Malware Analysis Report

2024-11-16 15:45

Sample ID 240221-tv3xwaah4s
Target SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.13321
SHA256 e586bf17566b9188b9274097ddf059cf20569b87754f38e460c2fd884ae88a15
Tags
risepro google evasion phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e586bf17566b9188b9274097ddf059cf20569b87754f38e460c2fd884ae88a15

Threat Level: Known bad

The file SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.13321 was found to be: Known bad.

Malicious Activity Summary

risepro google evasion phishing stealer

RisePro

Detected google phishing page

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks computer location settings

Identifies Wine through registry keys

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-21 16:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-21 16:23

Reported

2024-02-21 16:26

Platform

win7-20240220-en

Max time kernel

72s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe"

Signatures

Detected google phishing page

phishing google

RisePro

stealer risepro

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivEn145.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91986071-D0D5-11EE-9FEE-EA42E82B8F01} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000c7458fa17cb3ebce3f3553c52bc36f3e87e9c4c70884e5bb3e59b83d7192b9ca000000000e80000000020000200000005a850badd96f8794618886f6e3c6a698812296d2c3efc0ff264a73c1a3092c7f900000003f5e514501f268ff5a5228fa1fa9cda803164ba39155655dd3a7e67b7e987bee20a48b2e471dd119549e2ac97e3f9bbd82baa38f3e4a1dd8eaf363f1859270f07a255292cb51141a4a65bd5b0fc0059c912d0fcbbd0edb3e9c2a7a1a34f497c4773d4e45269ce5adf0b8dbd7dc731aee35bcafbc4067f544bd51ea5a8751b525676f7642912d2ff5059143fb487aac284000000020dfb81637707791896bc3662e17a6c5a84c3c0e32b7f94ed5f80d66d944123997b7b1956a916ba05ffca38c317c0f0c259067e762eabb94a2fe2b67b94b5b75 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91939DB1-D0D5-11EE-9FEE-EA42E82B8F01} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls145.exe
PID 2908 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls145.exe
PID 2908 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls145.exe
PID 2908 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls145.exe
PID 2908 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn145.exe
PID 2908 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn145.exe
PID 2908 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn145.exe
PID 2908 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn145.exe
PID 2684 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2684 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2436 wrote to memory of 1680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2436 wrote to memory of 1680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2436 wrote to memory of 1680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2436 wrote to memory of 1680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2280 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2280 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2280 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2280 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2872 wrote to memory of 1588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2872 wrote to memory of 1588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2872 wrote to memory of 1588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2872 wrote to memory of 1588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2684 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2448 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2448 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2448 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2684 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2684 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2684 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\sqls145.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2976 wrote to memory of 2520 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2976 wrote to memory of 2520 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe"

C:\Users\Admin\AppData\Local\Temp\sqls145.exe

"C:\Users\Admin\AppData\Local\Temp\sqls145.exe"

C:\Users\Admin\AppData\Local\Temp\drivEn145.exe

"C:\Users\Admin\AppData\Local\Temp\drivEn145.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.0.842945566\299018438" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1104 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04431e9c-e6e9-4203-b4d7-a81c152073f5} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 1296 440a958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.1.899534073\157528570" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0592e2d4-6e20-4ca3-85b0-3792376244b8} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 1528 44d0858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.2.957939288\1444890841" -childID 1 -isForBrowser -prefsHandle 1892 -prefMapHandle 1716 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2c04620-c303-4c20-88c4-d445a5cdac03} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 2072 19783558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1320,i,15364345838765616731,1201266748487517665,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1296,i,8444991128061326988,11537770256149747775,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1320,i,15364345838765616731,1201266748487517665,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1296,i,8444991128061326988,11537770256149747775,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2584 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2532 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3380 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3172 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.3.558095007\581916938" -childID 2 -isForBrowser -prefsHandle 2144 -prefMapHandle 2160 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a29a89-47f3-4c90-835e-302c13899b4b} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 2476 193b9d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.4.748051337\1197071985" -childID 3 -isForBrowser -prefsHandle 2632 -prefMapHandle 2636 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c614065-e6b1-48d5-9f53-f88b1337f3e3} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 2624 1afb5c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.5.933598968\1436460110" -childID 4 -isForBrowser -prefsHandle 2796 -prefMapHandle 2800 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2474807f-d84f-4a05-b620-ab1bae8c1b93} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 2788 1afb6558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2300 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1496 --field-trial-handle=1220,i,7616431067866020341,6631785951996168825,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.6.1066402694\1871933534" -childID 5 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {529b6f98-86a5-4a13-af16-c47d349422b8} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 3476 1d472558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.7.44868833\1044974769" -childID 6 -isForBrowser -prefsHandle 2812 -prefMapHandle 2476 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6996ec32-0d96-48b7-aa6a-1836639fab70} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 3336 19780858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.8.2102414489\1216453901" -childID 7 -isForBrowser -prefsHandle 4160 -prefMapHandle 4164 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9bc62e-8f18-4e5f-b100-6696b5e59290} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 4148 2028f958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.9.371777888\1537308097" -childID 8 -isForBrowser -prefsHandle 4344 -prefMapHandle 4348 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27cccfb4-f0fb-4fc7-99aa-716b8209d867} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 4332 2028fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.10.1198458227\1856741701" -childID 9 -isForBrowser -prefsHandle 4376 -prefMapHandle 4380 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a760cb2a-4d63-48d6-9be5-f0b04e93cf86} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 4464 2073c058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.11.143351870\1262993636" -parentBuildID 20221007134813 -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcc02758-7f1b-4ab7-9b76-130eb9b9853b} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 4636 1c824758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.12.1732280557\1845325866" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4588 -prefMapHandle 4592 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ac28f8-e4e2-43c1-98a3-3dc3ad4268bb} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 4800 1c825658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2520.13.151922169\385107193" -childID 10 -isForBrowser -prefsHandle 4468 -prefMapHandle 5072 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0462c7f6-491d-4f40-b9cf-9a6f6bf5789d} 2520 "\\.\pipe\gecko-crash-server-pipe.2520" 5156 10773358 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
NL 74.125.143.84:443 accounts.google.com tcp
NL 74.125.143.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
NL 104.97.15.51:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 74.125.143.84:443 accounts.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.195.35:443 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 rr1---sn-q4fl6nlz.googlevideo.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 74.125.1.166:443 rr1---sn-q4fl6nlz.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50242 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
NL 74.125.143.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 74.125.143.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50257 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 74.125.143.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 74.125.143.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp

Files

memory/2908-0-0x00000000001B0000-0x0000000000BAE000-memory.dmp

memory/2908-1-0x0000000077040000-0x0000000077042000-memory.dmp

memory/2908-2-0x0000000074AE0000-0x0000000074BD0000-memory.dmp

memory/2908-3-0x0000000076810000-0x00000000768DC000-memory.dmp

memory/2908-4-0x00000000747C0000-0x000000007480A000-memory.dmp

memory/2908-5-0x0000000074920000-0x0000000074929000-memory.dmp

memory/2908-6-0x0000000074190000-0x000000007473B000-memory.dmp

memory/2908-7-0x0000000074190000-0x000000007473B000-memory.dmp

memory/2908-8-0x0000000074190000-0x000000007473B000-memory.dmp

memory/2908-9-0x00000000740E0000-0x00000000740EB000-memory.dmp

memory/2908-10-0x00000000052E0000-0x0000000005320000-memory.dmp

memory/2908-13-0x0000000073860000-0x00000000738E0000-memory.dmp

memory/2908-14-0x0000000076980000-0x0000000076A03000-memory.dmp

memory/2908-15-0x0000000076600000-0x000000007679D000-memory.dmp

\Users\Admin\AppData\Local\Temp\sqls145.exe

MD5 bee5186d252b3377c99c7fc919740162
SHA1 f7bc080ba9fab7dedfeabb2efd49168578a2152b
SHA256 ee3c5cd2b9229b2cd9a1f027fb11e633351b159c114c6778f926be34bde1a7bf
SHA512 612d329f80a03955ca26dcefb72ecc6a15a813642d0a78d5e83218aae50ef4ad7fd6f372188747150541473553327bede7fd16f39f4432a37d91cef99c95af59

memory/2908-17-0x00000000734C0000-0x00000000734EE000-memory.dmp

\Users\Admin\AppData\Local\Temp\drivEn145.exe

MD5 6602ff4af6144bfdbabada3c2edd2df4
SHA1 b15bccd4d631b6b203494f169131bf326fd7fd35
SHA256 1ebbafe5f133cc75dde1a3569c29258a9e41ea56fc7910e977a7eb003fe482e0
SHA512 66997665e32066e56a3da64c4374feb03b7aafe26530787c26b3556556f12951db6b80cf25a3edecbe1b226afa8c0724364554937b32c45e3c2013c272a8a0d4

memory/2908-29-0x00000000001B0000-0x0000000000BAE000-memory.dmp

memory/2908-33-0x0000000074920000-0x0000000074929000-memory.dmp

memory/2908-32-0x00000000747C0000-0x000000007480A000-memory.dmp

memory/2908-31-0x0000000076810000-0x00000000768DC000-memory.dmp

memory/2908-34-0x0000000074190000-0x000000007473B000-memory.dmp

memory/2684-35-0x0000000000350000-0x0000000000351000-memory.dmp

memory/2908-30-0x0000000074AE0000-0x0000000074BD0000-memory.dmp

memory/2908-36-0x00000000740E0000-0x00000000740EB000-memory.dmp

memory/2908-39-0x0000000076980000-0x0000000076A03000-memory.dmp

memory/2908-38-0x00000000734C0000-0x00000000734EE000-memory.dmp

memory/2908-40-0x0000000076600000-0x000000007679D000-memory.dmp

memory/2908-37-0x0000000073860000-0x00000000738E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{91939DB1-D0D5-11EE-9FEE-EA42E82B8F01}.dat

MD5 20bacb4e43ea2207b16dc767c17138b8
SHA1 c6ca1f7f84448477e81fbafbd3a0613a8832d3b8
SHA256 32b1bf0e394a1f00962e4e725134be59f0a60ee3f7caa45b3d83ea1bf71c95ae
SHA512 f883b5b4e60829afead83eb381cc3fcf67432a0cf16433b87079ecae78212147e8041ebe4f6881f782184fe07aa925b550d252599bcdab42a12457fe5a2e494d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{919D2331-D0D5-11EE-9FEE-EA42E82B8F01}.dat

MD5 94764b5441c1e923484c18a3c34e9a01
SHA1 fcdb5be5ad5775f128d7aa620b8e50e4989a0233
SHA256 2cd4d14de93e837128091577af5b1dc59a50b3b3f4a20183241029cde4eb16c4
SHA512 ab93a6d86154cecf99689978c33c3352cc849b85f8933bc9039e0eb01900168b9bce99bc9c2e3d54efe088426def792b1a66a7190f99f2b0b33f1f9f839fb7ae

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{91986071-D0D5-11EE-9FEE-EA42E82B8F01}.dat

MD5 715c3286f16d5ffdd3c491fa82ecbc66
SHA1 26826b675283b98f865a451f8a0273b47488191b
SHA256 186d02e7cb9797ac33557baad4d08f00c08b1126f9af37b0059b751ec39cf901
SHA512 c58eff65ad7806647bcf750469544b9377786a532e3c9e95609554e38ea7f27fcb5748fda1c5be271812a6551a7646c4a2ae17780171fb2c60380451bd3d5732

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{91988781-D0D5-11EE-9FEE-EA42E82B8F01}.dat

MD5 acb8b40ffd7efa4e317d0075ad9b740d
SHA1 a3e78f6076282e3ed03d08add457347e560b9d39
SHA256 0ad8130c62935d6913475897230b6d66e6152ad1971e1c720b437207baeaad54
SHA512 1f41f6179a947894ff699b293573a6d8d6e623561b3a9fbbbc03098c261d41a71bd9da293acbf383a1e043ebc6f4e8865e24e65b0ae0b8be89a3896eea4d701b

C:\Users\Admin\AppData\Local\Temp\Cab1C77.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b2235675e6b001eb1fcde276ece967
SHA1 f682ecaf1e47ba20e533a665bb456a5ec2e15fe1
SHA256 35f6b1f9be10840922ca62af4be107f8e8da51654e110e3c0b0ad9e93c2b09ff
SHA512 321a662f773d4926d350f76cdad2909d40f66e7b782efe71ec62edaebe9d965bfbc72d1404256942402557265f218fe84ce5fa3ace040966b1de6136da67a372

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a10cd3b046116320fe7951c1f377130
SHA1 1a7540af712bd5c340c1d35259698b0d9954e4e1
SHA256 2224a99113542b434f54410a8b8e579b0654508a32b8769afa1245d479b31064
SHA512 e82c8e99ffc0a3ada42d1f662f7c94bb61f3d5a9e4d6bdd3f74b5c6c47198cdbb98011f6f43446596dc418399f396e49993082fcd1b33b05272d0fa0842c8bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1270c9fc6d0b83a810cb8c486bfc65f0
SHA1 e535f39e2e553e89e282491bb6751daf946c54c6
SHA256 00dbeeec1b9c66830a67d5fbfb0b667c5dbcdb181d1a73e556754341fa0112d5
SHA512 cc745c9bcc8473d969a0286d547337a94c96ea7e065bbd5939f493e7049300c225790ed52e810cfcb7a27ff04d3589792daff33ae53eb6d293f7e69aba53f6d6

C:\Users\Admin\AppData\Local\Temp\Tar1D36.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0d257e7991f1e5786b0bab172ebf6c5b
SHA1 c152f10cbe7e50d9f837be0437a83bf3f900ab84
SHA256 d9aab84e0219a9745a27557eac0c559294858f75778628044f09a4528ed66549
SHA512 449482b2c1842a6407e330a1762f6c2d3c763ff7c6e75071fbb75a681ab3f4262b6293d4fe9092ed8a623905e31076275d71fd49882d8ad3d57eadbb29e9c33f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee669755aee797cad076bf56c5339610
SHA1 ddcc376a4f992c6e4fe2ea2064798dfd775f477f
SHA256 9901ce7341caf34ce7464d4a4f122a9613686f99593c2d16cc7a738ae74f30f7
SHA512 a468b6b314393df5715c751109a86161fe1a40dfb42d0428104a43b06e18a8b314ba224f34f619bd93f3f7f9949802f9bdcd4d40e643b5a3004bc57eb169988d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0a480c8a0b4fa5cf1c6369c2a765e433
SHA1 ddf108323ec1491bdcb45fa38d641f2cd651f83f
SHA256 dfda03bf0423aaebf7979e9da72ba985f9382130c168ab4a04ab5e2f27090659
SHA512 53f8fcac1ef05bf8a345905ad15e7092179376f657fa8d7bfc220c0a25305d2f80b034eaff60a04afcde763adca553d9ae30c6021dfe6688b7025ecd925260db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5424c5c078642f5cfa697b4205f66a9
SHA1 08c2cabe1c9009549981cef41050ca2497d30842
SHA256 766459d6706fbaef2842904f0dd0fe8c958e85d5d5224ca1917c9d443e366b0d
SHA512 8ad73a8d50785f1a30f597dbeacf1e413207f7ab2fde7153e340713acc45cfa8e2562565daf9bd94e512ddefdd1f29c4278945fa4913565c4c9eb9b20986846d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 aba4ee7cd071486dba80f45f3c762bd3
SHA1 fafa5e04058bf558a9ecb678670fb593d57fd73d
SHA256 288ab18301ee463d2f6c3e9ab765cd3f54ffa8ed65698da9b975f96dad66a2be
SHA512 3aba64353df569b4d85ffd26e5b635ea14b49bfbfb1811e23f4bdb710d715d51e4c407508a28efb395cbc3df9e60c36e7767bb496088663bdff0b27bf4c96a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 e46479f94405e7977f00d8a78539fe0e
SHA1 5da53cab54559f2d7b8451ee184c389699c7eb7c
SHA256 1652b52782124342e5890f7b41735719c108c4bcbd47bd3f51185f359d8c6efd
SHA512 90f5e6350f1c71f21850c25834a484d00996016bcc22bdf9ded3d76fb2c76adbfd88c613a239e19c396f8eca21b4684a21ee92ac33ffd1857fb4fb673c49ddf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 abeec028953f49debda8461229439a09
SHA1 b7f218be10924f40aa3496c6cf630b3a6f262f16
SHA256 c1d980514b62bc2964fc29e24bd2e67c366589100ce8919b645c2f143f4f3465
SHA512 a3b7afc073a3765ab7c43d7b54d899aabd7960f1314b138f70d2dc17d657722f1451baecd41ac4b56bc71a79fdde2aba4a8aff0b10ccb792eac51bb3e03377d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 5211f3ba7091eff550ed84b0c36f4c00
SHA1 3fdde83480cf490b2274724450f040211bf4e63f
SHA256 562386f25be9a161d67e275d21fa0bd979a7a75020f1dd7c06c205402792e4e9
SHA512 9aa65b04e76390416946b086938ae3ce2c7d9e905d19e12e609b51b61377cefa628d6428554ea179c637d96c5f2d50774a13992e646e6a864f86266c301e9d09

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HF0O4VNB\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XPXXM883.txt

MD5 0dcaf81d6216ad58982838912dc322cb
SHA1 5013189ac1a525cf90519d437edc84d57cffc060
SHA256 2bee03523e07cb9e4061ce28acb5ff78678d5f752e8cbcde5e81ec2b69f2a2e9
SHA512 74854d9877e29d0b0c68b21738e50d18e6889d2057e2c24a2992e56ddba6f479640e06a0fc4cda381f754235e4be66b320981025dc3cdcb7a55549583a091d93

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 59349c67d513058890cd62d40139d372
SHA1 bed22e9c7c22c937dbd7680b3658384bafa42a02
SHA256 bd3d8882b58f3c881e3f198287f00c4e2a597d377fec3c5fb84fb952b503a52b
SHA512 54441cde3638f45344b0a427b638baa780f531cac0fe0696915c354e7babd835de28b1f721f304645283220d8d2f947df873e481538af71460e7857ff1e50dff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 dbd14c8822d42ac0af82a891d794a159
SHA1 008bfb1ea1dddda2b7e89386afc41003d470ebc1
SHA256 e21cf70f09a6d42a1d17a4283ee61767ac4bdcf5695c7fc3a1481875d27d05e4
SHA512 a50523b0c409d12e304c9b345c96d16f4ce8196c2f7ce8fc3d2488a24c76ce56dff3607567c370b4c46ade8d5f6476bcc5e0ca6725988b4efeee260d5dc2e975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 4b8164b49be4be78d00eb683f1e25b23
SHA1 c273c3c9147a44645e5471307c1ed973f8647043
SHA256 c36fb39e271401521ce3df5447e43f39cb5d49eac296c03f69ee813e0c9016ec
SHA512 be4227aaf98aa346e230ebfd8da7e121ba7065765dc102a220384549ced213cdd45cfd43d3ebf4f332c1e608e9102d501c5f9b97ffaaf719a72a754c2046a065

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 28a3fed348d997baaa35f0396df8bc96
SHA1 e5ba0c2b9263e644a97f39423a810f611a80b8f0
SHA256 a58e19f269ea2faeca64bd94e3efedafec971b0a9d9c10a6b379099ceca931d2
SHA512 e3ab67e0feae1b730154a45ead2065a5403b507fab1365de30f7a5b64745c35f3bb5ca01942a5255723423508af728700c85dd74804479cd09785a1f289a3219

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 c449a7b62b80298f31c8eaf7bdad8de1
SHA1 5c63463f27b0f5b87f1fca9e7eb358b46cb6ddad
SHA256 0a004fadd035995365b1594cda7f50529e4ca6201d4cdd4a6f478dff9db60dc5
SHA512 a0325b9cc5a5a5578e4f36f1235cf2cfd0f93824bfd43415ce6ff02dd14ad6a27b64233d5fb01140d1654888225d14ebddb7a90318fe42759f30f400d3e2bbc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9b35c22429f6f88ab52fbd2f0c4de75
SHA1 6cf9869f2143c420bcaddc67de1b0c0d01d43279
SHA256 61a85e63ec50956d17b969dac987dfc7a25d2fc212cb9e47e71875edee707182
SHA512 8db049f6abf86c6e879fcd483a7513f56b3779b4eb6268a9725c8bd648e17d76bf5d666e49ddd1d77408a7bbee89a39c4554733657281e23b74e94ab17fc7ec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ef84ec2c53740279280254cc459b492
SHA1 27e8cbbac6c6664e2df38f9f336ed7dd65ad0828
SHA256 fdfe761727322ec591f157bab576d78bf85ac98205bbc485d227f671cc86ab0a
SHA512 9de3dca5b443d5bc2689870cd29382b3d2ca4295e1de7e0059762746fbf4aa2a71a63c3e608d2d1010d2523a277602d688d47603be7dc1043aacc9a434c01ec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 615b03ce3e9d5ccaeb0566fa6ea2ded4
SHA1 09858ae0d9a41e66868a7c59d8d79e63a3523533
SHA256 1178c1575368c2cd2c88bd5b8a494d6cfa51e0a3825926fbb6c3450bc0c9592e
SHA512 4e3a447a3650aaf9ecb3eb643c71224e8f05c19600f991c9f05cfb0ee562692b8727ae9783a109539b08d88df9eb3b82b9483544a1ce3555347f4354fd3c6e1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 938c34352835083d7adbaba65229d2c1
SHA1 7f0a43a17c38588f997fa5be647ccbd3da886421
SHA256 4524a17f73aa95069a3dd2b3aefa4f5cee572d3157718393ca45398ac0bc8dce
SHA512 b841eb76ed3fd7dc15a5e9e037e4fe58477c9fb1023771d48e60a1f75d5c95701bbe46fdc04b8bc38f39f4e6daf73a896b7b2faf07344fed52e93e50507edd98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5672de5971760974135cf597e376f458
SHA1 6272b435cc990d5c543c26cf0a9a485c93aa6e6c
SHA256 0a98d990a9b790a805418452a28082538ee955bada4aa4c7757c7e86cd549096
SHA512 dc5f32299dfda7fd35c268255e27872122ee3586309b4d5e0053c8047e5eb1e42d19649534abfd6b8c0f63b7d7cd3fea923330df4983bd41fe3c6bb1fd54cedb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a569f48f7ca020c33a75fd51d528e4dd
SHA1 86ff1b4b434cec640db8aef9b1199b9ad7998c9c
SHA256 dfcd6c8507c7bb5cbf1acf5ef1d8758649f5a620bef706faf40eff7681a06cf6
SHA512 00200bf493112255cefe8288f60091ab167c16b2caad3bbba17adf0144a4bc1b1abc91bd75ae20db08d139cee1d8296100858c3887319dcfbd7b8c60e1092274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9064be373c2c9c75c2c89d61216c673f
SHA1 6b71980cbf2f15b2dc627ef3c51665ae48d2269e
SHA256 4c698cd93d26bed51cf897c8cc6d02c429c28e04d7184f0a178f42c2089dcc2c
SHA512 919a9bde91ca0c011c6be25579993d3df2ee7225811970368d4c499272b71d6d16293a3fd6906d77f8ed57ec73a645686e4753bd088ea241ababb65ba0808e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec99e167b3119831283cbc36e204f6fd
SHA1 22a2f75c20a2c07baf28dceaeb28d2e803f9e0e1
SHA256 aefdf51729e82e43300ce3d389bd198ffb0eb8ac903812ab3a71c93988c3e918
SHA512 c28cc8504e10bdeb05ae896433bebd05d4b705824a8e413aff706976e18227db6c6798a785cf84a4a0a6d0fdc20349f26c13895c2814f28ee0ad26a91e78262e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 824567877e5ba28fb9e8014a0d5e65fc
SHA1 2d5cb4db7f0bf07b98a7c8e7dc6148384943c335
SHA256 d79d2bca5f7ea3d24fa2c925bece717c6cbd029441fbd28ef1bcc4984b663747
SHA512 533c26f6ff13b6258cc13438a4a32c5bcac1d92e58b45c2fbe5923cfa7805108d930660ed29f5ec857586ce7ea91c52a83a43f18c6dd4fd1948c88743ef4a346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28da0b595c4faef7220f8272382b7939
SHA1 63448add4c051006a2a9cc4d4e935ac833156547
SHA256 3e1dcb98c28db21193c8ee1a8b864c79eebf794b46b71ab47c480a9776ee4bfc
SHA512 9cb6da8e72babd985ab351d266eb2158763229a7fb08762ad647da2a432eda5b28425ad0831ad9f7bd1c939b3ea3e5ed020321e8300022ce6b3483d540b32054

memory/2684-939-0x0000000000350000-0x0000000000351000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39e40b362bdc1e121c6c6a234cf5a7d0
SHA1 e7d46c8386bad51ab8b775c828ece711ef320302
SHA256 e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192
SHA512 b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1840_KBURVCAXSMNHDTLU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b9e93a59-90b2-48ff-a6c3-f3dfccc78c74.tmp

MD5 d49f4242c8dcc636e4a2f35934f8b8ea
SHA1 5d62202c729bf005fb1c60505e88b8d686c2d7ca
SHA256 83e0bb95d1b85ad459d9b167be8a7a4c718535ab172aa5a1cd62a5f45661f859
SHA512 5ae20ead44d4dd9f9200a312ed94069d246608b32e81629f4f193f8ad64ecca9e550ee1c6033842903109c542922772df6ff1707a2a772dc612c9cc1cb92ff48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d4c90fca2d5ca2c3182e6b8aa8bfb054
SHA1 181173a1351984399c1231f5a4b80b5f194040ba
SHA256 9d4ff97dabfb85f33c2ed2925de4836a519cc329f625524c6728ea36747e9489
SHA512 2b98e094b80aee4dd99efbd925c845f1802d60dd83608b41261c88c813a256bdc59b35e5395233df0d67ed7c7cad3017e69f441b3de0b1f048fb3636204d7cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 6cae7bd7227a046057c535e468859fd0
SHA1 af2f8d4674645af0049c98516ff18c2ec7a3ebe1
SHA256 f6fd156f630e600fe6566c61b0f08bb7422188b59f96c83e7087e4019889d901
SHA512 62a12c58119685228e3eef08cb92894a67d35874003dc74be9531830078db9611686ecbfb51457920f01aeaf8108d3992c5e8cfe72a807ca06ec6e1cfa4d808a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 859675a5db847da210c81ee102f90074
SHA1 63bab6af682ae36d5c39f44a46cdf160624d9712
SHA256 1baa65a400f120edd3f349f0ef744600421347a1c04a67e67749f9aa06fc80a9
SHA512 2c1fb301bba91f987662e3988bf6628c91e2ada197e5af083da3f85370f30765cbd976f2893a958a6e8e075b6575bc9dd08756efc40bf1c32a34aabc7073f862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 b3d8540df79dd41800e1935066235b7a
SHA1 011fabf5923299d2d6fcebe264175a13b21c2368
SHA256 19a1fffc3d2cf1e352d9c3a9887659bab2de1d0fbfaf9bf58dd9b6218008e5da
SHA512 7b38ded7d7ab2f9bc12abc70d5bf745613ea1449c0d8bfca292df457c5e398334a3e27e93db4f2c2d4c959d995fac4042cebf7d85edc3a52aedd9a7691d44be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7685d3.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0e9ed136ce288257f666d07ce9d108d3
SHA1 1887a3929aae190fd0c61d8144c5b49e8895e5bc
SHA256 accc10d914fbe807ce4cf0e4c3fcc61077704b9a742f556913e6f9338de4f3d3
SHA512 3d051f3e4a130c254998ac3d438e658617391dd1019a842f97e3d23e23ea04baa4a33d2a725a643c2b4c1458bc2ca5742ce98aa6004e1af15e6230c7820237b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1840_812211077\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\6d986775-92ff-462f-b0ca-1e9cd14ba8c8

MD5 412c4f22bb213fae797fa137a9b50aca
SHA1 66c402c39d2457fb9760d11625c64481d4e7b494
SHA256 509162988b898c23aee972500dddf4aa3f1eb141f663c03fa2ea3282069846ec
SHA512 9e3650ecc3ad581cd3de6bd30dbf8834d34827b441a51c833ea3b3b7f30d22e314db113489fda6723f08c4a14147cbc40f4e462b507b65f02d1fe917d9c6b57c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\08715dc4-21c5-4e05-9194-b7f3f4747c1f

MD5 17d39257ba1ff0eaac129d1ec83f9953
SHA1 4e123f6da0ce76982aacb2a22ea4c4d15b420f9a
SHA256 ef56e40348ea4f536be811e1a5206f50737c0d901507a730dbb18915abfc4702
SHA512 bfcfcfc47d4f0301a2fd927cbd562ae4e4bce56ce07a53439130e19bcdca67b9ea8198149286851947b71dadf36fb5a6c5661d7c674e275306368910c4f29df9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin

MD5 c7ee291becaed0f820c5a58c75780c2d
SHA1 cf9058c365ef2b3db52de50a373b85109ed24437
SHA256 1d78d34064dc50e4fcecd3889affce26f036654afac98a5be5f56b7bb6ed154b
SHA512 8a208e3310db3162389a429ce591ab501f159ff5d514783d0c2a2354671d2ed26d68f89d5ca36c94af0b471a23909fcc4dda1b35c2b78d0587a240eb3a455e9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs.js

MD5 30eec0aaee115c8ed8a8d0747ff4bf1a
SHA1 b3dbf3e09ffe2070f6cca7d07a8bf31b32988f5e
SHA256 a0d855d56ff3736a2dcb0f5cb17445a82849669c2e7963abfcd8fcada04929b6
SHA512 36f260691e1d7463b638982fee05155bf611ea975d06993340be9d3d8bf1dd316a06e54bc6710ca719491151442081a8163ef11d756bb949401bf8dea6542693

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8186ed32ff801a3fbc2dd3ca131c2052
SHA1 2268c5c1a427e485beff0809112a2a322dbc00a3
SHA256 b0bd58d20ee2800355c6522608d81551c93093f089ec8296db9d5125a6e066f9
SHA512 3b9a83b89317a0f15ff8de1ae3f65665016183f685d70352f032194db8d45555759098b554d8372a1dd985b27a8a5570cb9d98202c4b4e1fc5a16d875a146ed8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

MD5 0f8876c9de2a37f1856583a57f942790
SHA1 ac6a9d464e5c822dd98551656d0356e47d714f51
SHA256 4e62dea9d2c31dcaa93b9caa2036c4140680a6b8242258a2243553c564a0b4ea
SHA512 f50abdf8e3024a7d38c51e89f236b3aba8e48405fd74e514aac43fc77f20729eb96dd6cdc24d8a1ffbf94d43c4a6363275eef27509f86d2fbc2692f4f7cbce6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{4888df93-869c-4160-b095-3ce9b7fcc97c}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\default\https+++www.youtube.com\idb\62064698yCt7-%iCt7-%rce9sfpeo.sqlite

MD5 941409422414bdc3fffded2087d88ef3
SHA1 f0a9c57c3b85075ec89e0f3c3babcc35dec85872
SHA256 b4f7af1e1ed414cc80280cc135bc56c4f2b7eab98f7a47060b9ee5d3d096d169
SHA512 f9f56caced9cd929c75e40d39bbc4baa3be890776b067d2026ea121614899ecd1db75395314c2e4bff0204cca5d8a304de612af38ecf9c0f69c4478f987be76d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 b67cb4991340874aa0aaafd6fdf65b1e
SHA1 6487b210f01f1f2349190575b50b63f7f4a2da48
SHA256 49558f6c375d42fbf6657719e4fd8baa8ae36b66c705e864a574f6ca2fc9b48e
SHA512 d464557858f9f5efbf7df48f944b8fccb7f2770e1da1f97302f8844a0e6b510d64b5f28c9922f8355692d21bf35ad1ea03b9e2af9a3ad0a3e9337e17e5379d9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 f601ba2d98d1a3109bcbbadd9a80da90
SHA1 40cc233f96b8fef597b8b0bc88de59af63a40192
SHA256 d9159df2e0a8ffbc74feb178292fa8eb362cf43d0adb81b4d1b551aefba0f261
SHA512 f8d991d333000d066f29d0a676bda56b8cffc5b06aac9f1c6bc472e848ff56ed87f82e32c87a5dd7188fb0b72ab9f1d1b88b9dd7c05f4349a2766879e7b8db9a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 239c8eb8038b6adb23c45f4d28abfce8
SHA1 7eb6481ad114a31b0d1cf19a34fc7867d6fb69fa
SHA256 72d91661adceb04f7b516b966cffe1f309df089b59dba2bbf20f79f86bb2b3cd
SHA512 0d96325c954aa4662814cdd5f5d2d42d52822234ab209377a38852d89799dc913df568bd92ba3a1fd8ebb99fb9c65f62ddee5955aacca558a63807d0f4aa6d98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 4876ac7708fb8d95a9e95ecf62533c3d
SHA1 abdcb9acab3ddbb400d1bdb4e98627e94f64c6b7
SHA256 90a07bca53877ba41129abb40f5b46e9bd729f659e291e8190f5ba06276092a0
SHA512 21054ed39f72b0491c53bb1bb966c843bcc0abe5b0244fc67588c25b8bd1d91ca7fac17173c10763f65472c36f228c403fd34746c83d3c1342a1812ba00f5453

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d7da9a86fa18ab60f2603041bc0f8361
SHA1 67a8881840b1898a6de4ec0d36fc86c212e6d383
SHA256 408f4e38b2122e62fe33979191f2db0bd5ee2782c9b9b0c4433858396ea86e3e
SHA512 7540e9fc8cb4c242876dbbef4741880d0f26f5136612d3d92b88cdab296c415f1b0732d4a85f51a5232196655cbadf4a0e388857169e12ed0477556833b8d61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 080e2821c5ae3835d4682d4846594f16
SHA1 a0c962b20fa472bcfb39d0a82565ce535f49ee7a
SHA256 83439b3951309d7dd2a8144214936233473de8d13605c198da97de245e73e20b
SHA512 75797e1cc2980bc716fcf726ce3e3957d97aadbade26f24147f0e96bae5fc972676200da9f271e6c6969bec42ea83487cb6c6443ceafcd7177392db11c38f5fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0d7db7ec8be8ddc4cd471d0d2d6bb01d
SHA1 e6d5d1bdccfcb1b9eeb2faaff3ccc185e4819753
SHA256 f607643c2c3f8009c75d3476b6ace130236ba48a66d06d0fe164f42c9a0fb5f8
SHA512 6dfc898f93177a79471d858fc322b988e41c9d07264d74def0123de25104aa5e583fabd05df6e0f9b48736731b2778f5974d18043c08f88d68ec7677b620b245

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

MD5 36d564cf16f2c22f8e4e1af1f3cc8081
SHA1 a39c7b37e1aae2e88aca865d33eca5979bafbc2a
SHA256 4bcc439d21af711609941c161307c0dd68ed5b21605f9999c6b0cdf42e7c3848
SHA512 80983c818b61ac35b0c9cb9637568fdf3d146c345bcf252777a122b777194a509f78f1aafe248000215e1baa3a755454927f9ce56151953017faf9c7dc027a71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 49911b5b42188268bd2dd032ca5c9e3a
SHA1 4c98b85e91863b9fa58cc4ab25c2289f17d43a1e
SHA256 352c223dc19bfe07fb960567a30cb46494a1ef0a977414a2e60d0e7e7e49b6bf
SHA512 480e39be0d7810d6a6b7e9670df04807e7afeeedd1dceeb88df58742538ca55598b28bfbd346b75e73241ead19d6d0e07fb387ec056049224fec1d83e2ffcf76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\05df3160-9f94-4108-ae80-d3caaca3b1fe.tmp

MD5 84c575314f8e810ebf1ce2b63cfa82e3
SHA1 36579c5ca174049900117b25c7c678d7d26ec231
SHA256 411e5b1761bd2ce378849a5700cef9a584776acbb6705806f0c5e694ccea0209
SHA512 6696163d5feecc51ab5da0f94dee8214d1c15b8c450a60e7f2d348d8e403367cfc9e87e6445746f077cd9b0efde4ff7f49f6546b1b4f588f03f969ce4ac75a8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74c274f6198edf3cba74d689c8162d7
SHA1 da0270e4c693db8f85da09b5a9b29091b3bb65ac
SHA256 a8c651204ad9dcf0dc49d6b1792d32a0bc90518a7a01d4ea4dfb2b4ad3369a39
SHA512 34b4e1095e2926124370879209cf9f69a846e069511b35979b5f2a73fcf14aa74987f67ac5ef70fcf3c81430b2dffa2ae960eeeda67418506bc71254e49b23d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e14e1031dc8a655a56850ddef39da229
SHA1 1eefe0d237626ada6db0cffb7a46df0888358a03
SHA256 20e206ccbee19947671e0eac21685a01770aeadfad3b4db2ceb0e918fc6beaec
SHA512 c644a3740e881158484d99c6b1e26857a47bc4cc6a4ffc53707fec135017e822bc62a4acc3dd58d27d36bc08acdc4fabd0d04785895660d9594fca6055d8209b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434ab654dc4fe749b7049e5ecf817d6b
SHA1 ad41bd9d9e2d300745e9da73812973eaebd3449b
SHA256 82de7e17d4d0473d66d4acb10bf380801c2f7dbd795be93ddf34121532a019f0
SHA512 568e9c0b6c2a6bd9b6d2e691647ba4525ca1ad5f7c93a0da9daa29e8a594491db0b1a483ddc2b000c42086fbdb8a7de84113f26e335e210c574c7f27c412d098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf5e70003817f6c75921f6ea9b1f7100
SHA1 6c268427991de0712640050b81fae8705dc61767
SHA256 866b764b508d03168e7bce65ec38ba46c3e76ca67fd96c6e2a014f80ce6b3b73
SHA512 676d577d1ea823f44829c72aae339aec4b2482031cdb82716d0e6bd5e9b39499af975b0a803dad9d466d0aac78d59236e97ab624d29d9613a166d559fb0ab7bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

MD5 3b5d2af7160165eb6030d3f4a1d4b26f
SHA1 c71ae009789a788956059ff7c5fb814a0aba4079
SHA256 853ac96e0f99bec40e144f439e74b72d8c1874f6d7d534af7ab993eaff800e9c
SHA512 382c018828248321c40520c4ee4e49c17bca59c5b1be2d3557fb622c075eb05c54826008d4fec24b3731d4857e4e33446a7d79e89786d6d98b2c3c1c130c50c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d075fdaf81a38263d96caabd9d26f2c3
SHA1 1392d5974a5503bfef7a565f2eb22aa553dd80fd
SHA256 ad4cad0da06adb97d600a4f1d4a354b185943dfcf16da659a78848395c8d0893
SHA512 c889dc33515a92aeb5d9353d86f357970d2c9581b80b76c944dea0e7022a34b1f947d05f847d00af4bbe7424941d273a56f48485a9fa13f839cdc8b2065599b0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8673c336f0fb13c822edcbcca4373069
SHA1 d6ac7342188ca951c7a62a8acf21944de119bc25
SHA256 a641e33b953894cc1e45f7049d2a21970d108e7d767c81d650f5d797064aab40
SHA512 09f9b730eea7889e97a18823e1b071122f93076ff972a9f5c956e531a143963d91583b7ad4f5dde7b50c32a384d90013ae6d432fa6ba1a4e9b9abff4699f78a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38e92707fe84f10286e9f707500689da
SHA1 5531261805d99e8cec5719cb2726fcf8a6078600
SHA256 08fcbf60b809ba62e0f5a5867367293734a1e18d7fb913bc01e776884756daff
SHA512 71a2c3d2c44f4360c11d788f350a179acae39ac36798a99dca84c3c07b311d8e3fb14474fba8fd72ab3bd0caaaf8a8cb9d1d79bee1b23abaf10b9e94306c627d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93f68e1c64ff549d6d6e138618d6547f
SHA1 4e5e9ef603c338ecc61bb5ae1c2ba9e7a458d2d4
SHA256 715b51d0892396bf7118ab697f00ac3068f29cec0378ea4c9119dace4bce2012
SHA512 3e8d2e579b2e2196be8db0098bb580e26e63cfe4a604247c7b89eda35a9d2b23ca2906b56f04be9c2d1f71ef868d68c9217fbbb713781ee8a34a73ee5d4eaf5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44e5a0e3877deaa518c27f5c80293e4c
SHA1 1ecf56d96e5785a6a58467ab23d729cef4802092
SHA256 0114c040940b1a18f38e3dc272072764604e6d626add232385049ad718c36ec6
SHA512 1783e29dc77b48717984fbf038c5b7c1ac7e3b7bba27dbdc8f9eb26010230dc0b7ec13a3487fc3728512ff1a65be678060c9d6cb748cb5cb3e423c3c1e35b9d1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1aacb6377ddda6402a964ce42928ca7
SHA1 653d7744b11ec549e26f2b99bda9a3ecdba3b6f6
SHA256 e782f5635f270acc6c3b1c8cef7d6a2713dd0b42ffb332657ae71dc79f673d96
SHA512 f0fb016762f6da4f7a90c1c131df5bb1d68b5a5fc4b376318f028b6e565b000db225e68f7c79d51b46cf43711b1326c7c45d1e07a913e72b911822f6fdd08b60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47f9ac0a26302767101568daed6c1ef2
SHA1 15c081be0e83e441453d0ce16d3ceea5b5588e74
SHA256 ad1b485b5eb1784999de8fec0123798e332e5b513823f0cabed974674528fa66
SHA512 693f3af2efe4b643f80bac02814efc5d3332713252dc0747a8350f7ce4527e7d27f5f2739bbddfda335c402eb739f6adf1cbfd5aeaa0d9ba0a7717c89e7da042

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 461afaed8db05840694b2d2a800c8581
SHA1 9759ed7b6963974ac1efadadef6e304faec33863
SHA256 ac7e409a649206c8d4bac72d6ef9f82f7899f12463d3223c887f25f90aee1c4b
SHA512 64b439d06f1a87ecbd0d419ce557bf54cad5e6749bb8d2f92e973af49ea6e2ad4b6c24205e15d662adb765f77917953686b5c016a2a680ef4d1f4a197ed1ac63

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-21 16:23

Reported

2024-02-21 16:26

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\drivEn140.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{E91C7F50-D864-4922-92F9-4D565860522C} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{2C93E7B4-363F-4F6D-BB4B-E23AE8F0727F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3028 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls140.exe
PID 3028 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls140.exe
PID 3028 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\sqls140.exe
PID 3028 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn140.exe
PID 3028 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn140.exe
PID 3028 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe C:\Users\Admin\AppData\Local\Temp\drivEn140.exe
PID 1116 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 3368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 3368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1588 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1588 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5116 wrote to memory of 956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5116 wrote to memory of 956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1116 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1116 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 4916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 544 wrote to memory of 2680 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1116 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1116 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\sqls140.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1580 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1580 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1580 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.TScope.Malware-Cryptor.SB.26060.exe"

C:\Users\Admin\AppData\Local\Temp\sqls140.exe

"C:\Users\Admin\AppData\Local\Temp\sqls140.exe"

C:\Users\Admin\AppData\Local\Temp\drivEn140.exe

"C:\Users\Admin\AppData\Local\Temp\drivEn140.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c5b9758,0x7ffd0c5b9768,0x7ffd0c5b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0cb146f8,0x7ffd0cb14708,0x7ffd0cb14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c5b9758,0x7ffd0c5b9768,0x7ffd0c5b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c5b9758,0x7ffd0c5b9768,0x7ffd0c5b9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3605658914540142535,3774086901354550319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3605658914540142535,3774086901354550319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.0.220799312\1116590633" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d1b1d1d-2c43-4a20-a999-73ee7ec36c80} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 1980 273ffcd7758 gpu

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4213498949492475792,2485912006582923296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17805639874566905523,12465623001540596163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3573445693053395712,5014657722549370831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,8630086422546745336,15339818533565130184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3008942809199729488,11248564326214153187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.1.311405243\1032738264" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34ca976-d1e2-4cbb-9cd1-fef2ba687cfd} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 2452 273ff7e3858 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.2.1952262735\243647056" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc531bc-7791-4962-b41c-1c6d8d82dff1} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 3480 27387e71358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1976,i,6807514963595208760,6368558261154669330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2196 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1964,i,9760348764058420898,1075456369149017855,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1964,i,9760348764058420898,1075456369149017855,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1976,i,6807514963595208760,6368558261154669330,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4900 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4916 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.3.43334431\730518507" -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 3672 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59e78646-d673-4cbf-9772-6a50edd00d92} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 3712 273873b6958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.5.2002512664\1119299516" -childID 4 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ea50dc1-f96c-4b0e-93d2-f30954dc0acc} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 4000 27387604a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.4.442295244\819193374" -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1693616-c8e5-4ae9-99c3-4fad5d29ae6f} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 3912 27387603258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.6.628207184\1917414932" -childID 5 -isForBrowser -prefsHandle 4660 -prefMapHandle 4548 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383de581-9ef6-4410-a10a-99d189ccfea8} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 4672 273f77d4458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.8.1718591655\1418208571" -childID 7 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f1c6620-d613-4302-b9ce-7dcb96da6d69} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 5652 2738ae98458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.9.356972101\944336834" -childID 8 -isForBrowser -prefsHandle 5856 -prefMapHandle 5532 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4be59273-5101-416d-9f0f-1069d3382e18} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 5836 2738ae99658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.7.1617927209\859067449" -childID 6 -isForBrowser -prefsHandle 5108 -prefMapHandle 5548 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a41dfed-2e93-48ad-aae1-297036a8d5da} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 5532 2738ae98d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3180 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4728 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.10.1368553709\1168946346" -childID 9 -isForBrowser -prefsHandle 2904 -prefMapHandle 3500 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {543107d7-d2f8-4e9f-9d29-768159dcc8c7} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 5460 273898dcc58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6008 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.11.1154704925\894637555" -parentBuildID 20221007134813 -prefsHandle 6228 -prefMapHandle 6224 -prefsLen 26300 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ab8ad88-bcab-46aa-8157-7a1740a58605} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 6236 27389853058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.12.2078649240\843734135" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6384 -prefMapHandle 6380 -prefsLen 26300 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30364db4-1081-463b-bd05-7047f06a2bee} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 6392 273898dab58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2680.13.1472058544\151520707" -childID 10 -isForBrowser -prefsHandle 6588 -prefMapHandle 6656 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae156a9b-354e-4470-8a56-2066a56b702f} 2680 "\\.\pipe\gecko-crash-server-pipe.2680" 6668 273898f2b58 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,12474782642408088159,18239428913422074581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2500 --field-trial-handle=576,i,17433700757628718408,4369865500769061406,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
NL 74.125.143.84:443 accounts.google.com tcp
GB 172.217.169.14:443 www.youtube.com udp
NL 74.125.143.84:443 accounts.google.com udp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 9.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 84.143.125.74.in-addr.arpa udp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
FR 157.240.195.35:443 www.facebook.com tcp
NL 74.125.143.84:443 accounts.google.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 74.125.143.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
FR 157.240.202.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 35.202.240.157.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
FR 157.240.195.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
NL 74.125.143.84:443 accounts.google.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
GB 142.250.178.4:443 www.google.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 13.107.246.64:443 platform.linkedin.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
N/A 127.0.0.1:57328 tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 127.144.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
N/A 127.0.0.1:61924 tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 200.130.217.172.in-addr.arpa udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-ntqe6nel.googlevideo.com udp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
US 8.8.8.8:53 134.109.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
AU 74.125.109.134:443 rr1---sn-ntqe6nel.googlevideo.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 74.125.143.84:443 accounts.google.com udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 74.125.143.84:443 accounts.google.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 e2c35.gcp.gvt2.com udp
IN 35.207.247.6:443 e2c35.gcp.gvt2.com tcp
IN 35.207.247.6:443 e2c35.gcp.gvt2.com tcp
US 8.8.8.8:53 6.247.207.35.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
DE 172.217.16.131:443 beacons2.gvt2.com tcp
DE 172.217.16.131:443 beacons2.gvt2.com udp
NL 74.125.143.84:443 accounts.google.com udp
US 8.8.8.8:53 e2c24.gcp.gvt2.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 35.185.21.228:443 e2c24.gcp.gvt2.com tcp
US 8.8.8.8:53 228.21.185.35.in-addr.arpa udp

Files

memory/3028-0-0x0000000000F70000-0x000000000196E000-memory.dmp

memory/3028-1-0x0000000077DF4000-0x0000000077DF6000-memory.dmp

memory/3028-2-0x0000000074E60000-0x0000000075411000-memory.dmp

memory/3028-3-0x0000000074E60000-0x0000000075411000-memory.dmp

memory/3028-4-0x0000000005A80000-0x0000000005A90000-memory.dmp

memory/3028-5-0x0000000074E60000-0x0000000075411000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\sqls140.exe

MD5 bee5186d252b3377c99c7fc919740162
SHA1 f7bc080ba9fab7dedfeabb2efd49168578a2152b
SHA256 ee3c5cd2b9229b2cd9a1f027fb11e633351b159c114c6778f926be34bde1a7bf
SHA512 612d329f80a03955ca26dcefb72ecc6a15a813642d0a78d5e83218aae50ef4ad7fd6f372188747150541473553327bede7fd16f39f4432a37d91cef99c95af59

C:\Users\Admin\AppData\Local\Temp\drivEn140.exe

MD5 6602ff4af6144bfdbabada3c2edd2df4
SHA1 b15bccd4d631b6b203494f169131bf326fd7fd35
SHA256 1ebbafe5f133cc75dde1a3569c29258a9e41ea56fc7910e977a7eb003fe482e0
SHA512 66997665e32066e56a3da64c4374feb03b7aafe26530787c26b3556556f12951db6b80cf25a3edecbe1b226afa8c0724364554937b32c45e3c2013c272a8a0d4

memory/3028-30-0x0000000000F70000-0x000000000196E000-memory.dmp

memory/3028-31-0x0000000074E60000-0x0000000075411000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7ee1c6757da82ca0a9ae699227f619bc
SHA1 72dcf8262c6400dcbb5228afcb36795ae1b8001f
SHA256 62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31
SHA512 dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7ce1d51b0c324ae153391f73477bc233
SHA1 ddbea302e4032644c37663528385fb4e0baac35e
SHA256 76ee7ce71a07cec82ef5601618e8a5f63e207a96b48e40639005d0cc833ef820
SHA512 329fd233605302d11b73005d7acbff5fff812e9ac575f0b1908d7b696a60902da9ce7b4af46e534aaad2b6427026b99a3acb9740481dcf994c1ad18c5dbad42b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d62cefeb0c8fbab806b3b96c7b215c16
SHA1 dc36684019f7ac8a632f5401cc3bedd482526ed7
SHA256 752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01
SHA512 9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

\??\pipe\LOCAL\crashpad_2760_OYYRDYTSGTDKIUXH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 625b8a3cae3a0fceef5b17ce0b7aa886
SHA1 131c14826640fe6d65efc2712edd8e6cccf5990a
SHA256 404cee4f23c7f82b436952d0541dd5991e821b8884b4e2caadeec18d95eb3ce0
SHA512 d5164e8ee5b3af4bd390310695183d6f6b71d49f666b2238a271a4e4d78d7ffc143bf630613463935732f27885d80e43f72e0afb300d17968921ef0ba5088103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65bea9709402c87a4db559ef54678e43
SHA1 897ef9fcb8fe6a1c4383a26626274f8d28c2db91
SHA256 5fa5d9c2cd4adf578515687bdf8ad64717885b01b8dd567404e0c2bb6eb7aca8
SHA512 de1716d332b56ad68fad2b35ed1c89050781187451a79603017c54e2f78a0bcee83f1b722ce65101ec56f3f3edca9a5676d51eb53cb7d7d473d081c3846a1d8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1530b1e2e982443356e3f1b408c2f8f6
SHA1 4f1e4860236a0931a315aaabfbe5982353195bd8
SHA256 e68001964fe21c42654508d63dd655c4e2b1e060d2cdef6c54569c692ca167d3
SHA512 d64e11a94c01eebfd16d34575a9cbb7b293381d5a53fa5d8778d784276b8b9fd7b9f9dcb04f1251979bd8f01dec74ffd303e608df3884590ebb5c019574aacf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4ca92f798afd51ed0603ce133907de2
SHA1 1367d8610a0e533c43224916f7440fce57f3a2f3
SHA256 f58b15fc68778761c10ab00bf88095e366836400549c505b209a391ff55f1630
SHA512 2ed6c57622a61350b04de967d246bd43743c3489191b106699e6f068c223f0cadfe3bbaae3312fcc74016603fc49c52fe05a624ceaa61cd647ea5f86fd978ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06f170e23e78022f155a2f458dfb8ae4
SHA1 2d9f56ed671b16637b81a2d564300c3eeae48e48
SHA256 bf1dc8bad012aee9eebf8145adea9bdaf8604e6170693c68381a31d4718e632d
SHA512 5c4835f9630a14e320a304f90c0c85d598c5ae5d9998d7c75ab9b9a3d97dd449c3d2323c2694d202ae909ba09568704575389b082bf90c7499dcff69aa6b3e99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0edfb0554a2f8508332d84ba7d78d41
SHA1 c5c0e1bb2e73d8851cc1dd072cb9587a44d3fad9
SHA256 591fb6194492d453942dce25c393374bcae7d756a0933a1803c2fcdb15758246
SHA512 81ddd473bf831bd415a398ea0cb763ca9c1aa2140401348f149019281288163b709df2944b856b6456e74952069ab1edacd8d324f4c062ad238471e210a6aae9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 57b81895394a0ab47af1e82b23084725
SHA1 4eaeb132b0d6c911a421e3e5ad6e70c974f1f843
SHA256 b66f49aca2e662552f7d5d9e49632ce2a8c21e540b5dae11681b9c04d3a0cdca
SHA512 6e8b18427b46c452c8a28a5bfbb4850795d5d550f8956b37db9ec213d0e1b048fdc3e34ce48a488863fa957474e58e73829cb72779157b12fe39206067da2930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 70fc8219d0ed1717035e8f244f657288
SHA1 a6219970aabb5115445019cd105f333572c3fa73
SHA256 dfc85ae14cf06ef9d123b63d67830782c2a7782e6f8e06f5a620889a2b2c47f9
SHA512 eb48b0746e30b3d3f2a09b23afb908ebb23ac414f10e102b3f48a60f27f3ca6494e22387fb13d006770ec6c7ad0af7a561df370b5b502704cebd44941c64848b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\datareporting\glean\pending_pings\f639d34a-aed3-43ae-bb0e-c539a747d03b

MD5 0d5e6f9f2cfc1e60361a87d88a18f0f2
SHA1 87206e1d9f730400b1acbf586de0d1badd0d89bd
SHA256 90b8aecfb0091839c0c816f53de4a3d45d73aa360279a3b3ab358c410726a28a
SHA512 ba09cd8f6c2e33d6f0798eeea0552547cbcab5196073363f15f8482472a18eb902b2ef887ce135cf5762a9e06963575ce27ab51cdfd0a99e5dc233e385e63e42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\datareporting\glean\db\data.safe.bin

MD5 257d6d3f3a91b9e016c61a06f6ab7d83
SHA1 9197718106bf612b8ee97700135d028f8eac072d
SHA256 ab6fc836fa9cf8290888628e0bc2b1b2a6462ff61ee17278cef41386fc805d9d
SHA512 d5e5889cae3c06cc54a1c538fa933183f0287214a51ba2c05b41352137393d65f687c0131e073f199a649c1887a1a5fc1a7375828cebcad0e6cb3a09696ab509

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\prefs.js

MD5 160fef39a48147ec2dd14d816ad15dce
SHA1 30ef3b16eff74356f85c8319b2eb21fabf2bea6e
SHA256 cf0a9eacc4e9adac04b962b49d3df0748f9756638d106277d389a5fdb2fff030
SHA512 0cd8d185c091a7daed6d3423eeafe35e70475cf79d49ed81a5e434a0e1d4cb84b997c5772cf363a8e1911f3fedb1364842237897b5cceaf5b9b5ea0298ad7686

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cd2f7d228a155fb2bd8c1018485acd64
SHA1 5db882d367e11585d2a359db884dd40280053939
SHA256 ea36ed5c2042ab1627bd6f25a30660771916a0e37b7a71b6a2c2141c583c4cd8
SHA512 bebdacff148c43bc240cb3cf3c60ca5ade57d065993c9e49d9af43be2f75bcd4b155fab17cc505ac02c81e438a44bdce4ddaae81c69ab124a936c2463010d47e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8830734bf927cd9f185ef95596f400a8
SHA1 d3477a93c947bb02176568ed2b78624a53b620e0
SHA256 93027dfea49a5e347206b0d7ef0dba5ef367018593316b315e464816fcf9d9af
SHA512 579e84fda00d781fbfe663170b193e7a9c283c5d921c6b4bb50707574d30df6c3396be98de537fb15981fee123c2993c8b1cf228c5be393ae00dbc11cec58aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 2b9776807df1c30ef66c45ef60237487
SHA1 17e925fab39688d0d907687da86f566e283ee63b
SHA256 58a7c2031d7dbf5bda9614b64123996aa3bfcb5a783f901145baf087066c04a8
SHA512 e67162fb491ca513627e9fcb69a5db19a15129856ea3d01c2f0b5add061811bc5a0d4b6d8e53e4d7fe155b3bdf4a786cff697df5165368616589b411f8fafcf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 76b556a4e08dcba5fafbdb9c889cda54
SHA1 8f5532161b233e8980733021afa54df860207d68
SHA256 95e652878e4e4a6fbfabd94ae715a1a9787b1ef3bd9d56ae1fabdfb69a1dd723
SHA512 924ce8d5e347da76a082dfaf0ca4bb143f6a006fd25761642a423d74fbb8bd712806a45d5c0e4306b3cc253cb11220f75d611a0cfafeea68691d49ca5b3dd475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 34f030bc86bab8b5ecc6616bb52d4879
SHA1 92f37cfb409de459f6d73a179bfeff8c3236c80d
SHA256 981810ed95db293aea6390c2b2391164215efa0327e87b739775e8ef18398473
SHA512 8424894e6d37554d48b7fe149d85bae25f4f93ece48fb71b2209a7aa9d591430803e6ced413cb7ce39f165c2f2696ead55ed490ca55c8fd5dad88f145c3ae069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0f11b8117a46080a3f45040bd3338e0
SHA1 250e923038d70edba34939ae785d8541184b2c1f
SHA256 bc66b04201779e8628f8c32f20e0ac6165053a7d11d3e12d41e86d21f1663b35
SHA512 82b1e580fbfa6f0fdbd926d8aa34dd16847bb76131acaba8f8e767e6cf8f95158fc5b0535686703c6dc9e09f0c5214bcfbcc7b48b97c7203a707d5480d7c2309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 134ad4a1427f973e5b74f9a4e4e7dac3
SHA1 526357a7064d273adedee4d585c4589c53566758
SHA256 4c88fa72a2c4b797571c8f60c3f6ee141e36af2349eeff2ec6ecd12165b1c642
SHA512 f8fde3100e15e12e0fa677424572ca97af11ea9b0c1c37dbd7b3df998b58d7482758671a7792bc511fa4a48b480ced7f3b26536845f12abc8f9b945a709fdd41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 16c1f2fad93384ad557436dc3a198045
SHA1 62df90bc8feb84d60b836b93c03aa72fe68b78b8
SHA256 7efee8a1634710b101974215fc7b04f065727a6f62e94a66aa2b003a089948cf
SHA512 d0401a43dfa7762e5b1dff483c3e5905d36c01651ba62198cbfd03f1b9c79a4866ac2f8428f03d2a27be5b73430db51ae0fbb333ed717772cc2b600e67045f8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 ca48bc5128eda3b07f5f99d07b0fb83e
SHA1 651ccf01ddc54ccf0db04392166050f7055d152e
SHA256 03628fba33c2541c1e77de3ab670f3bf5fe2023903655ef78ad3798a340f093a
SHA512 5e9e1ecd030c640ee074e7c70dde39cd6f4518986b4fad369a6b02d2aeecc68291f8046521d5934a6e123ca192c51ce4b6b01f43837dbdc2d2c7d286b6db691d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 994be7b8da7d9cae1efab63640268927
SHA1 bc9b7c9219ba6525263aa079250d55f31ff0cc58
SHA256 f995259203a3e4569be9109dcd060a875389d2bb678d240a8409ccba6036448a
SHA512 926514f061265f22f6714af0896bb062240fac968d66568e1e703a28aa12f2c026072bdb0180081abd0dadd2f0341496785564986594165006a3e4d121925382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 a9a95e05bc590fc4d4a7179ead5212bc
SHA1 93baa81455ea8b10529698244b70410f3cd8d677
SHA256 8bb030ea602f2c0d692893de9425c80792ecda46a088c84487feff92a579334a
SHA512 1313ab4341b422a898515a2f22fd9cd63f18ab26bc7a58c65ae46ffff18e5237f45449bc5d0b2648e5c191681349934aed4ee2b20175b4e5e41004e8e240c386

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 48a1f77ccf0f523f5c2864f20fc9c4e6
SHA1 a97d896b97804750932a9e8444f7a65cfbb295a2
SHA256 0097fe392f2479647d8c9f3840c7ac49f8296b1908bf0e99722a86f223037ed8
SHA512 e89189bc54043bb14f6535b55ba9aec1f27cc36defeaa5274e5f22acc50854bd9b34073a41649a4cbd66abf456bca5b1a695354bc4de3569c9bba9a494e05098

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f4d85f91b51d257d19e821809a65f08
SHA1 bd74fa13d0eae5cb0498521fa1e9fec95d770c76
SHA256 e65d3c8f279baabec44394284668f31c30225c03b578af7dd7a926467fed12cd
SHA512 bda3f23b095167deb01065ec601955fc6c59922769e5f88d36308b28d6cc4c20ddacacc3e57125c2fc877c10f1fa4335eb3cb3f9248b79c6adc0d6c146012eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 43085ea54a279b1b63cdb97f59d8a6c3
SHA1 32e6225f092a13e31b947d000f282299b854480c
SHA256 e6cfa6d1b5b0c29f9d770c50b0ded30ac1253c8aa542125dcd605df074e2aef1
SHA512 e15d4643c97a44e3bc279f5f24763e9cadfcea2b43610d838a521a1a51d8e01ef427b54ef74499794401a56c37ae746aa5b237cdd0d6d60f63896b0806218c11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 1fb06d64a31ae14897b32859b51bf579
SHA1 9abe6b886515acfdc78355fa62124c9e5a776e81
SHA256 58b886c9ab1a48b28d7cf53929c49240fe28e908325e0f649f5ce07ccc80a223
SHA512 5d1b532a1591a6208d534f067ffc777407c1f6c414740e7414ef1bda02467208699eed335f6b342accc5c7be422e8538c41884bd580b4ff7da3b24bb71a57dc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 d9e515af74611df1cc84a84c4b39db48
SHA1 9f4e06f02fc8be5932cd334179fae2c7e0c95eb3
SHA256 0cf1910eb1a84a446d4cc50be7473a94dcaa7dd67ad972cf7ed8abdf139c5a99
SHA512 6e614c7a0df6aa120c8875d58e1897f2c05b0266dd0dbd1b9abb39771dbd0385836bc8df4bd61fe973dc059c9e9f3928c787b9fa8dbaadee209c682d32be7c80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 468f56c49e928f7324bb12c425b1028f
SHA1 e62a69dce5978ebc31f113e66c8a298cd812192e
SHA256 281f7992219e8282dcc55a27a46c7b7391381f3b17e23bfd859804051ba46228
SHA512 ae9a65b88d3c9868245d161547f4759b58c16935a50c3e0b4c17d966b302ef7253c66539b14c6897f2eaf53da75848ded6c7c4086cb48f2a2d6b9eddab45209b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 8df0e8473c75e2ad889dd2b85219df44
SHA1 720abbc5ceb4749827489a40a753bbcb60ff18f8
SHA256 8b90fc7410654205631fa22acdb38441f6fa563b50c92954e6e311539c1385c5
SHA512 a5536714eb3359f8a9727a4b2e28193a9719aa726a756a80b64a82d6cd366c5c45ad87404b89a12209358d7002a873c1e0e089f0842079fbd3bc54bccf96001a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 6cb92900a5ca38a5dd4f121f7c8ec9d3
SHA1 b3f24fb0111213d35513025aac6df4610393aeb0
SHA256 0b63abf73d1270072db188b81a72c82a4c29a34fa88cfe59893ceddcd53bf6b6
SHA512 a37edebb49aeca31ad249fe04d1d705d674bdebb240a564483a8c9b8103315d0812c1f5e47abb57939ed08c2443f2408474f8579a199226209c09f6de67d48d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 f691a41cba77932a4f7c300ed5c62b7d
SHA1 7802b4247fd4181df23342aceaeaa90855800460
SHA256 36bc7077c52efcd306bf602470b8c1a644b0fabc54426ebda8bf709bbcade23c
SHA512 0ad22ebaf6e1649ddb12f25686f448a7a4678d3312e8de2b8daf3f9dbbd7d32daa0f4bce5b7793404b32fd485fdb7dd5cbd74b3f3e5cbac8c44bf51b814e808e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 702c687f72c3cdea66615d39f3d46e34
SHA1 6e04d4a8e42b5a58c7cd2b5b2376a69b53dc4028
SHA256 e43be2b65d7a9f3748b8d91c7c31e863f827071ab8bdb5f46e156dba7387c0fd
SHA512 477fdd3a591fd05add7ef5b22d97e172626770793c0e927d7d800eb17f52531c50012336c25fa142b24366e581b89c51b857ac5643deadf3ee7dcad534a89985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 8f3103e5460e2045cdf20bf0e3fbba94
SHA1 a2b2a5784c9e48ef1cb784dde42a5ceb71adaa35
SHA256 d732fa2a733e966966f224ac695bf6c7894ba5d0bd24bd2f647ee7c6f26dbc1c
SHA512 e2b7fc62981890f5c23292136297399df2596d00a1d7e821c7aa02ae5c28f19a9cd11498cbc6e24b3d673d88f71e58b6fe6544f541e08fb84eac566f09aee829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 f84999b930ffbb64c161ec677a00242d
SHA1 a0c78d6d2c009505356cc830ee09aba8eacde7c0
SHA256 25bc382c3a76241d9e145d08e9b58926c950b85b8fa9126984bec03133edd34b
SHA512 ca8d67a2f766b1e9c9e071f9c9a8ef9c03660975213f291d4a5147a27a27ab27ebce616c00f39b4ec51a4fa959e2fef325fc8356b535ba3375acba375c43d8e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 fc0a3bc01331b4681e17e4f52be8b071
SHA1 ebbf04387a871ab6a142d53dba0eab993abbafff
SHA256 9cbdd78b7c0d4568c7c5eef213495f6db4ec52838eae56217bc1204a3044fb11
SHA512 da9197c6a1606538792aa48681eb30e2076c654fa7a04eab38b8677d576853cee29d59d1d3386712db8c826bcbbd930c22afa552bedd53adf4a0eeb93ac42a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 38dfe650b8858408ddab2a5288a89467
SHA1 769c4b2449baab39b7faff79aa35d2e3198e175d
SHA256 e5d1e2e56f5396866e6e98ee3373eb30454ce07efb0a99f30eff45a883fc9fda
SHA512 e14b9166ac49b83722a8f0c859979d0051f30236648cc772cfbd0d31c6cc39307c0c96847e0558a66ca44c842ca0501ec052aa00c0b9aa010f1f49e60f9cb674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 93db2e8e9bac32e2b623df7c46de52a5
SHA1 df88efb26ee6c3f02df048b0596cacdd0a3b963e
SHA256 e8ed9d4de974907942eac909a69f186a2a316351f6df121769d7656ca79f7212
SHA512 4a9326337fb615029bd215acf178fbe5062228040a661304ae04dcbe9dbc1198e94c29c0b5d93406304042efd0e061ff09d10bc96fc3f82fd3600dafd6e1facd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 7825534125602242a9d2690100cf8cf3
SHA1 e44a5c5dc2fe07bcab01bc59367d7f369b81452b
SHA256 d5e71e3c4e7a30dda8ea1af3920e54f7e8d17d9444310f42a92295ef09ccc0bf
SHA512 fcdbcc8f6ed558a138483809924920af544ca2feed29d8a107a089d33018ead582f9f1b0cb4d211ad80337f37c274f704f16e407814a947da0618aad2ea46764

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 0b3f71863f5b8cc6dc0111a2d931c418
SHA1 f1348bce75960c215ff1586ddaf7cf98d84769f4
SHA256 eac43cc35f2d787bbb6f2a1baa676169e14b9840c41350117ca5ea1b6c963c6b
SHA512 86f6b075a4e91ca217e1eea661bdc0b7df451d1b203755d21fa055c538e2ab3fe41cae5dd959203243e98583b11f28c6bca74e450cbb80de7de76c4f17910a58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 1e7aaa1c62d590e838f02b6fe33dc9a0
SHA1 9a7eb18bd60b87ac6885a6c68b736c85ff8a7ac3
SHA256 27fbffef641a624caf396d507475602cdb3ad2a430b718a83ececdbf0010c2b4
SHA512 f6cac42fb55366e5ee788276543c5c5043696ad0d9312a176257d23c3ac420e53f88ec83071a6a6fad58d0fd1395a08b6e6db6cbd27aa8f7aa0e47b6711d085b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 ddfa55c63ae0c44ca90eeedcf31ed3d8
SHA1 8fcfb2a1dbf341e023b488bc99d0b3a90b497d5a
SHA256 0484b79037e1397ab8fef1045fae57665a2b8938b6f628f01d256962a7002f51
SHA512 ff48a313ea778a6cba3faed81f939fffe54d6bae422e868162dbe1ce920fe69965272e671bac4cd86044fba871f34cd3dbf1c2d2fe87edc6e442d804f636cdfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 75ebd161ace4b2a9e14da792101f7d46
SHA1 58f0a94f226f223e8491ed0a2e921c1035e7e8fb
SHA256 d1dc85a74d0762d2a08cf12438121900d9821a361563ffe0abfd6a8d0791c672
SHA512 bce5420b1ade111748c5b085b63d9f087122f9f12de07e587e59397262090e4b0d34d3a55bd542e95b32823c436f6ed22b5b587c0d0c20234764c02aca4343fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 f829c1212309e34ebc95ef9366ba3921
SHA1 1d21715e60c33ecf78c888fe8e282c138c025eac
SHA256 d725c0b6a2355be9728c8f81106ec112180d24a5963c75cb5cb847163f1aeee3
SHA512 5c07ec7ed08b4d57b0dd34c16a68be823cdd0a0f56646e4f6ee6bb39e49d3f3b8d574ff0e5b789af8c86caa0f9a15daedfb4a4d759b89fa0491757844bed6fe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4ecf580582421346eb698748ca90e39
SHA1 97fbbb6c6eddb81e6e6348ec18cd1beba61943ad
SHA256 02b26695fce37d077945123528b1817ae5deba620902c5f2ee4afcbae93193c3
SHA512 5f1ac0b452a8e4ba5f636b4655a28e51c820cce8f637b660fdad89733b155c0772509a6f7429f14e77eb4f4e2e7b7c568bf1a4f889b92241456d1e57c214b8de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3519ab61dd865884de0f01731ca6dec3
SHA1 c36561250000f8ac8daca0db87881a0298fdbcf1
SHA256 75f37ba78d7a80baa6da6bad03fd15252eabfc9ed2ede5439ac720a1c0424c7e
SHA512 d88e79dc43defb8b742bc3afc90a05830ebb00433c5928cd216c06457f785e3a77a8001ce95b9c0e7d6676135d0bacbcde572ec604236304c55ae61b94d941e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798c5.TMP

MD5 266ff94839fedfc693f373cb4a9ed89e
SHA1 63e1dab15d932f01c441abae4be1947017f52c50
SHA256 924278bc84891c787bd8ded22c986290cdabe4bedf1b85d76c3e50b730c24277
SHA512 2f04b280b4767153af4b00dba4baef6ef29773fcc483e7dde098003b8e00cb02ff2fb9aa468bdc6dc5b0c1456ab9ec304b3a87e891fe330037a7e6dbd6f64e5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ced29239c0987a1173327597a9a23cd0
SHA1 4bb6d0babed04f99022bd62a57a1baf1e066cbce
SHA256 239c2adbf634288b57dfebfa87e74f9209ce62fb5fd7dde984b15d9445db9767
SHA512 7fe75968d2769148e5be7ccd7355c37cd09c675ad4713938116fbe09b180aa099d681df24127adad48ead3af03ef3749c050163ed045d40c3e0428bca778e8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ca7a01dfc3a7cb94acdf2e358ca210a8
SHA1 2d4f7830d5bed8a795040566cf709fe512b3a14a
SHA256 d751606745496b41d6dc3a81b1b1b7ba600e8c34b8da2ebd87a4c775ec5492c2
SHA512 0a25ad467a0a1e94c38d603b70f13e499c2aa28121d623d32b4bedd30d9104a6a4bba864c944c05953af6c6e67ac6db15ee0b85085ed7c0c65a3b33ff95da47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c1f79455b3912ec64b6b3e781e785dbf
SHA1 817260969f79390f2dc65b1b61bd33f6148d0e4a
SHA256 63b660e9a96fc5f56b9563ef185edf9ff362c2b1952197ca16d89d5dfcf63098
SHA512 d195646a2f1f1a62d5ee3082907c53f9c970b2e2dc37f8d28bb37c479fad7d7bef497b8304728339298dfc2d0d6d6e57abf197bf14e16cd9dfac1ab42a1219a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 580d9afd370f93a077e809a4bab06692
SHA1 69ae7111092aa4074606bc013f18fc326efa93c9
SHA256 2b4dd33a001df5f0f3a6553fabc1ba65e6537777b3246ae036449764e0a3d028
SHA512 e6a8821dda9d70aee16242c1551ef3b84d98115736e2586785cb59297ae5bc4024712e83baa337d41f5c8aa9351b7cacf4306464f2ef38d93338929b3b5459f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8d09b62a1e7ad10a2569fa5f6d0fd73a
SHA1 f6c5021eeae052eabcdd78aafcb44f5ba8a0c675
SHA256 d6722acf3fa23b91c5a2bcbdf888eccbc896539465d4302b409df3aed8919d3e
SHA512 e6c098c52acbdc192e63f9bf1d79295d8fc7ab2c5017b31b013c824f5143233932fae30f8c0828656fb792e454abe73881d473dd93301c8908bdc80325ff8326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 5c29231966ddd81ff2b17e6b20d3ce7b
SHA1 38f65bbc6c9c1d91ba10655fd838b20bcfe87b85
SHA256 61ef23883a4451854ab99022674cc39cd7b6bcad4f06ffef3ba32635e5fb52cc
SHA512 cca59808c677514844fd087698081ce2f7ccc76c5e08058b9c3400f67eda6e024b3042c377ba328cb40a6a8c51eacd7fee580b757a33b4ada63472207f2a82af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe57a95f.TMP

MD5 3bcf514209757935040c3ada5ea51a90
SHA1 89d50f407979b9fba86555591a5b98f872147f73
SHA256 f94202c6ba2f5c3f81fd43efc8231c1c9b89af3c769856e307912694fded3e30
SHA512 8716c8c79f7e44c45ed420a30f4759e85bacb0d733516baf6eec546a59fd0002eaddb7f2927838980c5713d58c8a369572140d6dade92fc353de08d61fb7b5b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4793254bd1ccaf298b806fab62830ae6
SHA1 e43ed5ac4312f16ac39d69ab65a96b990f797994
SHA256 f25d58c3ad0d6315ed2fd15a5241f4f0bb7c68631bb9e1dee0d73032a7962ab3
SHA512 d1d15557dd9b3c3126e0c1192158ca15ecbef5865a1e7c99804d4adb2337c85a4d3b6468e659d6cb78190e3c9a38814293f7f33ebd111b14002f396db28563eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a96f.TMP

MD5 3cfa9c4244029a9e375b2478e3f73ec9
SHA1 14a07e6441a1bb269f262168a4d37f9e50402503
SHA256 8de2545baa5cb5c5fe4c7830e6995a4bcd60e17096a3583f4f70ba224cdc62bf
SHA512 2005a65c66c1395de629537f255bf1f93a338836bdaf68be9d69adddfac602665d6dd47dfdf5f53ae588ed694a8cb72e15c7306a69753fcf99b8ff5a04098f64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3ce3e81af977fcad632c2f0023f86dbc
SHA1 7c2738c9179b4712e9f1da963011ffba9b3717c1
SHA256 055ab37c7a4287c5ec691084759e80a1d2d64ed742a461d6eca765d9d0ef9582
SHA512 224e1fad0793956480a65ecf7e65fb76f3faba6ce7fc9b2c8590f8ec6e171a2451a3f7989b464cfc55cf80e99e787ae4e7971ed948277b98b6501ec1328a6cd8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\cache\morgue\69\{b2652872-b9cf-4c8a-ae05-f3056736a445}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r67w6m5l.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00

MD5 ed90c91031aeb855f3c5a16803d7c334
SHA1 0e295f553dbdc028f81b4b170672788849c89955
SHA256 da5b1c55ca23ef9d2b657b4dd1aff09db66535e3d2b9be48da70316b4f938214
SHA512 ffd21f23d32f2856a7bc5d27447f38c4ab09603bc9f2ae2ce08fda934ea66a710edfc867c2f9f352352c19c429a9ccb9bda0c44fab923ed4c1cd625219191d66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\idb\4262063064yCt7-%iCt7-%r5e3s3p9o.sqlite

MD5 8a09b19babd9ff9c0dff21c37fbbfff3
SHA1 0c196105e39651ecc8d9af360eb80d1cf2138d86
SHA256 9a70e3a785aafa3415e9217d0715a641d8c5cc504916975688d98d5ffee42d56
SHA512 b926213ee50d61c4dd218c05a0c86e7d2dd412aa7561a1d067ef37e2be63b4fc5d1833fac0d44784842c7df8030e2cc9af5f8e40544759a9cb4a38be4ae1f3dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 e684c0e5d0205775c9a41cd3618d164a
SHA1 bb8f17b78b6553cfb68fd1a601ecafc5d318d404
SHA256 dc1221a4134ea1bf9d8b2dffe807d9718927ec994276c87f606aa031e6a2e4d6
SHA512 0e518f3490afe35a37406b564b96da39a6d69345f94775ee02c0568333e948816ff2eb086fa24779a4b7f0b468f686d1e137f50bcf4b1c7a2d734fe6f8b1cdde

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\prefs-1.js

MD5 023163f64cb0a0a0b98cd15c8c2ca235
SHA1 b2154290853d8f44735d4010a3f57394d1393ab5
SHA256 9d422642dd062ec793ddd94746ffe3651a8848805db1f45524219b2d202a11a6
SHA512 d852546db112a1f3d9fd54a60d9cd1c17e728957c61f349fd139013dc406f79ba36b6c7beafd3f463bb4eac726c9a105ff9e540a51d1071d282bee9c98323777

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4f88d3eaba6ce5aa3cd357788318a49
SHA1 94201345b049e13cff8989e5e05c563fb7adaaa1
SHA256 510d37635c51c5a47f63e118cacce33474ffb6cc3a812d2d48642ad1bbea1bb9
SHA512 c1570af08ca0124d379778148022818cf896c73d28045d5a36b4b5755b5716c54b3290ef4eb054ed58c9b0a879b2742d5828f19cb829a6d39b33a76d0bf36479

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 b57a4d6c2430e168dd0b10d84647fa2d
SHA1 9f9646e8f2b05e7588ba104cbedadd600ccd16a9
SHA256 cb77e363f5f3d969712969a5c6319c9c592436f13903d39a44c824cdb2ae455f
SHA512 b40e19f408b984eeb99db9bec119297cbc03345f8e68fd09150c6b175872e235098adf3b729f3dc9ff765f587680c381289cda041105d1af7f4e33578bfbd0e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4

MD5 79dff4cf32753461ccfa5d92b101ea5b
SHA1 96be72c09aa98ec2e1c721d12ce4ecd1635ec900
SHA256 8a235020b3ea26e0abd6320d99f57ece31f868c736c7c4e4e1cfb4b6dad589f8
SHA512 caf32fc3fc85939f9e0706a9d1e97f44f8f42db49662dc90dda9632c3da6655469f5a197bac193c8bb04a472387dd06b78a381e342a6cfb4998455d50e0f03ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 bd12a49c5640e4925bfb7c0d97460f50
SHA1 f5bbf13c7fa47cbccae37965ac6f2b92b29fd769
SHA256 1661877b80d50231ba9e5c42f7d895d1a87a72f98125258d3172354d9886e80e
SHA512 351202619343840418446362420631a9837bb6bf3761f2d52858794d76dfeaab296bb4155a96ea2173677b7d28e831d475691f478abf1ca6e3511245ca62345e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\cache\morgue\137\{0776096c-0f01-4a2c-be65-6745ea139289}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\cache\morgue\236\{29df5fad-27dc-4b94-8a7a-80b84643a2ec}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 014f35cac7e2e167135ed55cce52b345
SHA1 317d3368e3bb762d69eafa2f9013fcd39ffd8f60
SHA256 3585da690dc74e9217d51e7f1ac149e75dfdca5de9cca13b47bf21ecc489123f
SHA512 47be0a61aa7004d5c76b2687e16f7747a9a8df6a69290827cfc62c1c0588212f1ecdb81973fc718135ff4ed449e1104f76cf061cf9b9fed0faedb46e16b5ac6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9069fec86721018e1c5c01a200eb8565
SHA1 019811f9c7c9809587b1beeabeb91824ffb89b47
SHA256 32ab5c18c46e496e9acb8fda2153ec8241c95364ab7706616c55ffa70bf754ef
SHA512 ddc7af95a31fa3976f2374a1106cbcdfc8d4d5cceaa38c6b73b72853e7430f637eefe3c5d2e6dea809839219365afb19fe361e889149bcde57ab4c81eb86384b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 efe4a015f228584a379f421f645d3ee8
SHA1 99326fc60fa46ae353ed03cee7928da5f9d75110
SHA256 df68fa9e21c192fb6f8d44922c0f71c1ce47d21e411a14e32af37e4391106f91
SHA512 1e069f3cbef8e1759b5d5ada60f5c4d82d62cceadc56ef898b40df43b8a85b9640a6cb77513310b464e78bd3134e79979de2e0fa0b1fa20ead2f33a03e7d6164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ba72d74bab1d75d9344c2cb205f9b290
SHA1 814a5bebef96c15792fd1303c9fa59f4552ea587
SHA256 5775784d0510c7bf84f9d22d1340fcb557d763cc4a9571b4b7777b00842e9d8f
SHA512 c1361291685fabb8c990fa553bdbcabb090d0d019d7cff797a95c69201d947197204bd0922f8750ff7e7ddb315cdce078c2d53593e30428f7dfe0a6f1a64de90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 dceaffdb8b71c7602e30c9ab1cf4ca99
SHA1 4a3afd70ddfd9a50a2dd881ac5bf085d6872f607
SHA256 b9cc408770c8640d8588c45b4b98d8f59ceb904335b4c146abffe5eb5c64938a
SHA512 4de141a535a4c8b91ca067706549fd7021f4289e44613bde154d59a2ba8fbc84447e8143232db53c889bf78849147a2b76f408b2ccc5a1af354127d46c0cd498

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a98b9782ecff883533588a7d0ce9b9e
SHA1 48989285317b4340086937c882f40a3f9364609b
SHA256 17c4713b10d49adbc8c36e280dd2837f8d23d621799fb1d509acd29616d8cc53
SHA512 170c78e15d9b0292f6157cea6e95dac23042a863ba9b46522f83ee2f810e3a5d1d9896bbe1f2d3e48bf8703d8df09bf54c1d09f7393640495a6c49b8c2ed471a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4

MD5 473fef43f2db4ce6faffddd1287ac3f3
SHA1 bc237e3d931180664ccd91bd9edb99fce611d5f5
SHA256 2fed70b0a193ed23b6db857e6b69d1b602a53deb9c2fa2059d3c9ca7de1ce941
SHA512 24adafb37c87042b1b8eb66328962dc74ed7c2562de999a43551d5cb638c3f96e1cb5c67b177f54fa3dd2fb0012d27d4a5aff97a48567c4d1c146c5c7448787b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 709f7544bd3e74c424113e6853948595
SHA1 a8c1d9e6c8493091727f0e303e45ab92b773343a
SHA256 0f2a35c8b824d54b483d0b2ea10964bb7af8eb6b1c86d40efbac4c55e1123a2f
SHA512 c2ed4cbb5e48d04eeb63c94d7d88acec5af101c2da003a34379023d8454d810ae357d0b4265da7027af38889fe307ca597f815111295ed62520f39aabeb2020a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 7378f426d93d2f806b536db7d5d1ef37
SHA1 3b7a025816a583f4d77e2d446666cec3d280143e
SHA256 d40eeb6f1bcee392df7288d7ebb484b3e8fc769fa52d13a41804d59573799087
SHA512 44fbb6d3b806dc28ad340c33163649a12fbae9bd70823ad39da45a36e3325efaea3e4d060702d0aa08f417592b7a512b967610e361b08101e7f981bb9cedea5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\cache\morgue\182\{95257ef5-e0ac-4465-bf9c-c90cf0aa6fb6}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\storage\default\https+++www.youtube.com\cache\morgue\214\{002ce531-4ad8-4b16-9d6a-5868c653ead6}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 d24ed778f9b38f5a073917f49ebc96fa
SHA1 a12e182cab5ffc5c142cf0a083396a3408a822f0
SHA256 e6a685b0c8a6ad3f5e8f1df65c8f576f0132060670822ce585a3a8c69ecfe85f
SHA512 205ed55d3a1f04962551f80c864e4f2675cd423bc38141e6f36118b68828a74fd27e601db707514df32f7ed184c2bf87026b56b97c36f8eef3460703ad548244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b243237b5ab520fb261e9d3ba52b93fa
SHA1 38a1d4918ece3af23e77102a6a4ac6a2b33b7c76
SHA256 e3132d964be148d53bd0b75990c50450b49d2a88376ac36602b073cb8f0c908d
SHA512 adf1b6b0cb9245d9d63d8ed1c8bad44e3fa0a8d98b1529d0d485e05fba49727ef593d686b06628b47466aad98458b69c0b6cd04f9053c15b0f4ac4fe824b1453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5826bd.TMP

MD5 7fee4644e28718535e800df8b65e07f4
SHA1 b1926b2d36f3ffdcd245d06595105aade5c39a11
SHA256 108f5d42f6ae3627c0275e74d68f638b1cf50663025ebd601db1d62f77075f86
SHA512 e49f6d5cfd14791d3531578608c54b7ae4cfe870be484da7f2361058407310beaa24d9f4f73cb7f876da8ec8788c45e6206e667695b15572915be34f5716c763

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 e68ebb991faa443bb133fbdfe5c1a643
SHA1 0b98781def9070bf1012d391818da9747d67d92e
SHA256 b4acd1440dc26be83f1aa0acc3c8ec8b031e34b0c8befcea12f3d46e34a0ce6d
SHA512 7a10a8179fbfc973d4f5ccd0c126e92a63b3cc924c3cb29f500e5842e10446c86e00ee6dfc4b21dbadad106e7cdd91006d257c8e0f2db3e70bd52e5019ab3a82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5832a4.TMP

MD5 d818195beab582633e7e4851c1f0b611
SHA1 461457dad863e6159298e42616bef3e53cd50b46
SHA256 352ea958123eb9d5bb2b6c1c8f883af3c93399ecdd45043cd84bba3b7de2b3b8
SHA512 ac22587b58cf14073c82f76465fdcc37813bae0affd270f059b025235a9f3ec28d35bbec72b1dfc8206c5e3f1d0d16d8742d38fc1213d0fdc94f9511a47aee50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8ccc9af1365115cad8dbccd8a30db9ec
SHA1 b7f8561e19e8a0f463e0839e2b7267b889e91f4b
SHA256 e56e4beb80a69b5efdf68075649a5d59287b1e570c672b2ecd529b7cd50e54e3
SHA512 ac124c6e59696caa9b3e79aaeb1ad69b9f9141a75a773e93f1b8c08393b1243ee9d32414fcc9559e5ba33d185a8d6d3ea6c18588112eb7c5a04f066ec7aeb11f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61e6a23335dab1ce3d45b6bd4ffc0637
SHA1 2b54a63ae148138ce962b0606346953ac7eb5076
SHA256 cbc91fe47f2358306b5081aeb056bd0d6613b8e188ba401ba31c22c092d56c59
SHA512 de0c5a0a5dc73e1ef5598809e56463e05c0a67552625ae408298049199c5a4e6bca8a297d63d90f65c2c30745e49a238f2fdafe826ff78db36da11931a6b5a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 590a7c38a4ad98b2dde8a86018fcc62f
SHA1 925b95e8bcce595a1c55ad532747fe1b80cc2d01
SHA256 741599c4c938c831e8d0b78d5e907b2d5e24c07670549202314725c1595ff37b
SHA512 34d5d13ac19f05cbeea6b500f76dc85ea58decca3b2f876152ad392a2afc51fec07af50d32fde0f2935ba185d4c6f88907d4197fb505d57abca4c039b9d13051

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 404e3d8f9cc2497406c0ae441420c643
SHA1 a80dc4aeb22206a0272ada4e81383ee0ce67ad1c
SHA256 41388b54613653b5e0a562f3c976cad97f2acd3038a717291bf398a1e8dba65d
SHA512 1c5b9e3c9bc61d609fa5be2e9552832ee479f0276d91cf144995c1329528c52a235133ec2e9f054a9c005bdf929f2f3d40079fb56d9cce35458de0f8e5443f1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4

MD5 354ae2901663e6b22f90d6df247b75ac
SHA1 8734ccfb197823cdab53bd62031866a304ef6606
SHA256 ca77e651cf482dcebc73999c56012516dac2bac382bccdd2255782a7d30598d6
SHA512 2d37133d2f8b5dfae18144257e0dcb565169a2f6a697c6eea9f864902e3fe0e9ce8183c71863e22bcb284046e60fb57decc3102c125896d4e181f1c395b35a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 902c8e09881a0fe315f78dc2d07354a2
SHA1 67eecab44fe41464f7573f1ef0bcdae53b92155b
SHA256 d1816aceabdda230e1b6b07d3731e695ba40a67074e383de0cf8d50edbc92a75
SHA512 5e36b3c53f2e841dd306186d0997195c24026f118c0db9f0a85ee67fe6eb86a2ca3bd3c6d6e5a988c4bd54acb46cd81495d838827b1b5c0fc6b92368a0978552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 47d5a69f68a7fd6c7ae78f4ba2a3adc3
SHA1 6a989669d74d000221e37fe62237e27b3ffc8be7
SHA256 a2b64fbcaf59c86a93d4108d4a5fee5ad630861522d1ddb22cfa46b6d8cdac60
SHA512 03c16aef03655ac635831bc1a8740cae51b758576383146ad90930b742a8cca02ff4eb5aa14a1af7faad2fb3eae9a5014475a68d8b53897c46a7dd082c506f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b087cb34130d9faf9a97f93117a1121
SHA1 eef7367c67c1d0d432222bf83c2d9b55376fd70b
SHA256 df4f1a8363e081626f443e11ee8125378148a155f033cf43b5403251694987ad
SHA512 c62cae4448b83d3adfbd3f95996c63d2a76832cd3ed62418f04124ce78a7dc9640e87521d26f9c40ea7c829b22e4afc5cf7db50d7ca65ef74685fe9f7b5fef45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3e948f949a5b1099e07dc9ef9ff57d22
SHA1 d4761b00302759da75341c20f7b52ebdf929552b
SHA256 3d412759124c45f3d7e764d71cd683250bc8ceb9bd5b2d13aecccda9cc7c31d5
SHA512 b9ddb4aae1b0670363762987f1c880767cdfed98d05d16cc3b89430420e7672c252ef89edf36637aa3e97dd2812e99875f70f430d251faf3961235e8bb91d5fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 88518fb32599da07f2002481ca650fa7
SHA1 e1d217e4445fdeced49c4cdb06c385b7d417bb75
SHA256 27c594c09df4f0d35e0c465e95bd48fea0298eb6ac3162c869fddc0bcfcdfd32
SHA512 d146a1ede0f3192aa8739b0bc03472a90d27b466b57c867771023208bacb35b1f2763b3f0e52c76d847a04beabe32cd4fc6b0f6bb88576ab7142c36a3cecea9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cfee88afd7c409bddef8cc1d296da69c
SHA1 a9f5ca3fd92ec5af3537921ae034c9ba75f25535
SHA256 46d25d1bfe172386b31b64a00f0d533436d6dd14666789f7bdff8b36186c6210
SHA512 0df86c04eee134568a0775d9a09119d2a662b122eea465e675346855e6fb58fa6d0cbe75d544dcf98483a9c5d75752b1140381aae5a2b1e48798b9b5dfabf50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 9aa6fd9a006ace60421aa28daab440b5
SHA1 5717f169d31852d2b81f21b5ab9adc80e13ce726
SHA256 757566312f7926b35f7cb749a86c55476b394bd3b08e3ef1ee06aebf3930fc6b
SHA512 8cef5c8f6d325e22ced194141fc312335f1fdd51cdfcfa4562aa6129372ddf66e6da66eba1cd11d1bb6cc2f49510532cd45568112f11faa178a22330a3d118d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ca2c1137dd20d941db79e66deabc522
SHA1 8f2f4bb369265adeaf43ae6733bc24658f4fcd62
SHA256 96b5f367dad38495ec688cb2db88da97306c4e64c157e103ef9ce61372fd0dc7
SHA512 04b5236cce98551e9fad336429cad26bc19c47d9a826d677356647f5566bac496a54d2d4c38c2b45e1778a9680525ac8a407da1542e9cef744dbc5bfa1687df8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 86eac13ae042c5838d20274274d5d82d
SHA1 a1edc2336435162d57edd8e9a4a2b7ce2d693fdf
SHA256 2c700f68f9355697fcfb8a1be428158cc2937d2e0d01c0afbaed92cb2cb0c125
SHA512 313452f845e01faa3b45d9b37dd7db8bd1f2596684762d9affd50c1479c73592f06160f459c1fb11e4f7f38d185208b9c86c373f1abf34349daa3314382e337f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 4c44a4c4705e1e7ff214516345726b38
SHA1 c50da19ec6fbd99ee4c4f305e9ece188e0d19233
SHA256 7202e097880e3d2f06bd216cc9277332b95ff8b7d3a676d3ce89b869eebed990
SHA512 58c1de9c2d940b1d6195d96320c3b15030439ab71b1bf6a0d9e67c88213a3d1d29602a3079fbe4ce9cde6e6879020c05c237e1a7517c942b6c26f9da681da979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 055a0006c7f4563bcb41ed73e2fe1535
SHA1 edf08067ad6496a299ae482f642552804be3f44a
SHA256 c8513713b5620e5326bc827b959172a422c232b674d24d554357e8f108f91a91
SHA512 d10294e230cdb70c775185c2c651041545aedcfc0c798eceeb293ba1c5006ece1a197385dbddd3b2bbb7f3b800dc4054cb17c67d8da10d938087764dfe740af4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 e8a8e45c892e39227ababd09ae2cb0f0
SHA1 bec17a9f2224acbb034a267c976f5c69495ec925
SHA256 594361355e4b29ec76f9338558ae4179029b25a27cf88a1cc0f90f867e9d3894
SHA512 d0c0c12820f7c30f7c9adc8a051b2f0d9544707b268bf44a8e9ff195dd7fdb4a157f7139429d12a2d30d2792baf7bdefdf7791700a90c11e0b3811e1f09f3907

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 1cfd5a70c204ba28a577ce57b36b50a4
SHA1 e59c394ef28b54ebe303c39a2a42c3eac1420311
SHA256 7994e1b0fc8ea741bfeb9d017cc9b11ea35be1f11b99f306511628ce05a679ca
SHA512 549bc4b334dc5e326f1bee39af83d6ac97a583af44a251620f6be8908ce06a34ab07405503dbc9f0ce6c9561f8dd4ac8444206e6e0b13c661fc076f8c6f1b477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 649469fb57d3a2bd4c5b07a445cf7346
SHA1 f0bdd6db4fdbaf850fa2014cc804c031640d6e3f
SHA256 553ebd7aac6371637ebe709d6ed9247e9d65fb06a79dd536ae093123a331f3fc
SHA512 c35482180788985217b6e356e5d6cc6cd0cc62fc106cd515766959ed929295d464b24bfc085b0692ac4760b4fe8f8982ca1664107a58d5665d5a09e8cc36f223

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 193d0ed0545716b8ad0859c9a2bf94ea
SHA1 391cb0b9dc1f28cc9de776dfdb2369184e22a35f
SHA256 714c46d83c7abdc0cd6078c63f389854373f7e9511e67032d5071674787154f6
SHA512 ab2ca04be8fa04b3b276ddb3cad07bd0aa5dc8e9a5c89455bee3b9d405013cd1d0bc1cfd9a1cb847c5b62f4e8dc12368aa6212f14f7cb8188e7e5ba49210f691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 28cd4dda24b468da73bb256fda7caa6d
SHA1 8693164905bc8d677c02f7d7b153ff293d8b00b2
SHA256 f8795996abec1215cce64bd2bf12df3876ccb62df949bdce1a3dbd7955e309a7
SHA512 9029c598eb7f3e3b6b4faf77424d3fd1c9058c2c7c3efeb4234bc9655819415f02306e5f6a0748452cc74c25ae3f3de4d50d5bba1310662933355275e0b1b060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1dfed3379289a0b2c238127c9c418085
SHA1 869043389c70d0dfe211306c5544c6470c6390b5
SHA256 c9806a99682ad37f353e6e6011ea2cabceef3eb72c4745fac90e53353e44c260
SHA512 252175fa04ff1dd7f3e227d01e68638533a2f334a7fde55830a83bc6456446760ef41eaeb04c21e8a0570b216593792d85665b23bb0dab98cb8d3f6824560e34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e79054c4913cf0a9e85395528f15c859
SHA1 630128f8ad67e34fa1eccd869718fa5b2a0f58d6
SHA256 9f18b9bab2f0c5c10d25f0df77086a7d7f5418daeabac2b09d25ba10352a72b8
SHA512 f0ca3c5f8f231d8abeca275ac070f89c98d7e589c3738576cd8ed33c0bae1cf874927101f733231fb0844560bad6a631df5da2c24b93fafa795a8a03d334394c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 4f72e56e843fb2cd29f50b98c541498a
SHA1 9c7f598eb31aa18e6c0a8f66d4c4aa9b204be8eb
SHA256 07d54bec12896cb6cf75e7d4008dcfb28b5b504e54be8220100410be54d8e2cf
SHA512 e69b21e3194f76a0c522b3627d9b576c9702c2cb9a31760a6c784fc5bcc1f3a7530604ff4960d0b53171a9e0a10d5b0d2d265943fad8e1c300417cefb67e7d72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 f45e608a2462b6f5821c9348d5f4edc5
SHA1 4856c38855c286dcb5ec727935f665f6bb5a4222
SHA256 dde7c35615b8ac554a0094b1464ddf25cf652427bd87fe7601557eced4efdda6
SHA512 cc37dc4a4d7dd66c3225f975185673446720cd501787fe74a2c226f08c35819dfeaaeff758eb074f70eae46e31957a26aebe7be80a321b0657956fed9b941aa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08ed75c70ac6870d96b0e928d282ad1d
SHA1 2046e1e23acb13f066e1e41cf00df00c3a91eef1
SHA256 fbb4e1314c7ad20c6590e733380f04a267bb81c1a66535129f9dedb259754316
SHA512 edf4c49318612283053b134d9e7093579b55ca446b68982315cc10efab244752c5998d66426357612e2399e6970391d76ac2ee663aed96e9796f68f5322a73c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 4c7ffdfc48e1f5e4f1bd117cd4bf37fb
SHA1 18f83152e3776a869a6ee458650ad6c24a7bfb22
SHA256 1270ea74de9ed0fa35a06331876221aa6571107f08ce1c907c25f36bcfdd5c12
SHA512 15087cdda308c5d9fb29d43ab90bfdfede6e7fa7290856364edf3b4d02f4bb1687e0823bd206f7dbe009789c909dfef25e2b46e01c238fefaf6b25e021768eda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 a40bcd706249ee6681a30ac8a9ab9969
SHA1 f3c7064ff909d7dc0a8cde653e4bbbc728597221
SHA256 5abbaff634d15f806b2e4d07c06c56d1ec4fa46c9af59d93e906f5bb86833c04
SHA512 66809f2b96a77b8503c62888b9dc8a15d8a554e0de46975b46abd56a6df160e49ba86b9d53d5fab101f0960d47ad3e92154556ca6a8133912facb78b3d16f193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 fd31222edbe14ca08bec042b6ec92c92
SHA1 1fcec8fc126f44d800052831b84766e9d6308a89
SHA256 14a3948213566f4e482a79fd937f0230edb41ed6704e5b8ebc4a8e3c6ff35353
SHA512 f93c5f88353af789d7c49984b08134323b9a185b9c3167776e98efb1e7a6a44f88546ebeb893bfeb216962eba09f2bcf02d8b6e53c473314d2c44916649b8e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f6b257f318b488a071aad30670d9dea5
SHA1 d05760cb6d29210483caa679e836018311c9a665
SHA256 c8a271dbf9eb185067403e85034cfad098689bd74006294e5db51d6203006693
SHA512 8fde9915797c06a9c983de2f754476e3ac17d3730bbac9a4284c3b628f0647262e49319e4e14240c5eb7827e0a1d848c586a759782f6709fc1b797e7e2f89ba4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d0215eaded881181933ddeef35d07f2
SHA1 36195bb594683b4c3d8ff72f21ee95aab98f12e4
SHA256 5e90438aaf6533f6e74113b0039968fcd4da62fe2cde2fbf7e6e2ecffd02c3f7
SHA512 5313fc279906e364145d46d11a1cf15cab30c01c0c9d179c7639c2b84dfd0b43e26ca1f3ecb7f42786030f5ec6ad5ecda7dc14578e560ca51e84c5bd1ffaa004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 7cfbf5506963c26c2a88150e048ac5dd
SHA1 81fd48cf0dba4639ada816806ee40f93c49387f1
SHA256 fc41361bcf82ccc3191e0edf445895621e664b955976b52003c8d5fca435a2b0
SHA512 4d800ab1e5502dd2450997d2d088497d574533207f7c8ff88e49f0f358517e2890324cd12d6c8285ab6eea92321e9ec7f7bb044a675e03952fca5170cb0aee59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e6832d03ed30938e18bd5a94c53e7caa
SHA1 4753a554abe018972caf7f1da5f4690252a8a0f8
SHA256 fce7924682745215ff22f1a31be3832e5b51ff33aaa913bfdca1df8709f7bd14
SHA512 b729559bd7dfa4100cbc0a3e2acf5fc5fc2b1c4cc050f3d13420332ada87344b27a129039ce81528a5fc7cf66695e5b7f2bf095781cc87960c1ca2d24def0790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 0021737ba1cf2871b95609557a796c7b
SHA1 faf21d1d1a47ccb145de5876db59c4db3fa274f0
SHA256 576d4689fee556609327bb0f111cac176c4f2363bb4a5e1742e94c645a43e97d
SHA512 a51dc882edda0ce6a6143c31db3d35c0616a4b8cfdcfcab8e6af98e44cc8bfc5a51a6c4beab490219afe74bf14fba2367fe08a6c4e1cae5df820984d1a144633

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b76f29731a25e1ad24c9dc8639ae5562
SHA1 488c77dd8ed30f4e3ff357f7d5f80c51af6c9d0c
SHA256 b16916aa99667b87e88fd5ad3b7c109e427fabf0330bb60f0aa7eedb3b5e3568
SHA512 7636d16f50d6e1224513005004a74f2bc128c6a458ef070cbb1ffc0dac5146df77cd8ac465e89adf5300b9b86ece91d3605f114daf88a559c6d11276cddf0323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 456f958e96ec7f46b358eedd9f30863d
SHA1 065716250ae0a2978bb221bd2399d1d41e9304b4
SHA256 d4a065c89597fee885585565e06c7dac06256dbddeeb9003960e634356a491e3
SHA512 a7cf2a7196b65e37f2c77e38d354ce8b100099af014743063304edb213411d87b85c607c8e1f7157f777472ed96c34e98514769a64cb5e299a92503cf1de669b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 dfda144ef92377cdedc73c37e53776c8
SHA1 73a32a3b1a340bacd32aefccb5eae4604331a78d
SHA256 670bd90cd72ee7ab25f49220a3c1606ef6fb3cd991849ed72d113d98163a6d04
SHA512 7305e90f6c0af08e486f9a8c929e44b42da4a464b2bfc396b564de978029549be6be7a77b3b4d35921a9873cdbb3d5eb5beb8b004e90d7f69632e11d471f0d96