5146bb4b7f1de5bd9aa5434c676e91c1067424d58a6dad522e1d52fd1cf4a342
SHA512 5eed9351bfe7dc3b39b9eabc9c0320701530d63c4033eb8933c032457f644aa1f48b116e6a6ce80357ed5ab8afbc0380df55a4f8e00a353f8de9d5c77054092a