Malware Analysis Report

2025-03-14 21:57

Sample ID 250109-xg91tazlej
Target rY8DrQ2BP8CR.exe
SHA256 23a3687c84a6d57b998f87264f8ee1d604b18f4234ea55cc77bff974cf2a4158
Tags
google discovery evasion phishing trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

23a3687c84a6d57b998f87264f8ee1d604b18f4234ea55cc77bff974cf2a4158

Threat Level: Known bad

The file rY8DrQ2BP8CR.exe was found to be: Known bad.

Malicious Activity Summary

google discovery evasion phishing trojan

Detected google phishing page

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

A potential corporate email address has been identified in the URL: [email protected]

Checks installed software on the system

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-09 18:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-09 18:50

Reported

2025-01-09 19:05

Platform

win7-20240903-en

Max time kernel

890s

Max time network

841s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe"

Signatures

Detected google phishing page

phishing google

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66DC0BA3-69B6-11EF-A0FF-7ED3796B1EC0}.dat = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442610628" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6CEACF1-CEBA-11EF-A0FF-7ED3796B1EC0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2808 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2808 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe

"C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6519758,0x7fef6519768,0x7fef6519778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1196 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3412 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3416 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3212 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1592 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1800 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1196 --field-trial-handle=1452,i,5208905265668382655,14199137394569984656,131072 /prefetch:1

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275470 /prefetch:2

Network

Country Destination Domain Proto
FR 51.38.37.194:3333 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 88.221.135.0:80 www.bing.com tcp
GB 88.221.135.0:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.3:80 th.bing.com tcp
GB 88.221.135.3:80 th.bing.com tcp
GB 88.221.135.0:443 th.bing.com tcp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.0:80 th.bing.com tcp
US 8.8.8.8:53 mail.google.com udp
GB 88.221.135.0:80 th.bing.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 88.221.135.0:80 th.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 88.221.135.19:443 r.bing.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:443 mail.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/3040-0-0x0000000140000000-0x000000014227E000-memory.dmp

memory/3040-2-0x0000000140000000-0x000000014227E000-memory.dmp

memory/3040-3-0x0000000140000000-0x000000014227E000-memory.dmp

memory/3040-1-0x0000000140000000-0x000000014227E000-memory.dmp

\??\pipe\crashpad_2808_OQEFKHMXQWNNUZBG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/3040-44-0x0000000001B60000-0x0000000001B61000-memory.dmp

memory/3040-63-0x0000000140000000-0x000000014227E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/3040-597-0x0000000001B40000-0x0000000001B4A000-memory.dmp

memory/3040-596-0x0000000001B40000-0x0000000001B4A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/3040-633-0x0000000001B40000-0x0000000001B4A000-memory.dmp

memory/3040-632-0x0000000001B40000-0x0000000001B4A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9ca337524816226bf5da651706d62f51
SHA1 6f8a551c620e75e45b2340aac6720452d2886a26
SHA256 ba3dc56f607d63a68f065d56b69cefc8ab6dd4991fa972d80a1ff4ee388f4877
SHA512 97d45a79a646fe20a2ac9ef7aa142fe9483d95a6d2d9d007e7043f1b0776fbdf10616ba3fc93acd15404549bdd8c6e58706a76774fba18958dc8c1e76acc6e88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c80d0dfd4cb787a34d5c6344ed94e4d7
SHA1 c737ef143c6c2f1f768ebeaf7e256324b362f5d2
SHA256 311d6449e091f97aa01df9bd8cceadb524d02733fe258ed0602015a76b3a9434
SHA512 1979b83a66b0189c4b4857934d4ea3643259e7887929b1fcd9424a65e16c0e0ba3180d35d6862a59070b3199d63f3290d72e34558a2922992f86177307197e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7ef1366b-fc5a-4273-9c3d-714c77c3c885.tmp

MD5 85ef033975532783c996de73ff1d551e
SHA1 004bd25fa4923a1a513a65ccdbc08d22747a3db9
SHA256 824e1d2c07c695f5b086d29b3ae6e5ed8a6bbef8f4eb9082adbfc7b9f5eb4e85
SHA512 10e627a17f6545b426fafb536f1c2e860d96800b180339ac142181d626464ae6f0ef89333bd2f3382617c5c233d2e826a4d23718f20c0e5bb8e8dca7ee3caf58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb73bc4dca2d5a60ff03ed2fe82914f3
SHA1 debf4b019f86f08502e59c36ddfc4245b71e7a76
SHA256 cf61de7182f00497a2bf02febe46a1ee686bfe02088bef42ceb5774824ff202a
SHA512 b3298615f7c1e8538f584ec7b72adb7061a979efc532d172434a5440754e44b8db4b1ffdeb73b986452ee95ce751f858fa14993022af9156fa7ad3e2922ee966

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e68e994fc4b63705d6cba4f0e726b594
SHA1 63646b56e4e7df11b2562d8ca2cb0d1d3b432d1e
SHA256 f845f048c01d9d8ce07d0fbd443bfa3ac6fa41743c31f1901ef6c80a0073cad8
SHA512 ede8fb8191d8f9367dd0049288cb372443c32c2039e931a871a289c2d2b15e70d0c5293948f948c7e25767fecc06df5c01a784e9b69633b0c4bfba139b427a16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c314fd2485abb7edec9d470a211ed475
SHA1 db384f70ff0f485ad541ae06ba014dcac137f297
SHA256 c4a1c1b299a8d2a28ecdc8a4806d231f60c9f408a419110d3e7334abdaa45b04
SHA512 a817552a4ea9ea82a065ceb9263a1a28c7235c595366f70474bd4ec78614731d871608bf699d2893359ecf528646caa79dff770be2c7596e1810c77b8b037a72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bcd61a41f55516ec633846afc1d78e8
SHA1 e31d4df188086f0caeb2f8ad5cbb9ceba6cb627b
SHA256 a2f9cd7a5ca5c1882bd1f3c8e207912439602f29d76835771d8759842cd0f62c
SHA512 feaab6a59c7acdb0ccae7d412d6e7c8da9a3f76add33bbd73ac65faeada50944f4e1a88409b714ed019f9fa39b23af4636d04af2986e10bc704241651622d575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\df214e87-a63e-453c-9f40-fa99348e872d.tmp

MD5 0a24b42e4ce35eaeb0b7bdcb3ffb02d2
SHA1 18d1c586ab0e6cb97d0e3db7198ee505c4693d16
SHA256 8cbe94a8c8f2ae9b34aa5498b4929936b87f0f10a9022a312a37d929af12ef94
SHA512 4b8d7268d259325a6d0ca84b5665bc1d2ba16b448638aadf966b51e77a6142b662a0b8ff27b07597ee264803dbc92b90eec2c72e57b072f4d450911cc165406a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bf5f8c30cadc929b8f67afaf59d6a287
SHA1 d285e82870e0bf029f61993736701a2ab32956b7
SHA256 e6077dadff1749de4501d609899df9a2a7ff8fdd476f8a8ae550544e3a4cfd78
SHA512 6e0743ffea56af3acf6e52aa77204d55eee499d68c55a04d30e528b458086915a16552004fb1bdeb5826065fa661a3e30e968308cbe980b8f18765a3d743d87d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d85d59188de381edc12a98bdf90eced9
SHA1 2a81611b7a723b46b5b07c24b861785f00b0e422
SHA256 72ccb14db78ea3aa1523d527ae4142f283bede37d4d8133faf1cf8302c6d40f2
SHA512 7b68f355163c4feb0848f86a4b177271e2afd12d177d2668259818459f74c75f2bc57e692d3daa04c2ea7fc1fcf62e74e26fa38f6056dcf2a201a53cf4f80ac7

C:\Users\Admin\AppData\Local\Temp\Cab2D3B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar31D0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27d4f38366a59eece7bd23d02db53ffa
SHA1 766dde44ebf80b6dc1abc7185c0514d74ac15de1
SHA256 ae34631d4c28dc38345f9708f7901133cf6b88afdd63de7a02890ff761c92887
SHA512 6fe6b9f92da29a9e2f367253c38298ac725ad3bb9a6b241d28697bdaa7e5798460fc6405005d6fe4036e49378f6d414a1e7073fd3f1ab9f8aa9dcafa3457a0a0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9J3F1Y6H.txt

MD5 b25c0210517345b91f23b5e8e876f691
SHA1 f9ed60ca7b2b8e1f559b51d1940198cb4253d0fa
SHA256 9f845a97aae6fc6e1f66eb95b952e473a4320f71029e6b678c7b0c3b20da36f1
SHA512 a219d47f14cb655390458bdd3cc95fe918e9bb61ac5b441e36a6884647471298e111e24bec50cb74d0d86387a1cb82eddc26421ffb1a333446694f625b44f53c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4420dd23820562f4a111ed21263d02ce
SHA1 5111c4d08a9af7f229d197f5eb128ee126090545
SHA256 16c2735c2a83da5f2b2b5cbde01cc09a76f6aecd942f879e1383807e57713b73
SHA512 61f75f37b34bafd3c97c7e08c2a99ece7d0eb328b9a4fa629af7075c80ae20ac262439ea977cee58b9e1b837632ff1c596ab44ad449b5cc5f7f2ab8fc69bb728

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d947a4dc4540cac76fe77d00de73b92e
SHA1 62cdc15515b9411f118f30b9f81dc2e5c4c69f30
SHA256 3c0bc4a932e05f8ddb7db4f1a33f46f82481dcd4b1c62a68a003b2f5925dd05b
SHA512 f83d3c8da53c9fd2e421a949612227a04783bc307672722611a7d8e91d016a6e3beb604c4b004beb7d2d194846f1742e5f63c5711c67f39235137d244773e2db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6570acbb3a0595235d892ad57212ae7e
SHA1 a31b4d015436c150e3ecb99cc637e2f586d4dbd8
SHA256 c0b1839bf1677d586d82b0214cf068f991e379d813c09bb83a5046d6bddeb5e0
SHA512 d47de1d39b6423e302f1f6e8e883b8e92f37ed6344c560b7942bc052a7873759a501bfde4505eb54ecd29b972dc92692dbf798011153d50017e47fecad15ae1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bdab4bf10b0ca23d94f12230c4e760b
SHA1 f525ee66e2777a45481683387fea9fbdea24d03b
SHA256 9f9cfcdf821c5a0941303c57f2a8218c10605868722eb9bde16cf27ec8d5c66b
SHA512 197e899e4868ef98dce176adb2a28ac8e1c5d3fd186841f648e2b1867f320ac5772373115875eea6de05082c5b567ee93c2a368c8e5f029c60022890674f9cf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a7e580c3b1da2ec80f74800dc90983e
SHA1 9be437c58c7dfc48638b16b635162a2c86aad7dc
SHA256 1ba6a98f4a5a1bcc43f84bcadaf6330abeed07ffc82f6d609772f95cb55f2617
SHA512 57eb317418d0713af59b320b5fcd08c4fc053116f7dd6e8ec850657c1e097e73ae8685cec6246d6d4400c77ee94488a4df84f31ce335d6185e7f060d2e34cb8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d01d6b06b38e40c56066ab6de7fa1cd
SHA1 8b9a98e07df18c635a0e268445b0cc607289ae19
SHA256 3aba77b11caf3212c8f8177ac10656ffc795ea814eca760db0aba9789a092f54
SHA512 36c6b92361075fc7bf982d712ef6a5a0dc5247b8f0958da8c5b29058079cfdc30877a79e7d75ba6475394efb6bde8ef1eca6acff8caf4c969a8491ebd4fb8e89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e22f3be3af8514f901dda15c39db10db
SHA1 dd3e36af1380a4fdb3df1494e50f3ee01d74831f
SHA256 165623da4afddc8763e082314a9f3330b31e0ffed6c445ee7d00284aec35c3f8
SHA512 01b84a33d44a8735f76ae8f20b6a928a6ed93b64a0773e6337d2db9b34757cd89f8cf2d0a389f4ce958d23403d3489dd409b3c3a15758e6519db8fbde770b2c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26227aa8045390e3d9ba666a69b90a1f
SHA1 f5bb4de3714a7af52c05f4cc51edc0d57ce32857
SHA256 c6fa01e13f83ce7a1dc612833623f2a886fb80d93a43c911ddc979dc259e30ff
SHA512 13f8bef424d6fb45b7e0b21d8fbd084acc2dd0a0603aeda6cad50c867d8dd8781d5eb2e310faa4b99e8ff2be40ddd514037d1a78518af838e30af70c31ada977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aae427679e50fe0b1daef2bd59084513
SHA1 cb264e96a59ee432ebdc3c2db68968af0d35ef63
SHA256 2362f960bb94bf0a3363c9e47f286a5bc48a1e6acc6bf5deff6a095f40513a03
SHA512 6f613de4e8c05847a86c78b6b8aed6bf9e865dfb4f5deee2dbef823f325b22977b1e1dcdc4725841542c678c5fe2eb20ab14a6cb095451818bb297ee032ba136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 2ea73b01b2eac48f26f455bfbe25a88b
SHA1 639f8088665e23b2128f9450219313e99549a60b
SHA256 3d77fa978ebea82d7006edd9e74b548d6a0f840fc484a38355453e227b7a74a7
SHA512 344b4b63941c482ef10aeee44a856d97de3168f88d123400d8c4c755420ef2a3b03c7bb7880e8b75a51de3906390b6f0a37cb410f7bdd70703eb60494ebe292d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b0536885164a2badfd106bd3e727e7d
SHA1 36242955fbf4afcb7b7e31f404543bb60e39f1e1
SHA256 e37be9d2fe779b530e6fcedc242766f471be243a078e62294c5badee63c81ec4
SHA512 2a20626c2bd1b55e1423088632f444f030906f1748dbb0fb913b59f95762b50903cd2a82b2aaa3b5a64e2fb1293ee8f0b4a45eb774918738fd4de28620d4229b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53b3ab5eb123296ce363742d6def5a06
SHA1 2e74887cb015b8a87424445b456bc4e5be648691
SHA256 773b49d92fa10191ba5af0669db47384f05390df5d1932c87754664cb8534cb3
SHA512 21c026d340e6d86ce891be2818621e5c3d88ed79830eb48f9530e90ebdcbccbe7736104a7b4991e7cb7ef657173dfb7bea24f649962c47f946881bdf83b2893d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f0a3cb37297503732ca8b696811b26
SHA1 fd0758e2ca4950aa14a9b8ea5bb568eafd92f296
SHA256 8b9e3cf8056c230796f9d1e13b4e81dcb45ebfa80f6edef2a08d7b283b7ef1dd
SHA512 e8f7e14f39ba81e2ee8e9c4330cb7de3113356278e70768016d867dd204e2a9607b822973cbcef7cd3d1c6840b18fe981a0964da3cb35a097c6d9bde796d046c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99657c87d199d93f63d0097025aa4d6e
SHA1 fa8bbd4e37b30b892b6d96b68fea28c4fb6526f4
SHA256 60f4d2057f444c7d54c543a846b5d799de48fc38777f165fa5bdb3ba04e05310
SHA512 6179bfc3624bcb7813c90d7dcb5bea4410439893ff6afc6b8c8a4378a7ad53fe6e52ca9b7e152ba6ed3e5310f06e42594d0bb73df29242c84f269e09547b8bcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccad074600b715fa0a7f5b0df8e04ca5
SHA1 d5ec10fba66a8842f22e99019cffb8341fa2adbe
SHA256 a9a0deb07ae70e549fb0370fa9ba38772a1f01cacee4afe566f44c25f0bdf33e
SHA512 8746e34ae6e596d6f4dae77ee04af36a86274b90b21cb95717b32ab9bb224ee3f185d935da35c653864b58f87139d63218f6f9e6a566c62b55815b12338678e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b49622bb6d994b94292d0651299c5c
SHA1 cd8cd1b4a2fdd106804db6468f907aa3b5c8ab82
SHA256 1bc49b31dc05e7c981cb3997f3802f2c24f97dcdb3496bf7ae5f85ce33a039ef
SHA512 87e7ade3f73b42a92a74efaaeb0d8c214d2d3588bc9f013ab7213c5bb2020220910a8152156be842329d428636926dffbe821f34179bde4879a958f8559f6bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b20ce5a6c50b022d9f7ed63c5e44de15
SHA1 7bf3e0e9dee90887088a7d934016d8b6dddb4d25
SHA256 6c8292c313718b9159b0728c8bb07eff3887f9a10e4dd785da201e10bad6ff72
SHA512 64e70cab4f9eaa959db09a6787386c6e685fb7f6288c15a400dd54631d584a0bada08cf5040b18be1867d6a5f20186d98390f1ddabbf02da62c671bd9e5f58b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac1aba439304f0bde2617b3a2331e686
SHA1 b3783f66a2b96e87c4f6e1c5172d1db27e9ec17a
SHA256 aa213fc84753a2dfeb3c19dfb545d8db1a3e71ef80a65e9b18410a950915a990
SHA512 4042a221844a182a30e01906f63a65818980f1cf13c4aa019b242833f8245c020eea1ce9fdba8166bbe6a1fe7aa8af227205d74ce2c95cb314ef026b86ab3593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7102b3a464506d6a88ab37edd9f38590
SHA1 a47274e231be3cc03dc26725c5049fd1fc3556d2
SHA256 d96c59f754cf8f4aed1eb82812449ee750f0cb7acc8c22d4d6a47303b154946c
SHA512 8259293496d4420129257a0870bc4b063aed9f465281cfd5207deb37834c7be6f096c2aa127b20b4c2662c70145f1e1d2ca449e501bedee0181b2f5de416d453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad789fceb547e1891d25035d21435aa
SHA1 7f5fe07636c3dcea0643e3c94b739589f99f32b8
SHA256 bf718eb5b076b7c43a7b93df41c8cd8fa8f6ec5560280e8a62ec58e6509db577
SHA512 8d12322807cafe3d7d18335d5be823dcc99a84466703284327d29d4990bb6630a50b7d33ef629a16289bb0d28aa9d75e682284ed0e2a7c4f718a51ca09e4761e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c9fabe366916483a44bf21281fbff28
SHA1 2d974bd6f16a1b8ccfcc0d99581b852d5fd760ee
SHA256 ce12a7e89e020c76b7362fc8c1c7534be0a118328b018bbde0ad489d55364270
SHA512 73279c1fdaa57aa310dd864702e207511d7388c7816df4ab3c0db165d48b7e1a6769c04b00d7380dda20a2348bb654702ca315554930524d4afd9997b306110f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5af7b5d0fd016a31f382a8bd9d1c0ee1
SHA1 1ac987618505092ab9ee2f10c642ee70cf6450af
SHA256 0d4ecb086a689ba0f9a817bb89b0cc275f006ae280ad30bcfdd8a94d30af4a04
SHA512 2eb1edd711179d72a6050e2dd155600facd9b62e6ae07e7a92aaf07a703cd246e37c3d9575ecd1004f378de8fd8febd167592c1242f3dce8807bef573952c067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d92f1f3fc4bb38408f5f2963f0652ed
SHA1 1a110dc4581b1a940e2215c6496e74af0141b6b1
SHA256 9f3127c8ed198e20c2331a5ce6b68ab111a3e2f11c5fc8d30e858154af329b0b
SHA512 effb049ab92e91f89061958d4813ad25eddbaf3c115df784de3ab10d606497282a34b1cc73e1ccde5b0d924f515b0a37ecb19596319f494a441d3ce023b4e06a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55f3bde289fed2eda01c9963ae0d03e0
SHA1 a9be53fc06aa01f325d0f675d82515979afd2c7f
SHA256 fba4b827caba2cf01d687d554a54222498785b10d03eac880b97df96a2a2edff
SHA512 b6ed0404c7870946fd9497ff167225460bb0fdd8b5c0ffacb0d36c63e84eb91b3b7a5b551923873cb3f11cdb2711c494c1e2265618b6222fabf77cc408343224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7a17d1806be321630ef72da891b0d08
SHA1 2824100e9a2b0701d54f5c11185e3cff79d6cdf7
SHA256 ca07299e8b8d14da58c985f38cc58c4523440ab8acbc46393919ff6bb85431d7
SHA512 43ff464c12f77deb2dd8fcf1582a17727db2f31c97b149e802eefdb6f3b99718fbe59f13fb04e44d6cbdb91a1058932f47d73019c933fc34e43aa0458903167b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 402f1325499e47bdf6e66e6c47d6832d
SHA1 8c42dc85896655d6cef0c94cbd8db560d41e9b09
SHA256 bdfdb1e72afbe9ec76eefcd70047affc6cf96dbd7fb7c1c1e9d388b946e75697
SHA512 fe0cf26edf921486884ba325260c9a56fdc74ba74d56abbccced5d5ec98bbf926364ad03754dff1557811ef74dcdcbba67bca54f0fb3157f2dc5f1673759b4ec

C:\Users\Admin\AppData\Local\Temp\~DFC74DBF9261589136.TMP

MD5 43da5a86dcad53cbf5221d28677304ce
SHA1 792a035e4f45ab9ba4695e674229961a25883785
SHA256 26027bc51b268e60a7067e2ec32fa6785d36e836fcd93122980705382cf460a4
SHA512 af675fdf9455d450f37cd895c59699749443215d8ad8c9be568c189aee11241467c9ab9e4209399b353267f476ec3e075583124eb9de980e59b02d8b6985469b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 338a560048a0198e11672505831e48d1
SHA1 c29af3749c687efd9b4dfa39c4de630ced6fbe84
SHA256 6a32783773e0cb9b9e1ab7b862e556a7c343636d4a5f147d414d4caf73835635
SHA512 a6a6dd126cc7fe090bc8de4760fd5c9ca79b76aefb98d68ee3b391a723d6cf259fb4896757fc92fc4eb2d52f90769cc4c639a60f95cfb8ea5211231ca62bb4ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a1eb383a905297cfa10c7cd9bb497423
SHA1 c600ea6f267e6ac4ad5603c001122019982d2a9a
SHA256 9ba6d1ff1143d4bae07a7bb7b8563d4d3855da16f883fb993349bbf66e475875
SHA512 726afdc73030998a0216dd25e5c55fc847d3920352685641e554fadab839a5b42727f93402a36e7fb7a9e89cd6eabda889fce299e8f9291a8ef422163b8db98f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b4fb44128287777f0b1dc436c2f1ea6
SHA1 1db05ab5f59ec5126d63873870e856f9a8ace685
SHA256 34e53b9a1ed9afccb3875d5ec1656cfd08115fb60415c3447aea0b54b48150ab
SHA512 05d411a2ec2d033d7990cd8a53fbce08f082411ecdfa5deb25575893346e7efb80db983d1d4ac62c01ad680b05688650e006b0ef161c46efbf717a6a99d41b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd88e99c38aa91c8989f7a7fc51a62a3
SHA1 6b1a64fc491a235c6859d3f486442df4dccfaab9
SHA256 c66bf0ea5905fd733e331b45646d3c243a679a9227f0d231467db0065e325f04
SHA512 ba5b83363011643cb458875db73e6a6306446ce9d3e033383b45e854cf2a8517d37ae0cda1c7c56fac9fef5a56b044e25d69588f0a541aa03afec12fb9fd969c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d058d1d02fec1025ae3746c2cff646fd
SHA1 7a03f68fb7d3c4af0bc4db470b6b0cf4bd1098ed
SHA256 f3a4b452a52c5a602a0b6b5befb45d05349d3258c0801f340080a026ea99e1ee
SHA512 ee35b068229f5d127d68fa81dabc68299f7360ba3a6c7569f0483de91ca07bc8716db1777474e7436c3fdb613d3412b5e1c49051bab004d937ec959b3d7c9e83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faadbcb6faef23149571b187c38fba46
SHA1 dd1b469e7efdb13dd775e2e3fd3cc745dc04306f
SHA256 ebb5d03cf3a235abc6bcf1147522abf260de50418f8edbbd482a1050a579e862
SHA512 d55ff1a7ec3076599aafeb736317a81b633376186bea8e9f7ee90764569885055835acb55a1c5d121f558162d082f24b531ac89c48187bcb5aa0fbf10477b77d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd7d7a753a4c41bfb2ba12ce167aad93
SHA1 d8f112a76593df72482f7931213bfe906850cac8
SHA256 9b9af1d26b6988ac252a3bc18474d4c5d826949891d5d4820b4da863863272bc
SHA512 c912777596149c4e4e5ecb5b3bceb36e3339286a5ab8b8407f760583c3ddbe8250f8cd99d7ef54d96537b8da35e2791ba2e512751613ab6abc8549e1ce8c8377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 197b20b3a16e3208e5c82d1417c2bf1b
SHA1 bfdc5faa43ceb6365284aaef799ca1a31dbd3db8
SHA256 522f5eb0ad945f3461fee630d60d43bcb8a6f3b3e308a41dee3fd146d6ca455c
SHA512 adf0bb6b07cf8af1c67eb03e26e9ca6a2c50f675d0497c597446fc1e9412ce52f5377fd62c4a7c80b4b205a2fd584916bde386d057eb85c02fba6cdf3cfb9884

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c1c9762e72e4e815f41e1d6b116684d
SHA1 32fb147539d7e820914be754a9bdf9ad58f5a51f
SHA256 a69d713ecee6f4278d0f584cc1624c1985e4d6849196cb661d9097cd458fa336
SHA512 f90870c87435c2d000c2327b84fba4af0ec50814ab6149010c77ee43e2d624fe12211cd1873fa07f3fcacadaa0dadbfa4a2475fcd96d798683473dd32a326f4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e48ec132bbf22aa8872e1adaa101d852
SHA1 32553387ff5667e443da1a2b0c4ba61fa910986f
SHA256 27679c68a8b6650763fa13b669080116d48fd9c6c3a34b35e400cfc131adb2a1
SHA512 5e7e4cd8e21bd248164edcc8c78d4f0fc945edecb4fc83e2bcfc61eb39bab6ea75fcdc91523ed4e8c75ea671d7087a9a0b6850e899197a2d38c053eb6f969d14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 274cc1e24feb1aee4b2706dff2670918
SHA1 b34ae3813ac5c62cd009fe6a4605fc9521e38d6e
SHA256 dae8f91944aff0c8890fbf81fcc2c1107d3ff1a1c415bd0e9fcd45918722b821
SHA512 5c916739104a07a2e5df114dd00796b99721bb4f78b961cdc5adde4c9909e476f0bffb55a652eedacecf0647f74f681805fddf8a56b8c41b0537543866a43c7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a21f0afc88b58d6f73aa815701a066d2
SHA1 c14b015d29f8946ef3d38c7bd797e76767e250e7
SHA256 0238e090dbd8e4d79a9ab92294b0417a432adda3afce4cfd7981d1a5c39b0fa1
SHA512 1ba958ada1a8157baa3f7dc38ffdc5bc626e6935cd319f22ca5f20aa8380a16c8fef4084c258c39fc9d3efe4b75782ad3da77d3a59b47a235ff79860a88567c4

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-09 18:50

Reported

2025-01-09 18:58

Platform

win11-20241007-en

Max time kernel

466s

Max time network

460s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe"

Signatures

Detected google phishing page

phishing google

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 6000 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 6000 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 6000 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 6000 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 6000 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 6000 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe C:\Windows\SysWOW64\cmd.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1956 wrote to memory of 2268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 4432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 1520 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 1520 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe

"C:\Users\Admin\AppData\Local\Temp\rY8DrQ2BP8CR.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f276958b-f792-49d7-a8f3-a12c933f5e04} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9ddef1-0ccb-4c88-ad8e-d36587a24862} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5f7f836-0d99-4b8f-876b-d9cefadc172c} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3452 -childID 2 -isForBrowser -prefsHandle 3260 -prefMapHandle 3456 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d695192-2fff-416a-a117-4df85beb46ec} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4416 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3512 -prefMapHandle 4412 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {578cba68-78a9-496d-9fed-6f862255731f} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5412 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1d5d9d-4e6d-4b5e-808c-24e7a39b6f56} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5556 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70aed3f0-37c7-4357-8049-4e3a1b4bbc44} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5760 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a9539b0-7048-47cb-8f7d-ea088272650b} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6220 -prefMapHandle 6228 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23837eb1-6ba1-4232-bd40-1bf9f886c74e} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" tab

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ffaefa03cb8,0x7ffaefa03cc8,0x7ffaefa03cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8976572160663351219,15201498004185757271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

Network

Country Destination Domain Proto
FR 51.38.37.194:3333 tcp
US 8.8.8.8:53 194.37.38.51.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
N/A 127.0.0.1:50343 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
N/A 127.0.0.1:50352 tcp
GB 2.18.66.64:443 tcp
US 20.42.65.94:443 browser.pipe.aria.microsoft.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
GB 95.101.143.243:443 ow1.res.office365.com tcp
GB 95.101.143.211:443 www.bing.com tcp
US 8.8.8.8:53 211.143.101.95.in-addr.arpa udp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 88.221.134.251:443 th.bing.com tcp
GB 88.221.134.251:443 th.bing.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
GB 2.18.190.203:443 aefd.nelreports.net tcp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:443 mail.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 74.125.133.94:443 accounts.google.ro tcp
GB 74.125.133.94:443 accounts.google.ro tcp
US 8.8.8.8:53 94.133.125.74.in-addr.arpa udp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 216.58.212.238:443 lh3.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.178.14:443 ogs.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 216.58.212.202:443 ogads-pa.clients6.google.com tcp
GB 216.58.212.202:443 ogads-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.178.10:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 142.250.178.10:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 172.217.169.42:443 addons-pa.clients6.google.com tcp
GB 142.250.178.10:443 appsgrowthpromo-pa.clients6.google.com udp
GB 172.217.169.42:443 addons-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com tcp
GB 172.217.16.229:443 mail-ads.google.com tcp
GB 216.58.212.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 172.217.16.229:443 mail-ads.google.com tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 216.58.212.234:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.178.1:443 ci3.googleusercontent.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.25:443 r.bing.com tcp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
GB 142.250.200.46:443 workspace.google.com tcp
GB 142.250.200.46:443 workspace.google.com udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.187.219:443 storage.googleapis.com tcp
GB 142.250.187.219:443 storage.googleapis.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 216.58.213.8:443 ssl.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.169.78:443 drive.google.com tcp
GB 172.217.169.78:443 drive.google.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com udp
BE 66.102.1.84:443 accounts.google.com udp
GB 172.217.169.78:443 drive.google.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 216.58.212.238:443 lh3.google.com udp
GB 142.250.178.14:443 contacts.google.com udp
GB 142.250.187.238:443 clients6.google.com tcp
GB 216.58.212.202:443 ogads-pa.clients6.google.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 216.58.212.202:443 ogads-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 142.250.200.42:443 people-pa.clients6.google.com tcp
GB 142.250.178.10:443 youtube.googleapis.com udp
GB 142.250.178.10:443 youtube.googleapis.com udp
GB 172.217.169.42:443 youtube.googleapis.com udp
GB 172.217.169.42:443 youtube.googleapis.com udp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.179.238:443 docs.google.com tcp
GB 142.250.179.234:443 youtube.googleapis.com udp
GB 172.217.169.78:443 drive.google.com udp
GB 142.250.200.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.203:443 aefd.nelreports.net udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 216.58.212.193:443 drive.usercontent.google.com tcp
GB 216.58.212.193:443 drive.usercontent.google.com udp
GB 216.58.212.193:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.179.234:443 youtube.googleapis.com udp
GB 142.250.178.14:443 contacts.google.com udp
GB 172.217.169.78:443 drive.google.com udp
BE 66.102.1.84:443 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.169.78:443 drive.google.com udp
GB 142.250.179.234:443 youtube.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 95.101.143.192:443 www.bing.com tcp
GB 95.101.143.192:443 www.bing.com tcp
GB 95.101.143.192:443 www.bing.com tcp
GB 95.101.143.192:443 www.bing.com tcp
US 8.8.8.8:53 192.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.195:443 r.bing.com tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 88.221.135.11:443 th.bing.com tcp
GB 88.221.135.11:443 th.bing.com tcp
GB 74.125.133.94:443 accounts.google.ro udp
GB 74.125.133.94:443 accounts.google.ro udp
US 8.8.8.8:53 195.143.101.95.in-addr.arpa udp

Files

memory/6000-1-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-0-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-2-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-3-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-4-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-5-0x0000000140000000-0x000000014227E000-memory.dmp

memory/6000-6-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-544-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-545-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-547-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-548-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-549-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-550-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-551-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-552-0x00000000023A0000-0x00000000023A1000-memory.dmp

memory/6000-554-0x00000000023A0000-0x00000000023A1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

MD5 14df33b8d5c405053bb452c7a593f78f
SHA1 7af9328bf254523248c7b7a0676f3935f1e61903
SHA256 82022851ddf4ab19cefad7944802dd5d42950f1482b595c1ad265f0d1a47c4d4
SHA512 de28a339aba84bf02c5426bf9e1f4e8b91f9f5c399db73ef7f59245c0f024dbec9155e3f158af1a6a8222169cf91f9664a5e44b065841792fe27924ee1cb3235

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

MD5 12245c3f4a6a8a4df0b0215e740dad59
SHA1 ef05d96bb6ec8228705b01fb0060a5a9662d35cc
SHA256 bb04f23a7e0db24a864e5b5325f921a1d88732efc955b9faf5653ec0238f9475
SHA512 7017b4b64b3400973098d65f13eb888b9cbccd88a422a9bac5128b9b10b15e4c2a981dddcb79f0acdcccee95c28d457a6d6ee52f5acbc8a7f0bdf578d56b1ff9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\bc7a4189-eeb1-48ef-9ac3-04b62911e158

MD5 3c057249c25209c15c4ee23ad2a5ea23
SHA1 816754dc3c58661da207e997aaf2e3cd3f571142
SHA256 4c21ab911cd35b20a2e7eccf40c7e39ad6898ac3d576dc0704955a672a5c28c3
SHA512 5b9d85fa12738a75196d4ee266576cfd1dac83046c2a776cf225098371db18feb1d6873f0ac3cb16bd6d2c464362f644b94e768a709af81ec1b566fd65f8375e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\5604bdcc-6286-4bde-901c-a65f9cfb34a5

MD5 360fa28d21f55eb7d65c458c0f7439e4
SHA1 ba234e8c75deae17c37705c85c6f62113467242f
SHA256 0553eb13dacae529e86681dc9f16f5e414880b70b44424feab75ae4cc9f7139b
SHA512 554ca393b7c066139b9c2113639bf351b818e80ec9e16a3f77be9a5796847496aa17f1860e30562c64893b3fe1fd1d30c51b409c05604f330b03280b62531090

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

MD5 9f51d9fa1fbba2b9bb912bbcc3eeda25
SHA1 3dabbb72126bdf3cfc56dd389ae9e30818a5d0a6
SHA256 1ebef0f08e65f0c49b31709013a86be26751794e434b7812a8d6d77ace1cd0f2
SHA512 a7a643ecef2001ea5e2b7466bc4f3012777ff2f289edc46d174cb5affe05055d130fd853cc80d69fd52c219a21a0797339945d051e8a8aba16a941ec41b9e65c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 96c542dec016d9ec1ecc4dddfcbaac66
SHA1 6199f7648bb744efa58acf7b96fee85d938389e4
SHA256 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512 cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

MD5 bb68899bf295f6c506ab39d9e238ac4f
SHA1 3d1b9186a628e0b5c588425d5d58375aacddc0d5
SHA256 9a073638ed05110a89c7b3e653dc8b2974c977416ce97dfe0d7e70ce7978135f
SHA512 111afa7980f66a351d50a83a6b732b21f2f32a30c5c81487369ecc9894385a0031840034128bef1bd16b67e8043d18f18375400b9dc4722993e77e455bdcdf0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\59962467-f958-4c4b-8388-cf5b1cb051be

MD5 63ff8fe07aa9e88403c805d04424da82
SHA1 cfd852354d526be53605c29f8ca7289c2343a968
SHA256 8bf942d0e79aa71f7f4460965bde392bf81c87f70a859cf87f70a537d0f0d7b9
SHA512 12c16fb663ede927de8f02ce445eec34ec4c386100c3793f162c1b91566249fd4e68aa4b2c2ad26ac67e59010eb7c4eeb1921df4f569b9643e052dfb69be9694

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 43d8b5e920dfc7a58a8b27df40240514
SHA1 be2447441d74a1942866558fe4293c7aa86b9b04
SHA256 e63c0c180ca3d780ddc90291529ca3595e3027b85379999cdc88aa86b130ecf1
SHA512 d60d5451178387830635994f31e7b14a427ed97e1eda47a06218537e185748310fc075be3dd26b83bf8c56a51ed392ada45f1eceb45bffc8dd3b21b4456160d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionCheckpoints.json

MD5 a0821bc1a142e3b5bca852e1090c9f2c
SHA1 e51beb8731e990129d965ddb60530d198c73825f
SHA256 db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2
SHA512 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

MD5 e0b2484ecdfe3676115d47479ff70950
SHA1 76a5e6a3680813428614ddd779a087b25fa27ebe
SHA256 37d37a17c94f120bf990e6408ffde2e4330711ed2fd20b508913b4032db498d4
SHA512 4e45562a17bbeeb2d53edb23d965d3273880756300a95657f3576afdca852421b3653d33c095f110742f49e41758cec45a33cd35c6b11ce5e13867487dc3a2e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

MD5 24d9ccd0454a528719c74b85b0df007a
SHA1 4d0c17bad0897d45863c83f2aac3f6d43239bc8e
SHA256 c1e414f65c11c2f733512a173b7df61a5380bf186ff44f0b5fba0e75b6fe10e5
SHA512 6da1253aabc3685bc634a81e734f5885e0698ca46ed09e0e7abe3f8acd9ad1c8f517361d9d498c27f126b19d6111d332f0d0915cd6e7850e3aee2a00f1f1de47

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 76fbe77cbc68f3bd5f0decad25775716
SHA1 2ebc2dea0b2224ea73fb5413d94ad38218122bf3
SHA256 8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6
SHA512 1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\698f737e-b99f-41c6-a8e6-50ca059b8592.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e11c77d0fa99af6b1b282a22dcb1cf4a
SHA1 2593a41a6a63143d837700d01aa27b1817d17a4d
SHA256 d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512 c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

\??\pipe\LOCAL\crashpad_560_DLPRMPICXCJNYMRN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c0a1774f8079fe496e694f35dfdcf8bc
SHA1 da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256 c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA512 60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 684d6c1a562e7e13d9b5076b68f6dff1
SHA1 39863ebedde54fc3354f3e6cdf0e186f322156e0
SHA256 9df882fd397fd254d8160a8748b8c17a87639f79769dab907d8e8c8e763ee242
SHA512 02481c05b3f7b8ee663fd3e4e368ba2a0a8a64e82f87ab9dc1d4788b954c9eff8a98a7e7fa1e250f8931e0f5d691c33a1a87710ea1e8317a393b5690c7aa068a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14112b93e64675c746857ed40cf0683b
SHA1 b4e30d699453de77ade13e3feeaf985978d3b010
SHA256 03aa84fe506aed75ac3cf5b57226d24178ec0f59d3ef848d966198f85808fcb3
SHA512 6c37520977903cc0c17f279e95ca7b5fd17878527fa2d05ae669ceddbc9c933cf3922581cba30a508ea271a5df1405aa132ffef187986aeda1e70a03471a38ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e82358ae6a98b92f9680024da62ba03
SHA1 94afeb4b30c16cdd95d70d6dfb31cc67dce43865
SHA256 d1a0e0de7d697b8defdb59cb3d878f3ee9c242924950aa9fc1f6304eec14f0a0
SHA512 172bbcecbdd212b30d6413d5e35cb305975353ccdaa412cec92b9f27fd16dda9d7b1277c950863b9b404ceb3ffc7f4ac5733d2c2221530aebcbb86cf4a20e1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6ecc9c028e0f2e34a5cf5e05fcd66d7
SHA1 0ed530165edd53741609ba6d2b5a2fda78567ac6
SHA256 1d915e22e1c77d959a1fa62080c8dfd9b9ff6d62aaab9246cbb96afe145e2d3c
SHA512 b2328212f6aee2bef6bea0a1fbbe047636ca2799925ef50211bb5af9de6438c3846b39515780e5dfeb62f7c11e891f6ae2bd40b541a30651baf005820535388f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a708e.TMP

MD5 03025d06710c6875a5516f47cc6cfe24
SHA1 feddff3de284766db62f879f95f635d6fbdce629
SHA256 2dd6e2a36ab7845de2038c146ebdc5fd8bf3e20e5d249d7116e46e7f415c47d7
SHA512 59c2b400a37068fcceba1da3a2c03eef256b03000aca5a51c9b636ee518e7e5b31c086b3c50dbc9397aa0e95bcbbbffef99eabe163427593b2fe0a851fef6ede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a2ffcafd4fd55dbef41703a055933e5
SHA1 098ac8078d8df1154d45006b15fd4fad7a2363a6
SHA256 a1e24bedb00a4df4abbfc149c313345166cd4406a2eaffd48a3b3f470821f8c8
SHA512 cd580cb3f04733534409fea1b28036d4ae0f5e8c97725bf4d67b149dc773ad5e9d6236964375fb2d79cec47780ea518f59cc3ee1d5d6dca6fb023462601e7259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0a7a804b2f4e707b4bb488fe0280ea5
SHA1 22feace947d3ed1d20972ca63b8601c767d87bc6
SHA256 948076d6c32ee4c52ca8eeb9cf6fa39c852ce4439e03cab8d542e71eeceda8cc
SHA512 8607cd8483f7bac243d6827df6f131f8affbd29f6e026a83b488d7cc280703f9e1cead8c54fde01fcc0348cd6cc1af0a1aabc7c98ea70740388157c92925d804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 325045fbc07c0b539b7b4b125f6f8538
SHA1 6fafad448aec9e78055ab243dbaf55cc477bb3b9
SHA256 96916e2061599c208172bc152ce6245b05a7a136c99b62a8d5f93aa0104e9524
SHA512 95fca7075c969f5f3fc3263cb1da67f2e0c19ece9ee194814ea91157b05ba379d569a79d9612f7496b2bcbc8eead0f277212c0c803cb718ae9f333d363d965cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 119eb8250fce7fcbfd43551a5f0844e6
SHA1 06ec5b5cbd2830413b61c340050370be6b1dc314
SHA256 851ffe01834d28f2b5065fcc0e07dae47dd54dc23a668f578799c7f166d91b56
SHA512 3ea5c8ced1910909705d520f199dce3f3732cf84104867a18400f4f9878117462dc89912c4edffc6ac2c557d0575b6a9afc0f3f6fdce5b9aa654f9afa5195668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 958ed6f8617e0bb288283fc82a0d0539
SHA1 9565bd160883a84b810b3d404f0daddf8348caf5
SHA256 75f90966fde3534d8550523468f610b74890661ff34141686a7b4a4e9fde1d0a
SHA512 8ac640db39f69dbf1d590a49f1cf93fc5337abf90c9a8edec2756c3a4a0094da445a0d61ed118989e8a97ecd52bf910fa1f42bf9a2bcf119e6b1490f92c5e411

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fbe3839600733cc3ee2075532d9ac299
SHA1 a4667b861d1dd60645a7d97496bc4c351b4e364f
SHA256 bd9903f15c2ab29c5d33be74937ccd50bacb584dd5603f13126d488d9bae5997
SHA512 2c05ccbcefe67c9a0cae0a49ada1f614a37bcb0913e2d86541d396292f007df7e3b1ed8a452780d22cb82e41db2ffbc34c38e66a2bc8387e9789f7af7752e0fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a260afc542b52a0b00638e106aa7108
SHA1 ff8d9dfc89909fb9e8c2a61c2f534c19b60fe1aa
SHA256 d9db0658788a286890194a493e8ebba27781f4be700cd7be701d5f150a9500f7
SHA512 e20a6b355191925dd460697e862e4d49f5e2c4611c0cfdba12acb909ca9fb84a3c1a9a954232e658e3b6c0a59bd2498d26ce988463959138d08f37dcb4418e17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a227bdf6efd636a3df9ed565e2c8b4fe
SHA1 82b25aea097957560db9cc5bc4474aca2df5f54f
SHA256 4f7c9d74d51d6cd2073de8f44f4c2028ed9c172e1faa0c14e75adb289afa3883
SHA512 6db0599b9575e72d479ec5c7c9c22426f1f480f34e2a16c62dc667e7c74d51fb42c75b2b218a5f5be5a9aa12f5e16f58260bf384110ff3f531a3a2a36ccb42fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12087fe7574afe7f3a804ec841ff7960
SHA1 7d38233ce2290e9f1e8ea12947fcfc429d7882e3
SHA256 2041573270035f62d6e1cf37f6724c6237d97ac8d5ca992fc56c75398b671943
SHA512 41665df5be73af2e3562b401f35049ad3e74bf7a37e09580b83483bdbe159c9041152d809ff0ede91c6bd906eb671402a6a838ebc43d5767f6bfc7c534c5a356

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 a902538f505b7d42ecf822b2c039ad98
SHA1 4281daf9613f6bc27ff26610380d91b32abfb94b
SHA256 52ec78b6f283c539aa66fb9ee8b6a1ff6d82bb6c6bf57c83c4735d00a567f1a7
SHA512 43f9be2a863949460dacb0b154fd6fbf0cb12ba38284e53422bfdb4c523adcd2fc994a64465c7d2e43a5ea637c6a7ccaafa9bbf27bcd92232f59988023c16e13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b4fcf1b83992a695fe035e8821e4f92
SHA1 4b9aa7a106ed68059001ea757e1f3a228efd7ac9
SHA256 cb0d4951a195444f2ae2d76dfb79950de9afa11c769df2f18cbf886aaf3c9f61
SHA512 f0b7f09239de664d56e1675e54f9e40a860c0734a54d398179f6a9026345f069348ef8b386aea993b8836ee88b9809794b438ffc07519a62593f670b9773fc65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4cd537b21bf61d0bb9bba7c2234eeedb
SHA1 26272919a7a34276cc5e90e915ac575afc4b070e
SHA256 5aabfad14125698d800ea4964c1e9a24da3cd7a87bc351257728e3300e2f29bb
SHA512 a3328c23d70a9d5f4b4c9f845678bb52bdfa46d698f7ec806a16291779c97f8c0ca8de223f807bf5ba86a5d33395ef7a4f68abc13c8efd65e18ed8f385db6ed0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 d85c10c6f07a0a6d5b5b0769cdc4d68c
SHA1 3506a10a91cc2c8c21205271c63ca4d47a547f89
SHA256 5ab41dd0f7f115c2b964f96fc629a7125514c7aa9ce906e8da71417918e4888c
SHA512 7d60e87f355fb8ff01e54403eeec6e0ff93dbf7f8903723a9770a6e4b8193369555b8293a62ff13868b3dea1c03c7b864de06663f9b13ae51bad1e3e423dfcdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt.tmp

MD5 970b923fa914cb0dad3bdfa19a4844ad
SHA1 4aecb0847047c3b8184de1c918a52992e5334e5a
SHA256 8e4949ecd7a8bef08e396b6f29237c091135de3a9e55959701f17056e73d10a4
SHA512 099548c7080f1d6b859212e23ceff08aa59fc67d44efc832a491be48b8303d13f646c2594f4991dbf65f0daf758a852185813a3a4e0476c1ae9ee5984d0960f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 bb0883f42bdd16c0e4226bb6a84aa04e
SHA1 c6cd66637ae15866f717c681f44a3822b5498a03
SHA256 474c57e8b92faece6d2ea3e9838fa7630ba990ba3043bd1232a77f7ed1c702b1
SHA512 7bc7f27e48dec5bbca939b30305f2563d68a8b096dbccf4abada3d79736a2ee9cc86f9e945ae12d38ea8bbc5e5b1c4d9c6a931b57c5592120e19974761d3475e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 7d1bc1af07ad906a0e7735838d3b2b21
SHA1 2b38a7a00e46f2fbf2875cc606a8c1c362192454
SHA256 73de3551d63730e6b8584f6edc355bf57e0dc22545b6843e00b78a61d6122a12
SHA512 ca19244eae5316bf7ef74eee70a6007dabb86787519cb062968d10222e792ec9c8a6f94415e0b6b30201225b65f939c521f9019d2b4f6f23170f91b820600a97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 194cdec5bd87e44da0c3ae3bb57896fb
SHA1 87a5fdb39e87700b149b62f3a826f8b9074a9303
SHA256 64d6e9a4fc854dd248f1cdf8d25cb89a0752b47761427395da7e9d0711e30c22
SHA512 67866bf6ab16b24bdbf5fe2c3ad84b5e4a390222e1653b0256db30470cf0733e7e03dfb6a99354569904f01be2cb281ad7f732298ab0ee867c073efe7557e473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\e8b2a0f4-5bb0-49d0-9258-98d5908c625f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb8e380eafad5eb629610dbc123e6443
SHA1 b30c3be9bc31abe8ea31af821aa7fd36b4d03294
SHA256 52196942c3fd3060dcb1f676fa25d2c580eb48658750b37b95f1c7b0599c48b7
SHA512 5e6926228b923c7a7a6677f0a2a31931ef658e48338faeeeaddf35652bea72f8f9e3d98aafb0716d9f206508912221a1f1d0e4fb37d90d911f44a7ad0ab6737b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b9d656bf3afb11362f4f740c193be1f
SHA1 bfa9f3ea408ff46e80a0f39ae7b5055eca7bcabe
SHA256 fc050b57af1dc9078a4da8a8fff33356ff8f99f202cbb13dca7d38766765e9dc
SHA512 ed290d88b878e426a13592cd0d763adbc7483974ef4333b65195f02493db8f19d59edac2c1b7ff6456239ed94a7e3a29d11a61369f9a76d59a2e1db335cf0f5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf2ff832760526456ee1604614316ad9
SHA1 f0a3ed36dc630225894a28a2f9b6536658e03247
SHA256 c2ad2450cb3a21c98e9fd672e67632f05690742b638f152d4e4650dee5841a2b
SHA512 520f8d006914a886a5e88743d2d767b1ad8158102c8f1e7b4a186d7121bafed69f757b1f06f1e1aeef589d533e764a7bc5f3092abb7459635d9b877dcd20677e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bd500.TMP

MD5 2f446ac095868e1146d32fee3ff173fb
SHA1 0bbd3255b22a067551de3d9dff7f0a6c159b5918
SHA256 af973c9449d2e71d39e0615f518fb4717f376bfd78f7a6c166327812b97df428
SHA512 e064190b86c51d8fcfae860ac8edfa2e4b38d4b3c0b181da862bd124b8fe4f0f56f7f67fe180879af1b4005eefb991c9f4c509524bba2fcd149c50fa8cc52634

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1a57de5aae062827c54b5dbdca51d3da
SHA1 40bfe883f2efda5dca0e19fd1c8280b590611175
SHA256 e07bdb9a3ec746d233ca4fb558912805c9545e11519afedf0499d50a27393f34
SHA512 893e77054ff37f8490cb2bdf60b896525991d917c55fbfc286becfd8776c3e77732ae3bdd330c402c3b76ad4f62c5e294013eaa997d14b7045e3018dead7b75d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\36f584cc-0cfe-40b3-be72-16f6d377d024\index-dir\the-real-index

MD5 a11a4287b5541fbde16598cd447b40bd
SHA1 3093fd87e112b9deee387702a86074559dab48b0
SHA256 db3bc0c5a46e0e7b2647e5204e86db1539228ec04300f37a4fb1fe1ee8e033e1
SHA512 69c43ca4b40b218bbd1e6cf6594352933edbd29084e84565ffc3d7668cc987439d59c8e452dce357b734f0d280d8386c3f949e7b78bd8dfc0a4ebbce53683e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\36f584cc-0cfe-40b3-be72-16f6d377d024\index-dir\the-real-index~RFe5bd7af.TMP

MD5 8dd497c20aa13a17937119235930d1b4
SHA1 4fc110d07ca5f878fc11199aa4efeefb57d1bde5
SHA256 11616d8e1a78a80a68040f4b9ba4e9383fc575fc6edb645be031816f9c59503c
SHA512 65deef30fc6d9fe8715c7f97902f2318575d0e1cccb48d9640b2d50c71da1fef664afa2407272a46f365fec466e9a6a1a17f2bd4cea1114e2f593c74dfdc74da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\05ddf94a-c96d-4781-91e2-c14f650478cd\index-dir\the-real-index

MD5 79f9639f139c0602e4abe6cc14280bec
SHA1 8e566cff80aaf1e6c94843e5570d0150c13f555e
SHA256 4eb1d867d8c6c357d8763ca5e58c6bf6667cbc0240d8845a9d878d7a20801312
SHA512 ee3dd38f20fa8262cf4079f8992ab1e096b8783bdb521e98eeb493d43774eabbdff0c1628a5c55f0eb900f7dbb208b20f69a288e5a0d571c0ddccfadff21588b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\05ddf94a-c96d-4781-91e2-c14f650478cd\index-dir\the-real-index~RFe5bd9a3.TMP

MD5 0fff6687506ddb2771ed5444657363d5
SHA1 2c1350a6ec4c53d09bed9dac8c9dbf265732a9ee
SHA256 b761cd492584bffd7751fec7e6ec8a7d4969b9a8fcde953ddfaa242fed72a3a2
SHA512 691baefe05761ced70e234f3951a859e68294b166cc3b7806d49d40cdd4e0b998e04e3ba20f46073c74fd2199502ae8bb7b9060ebc9b2eabea14528342655179

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\b254036a-5a9f-463b-b90a-52f03fe5a193\index-dir\the-real-index

MD5 93f71df85adbead1f7194da73a220f8f
SHA1 7d70d604a0af4fa5a88ba7312787269d94a0984a
SHA256 e7a81bcbab14ea74e0920a4403b137bf37a33f2fb08b64987fdf9b44cefc345e
SHA512 8b2af22ba7e4f54fc12d8c54926e78bc941b0fb497cc2d595d96a921bf21aef77b23411b9ce0081052c5c8719d7824033ed6f9c35800fc9584e7cb4be3f7817e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\b254036a-5a9f-463b-b90a-52f03fe5a193\index-dir\the-real-index~RFe5bd994.TMP

MD5 850bb148dc3ba5991fe12bae38b77954
SHA1 ece46f88cf80ea44c3b8984e22cdae5388d02a04
SHA256 817d7cc3dc1e30903b10dc813fa203da835f7646b728fd7ef91c0f5b28349f74
SHA512 f12c1a899b46395892b6966ff4f988bcb73654331256e62bcedb6938d4ba3f7d04d230702dd00db0c940c48265ed728fec2c00fc3adbb378d59c332f13e91512

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea11e1ab6192af58db94092930b2e3e0
SHA1 9d918d37211a772fcf22ef05782c9cea4b1c83c2
SHA256 4abbe49f889a1fbec662974b004dcf6c03d7071ce496a349a289bc17155c0666
SHA512 d2b7932e294c94559fe9597f39a8f4cc702d1d21525406df420914e10b0feaa34d204be02c6977de9e8d773502b44a5feaa8789e3efca8736de8814dca99e2a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 17d00b2d089be5d4c0a346ea1faf1909
SHA1 0f21b517a74cb713bac71bf332c06758fa30ba58
SHA256 a2f60ae3381b96e3b12a7dc6083064e83ad362090979e2bfc194ba8e5d33558f
SHA512 cbdbeb915e53934ec848e958bbdbc5a3f6929ad4e637b395fd7ced29228d74ba454cf5552a29c851b7308e819c895f3159fb20733f01a0dedcdc4700753852da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d6c6c54dd5e5fae2b35da460571555b
SHA1 e3e67ef9764fb95b4e0c97463679a276c6361853
SHA256 1e72dd10d8e07ed945350013986a97e484c08d072129a7b6c356329e322b6c93
SHA512 b6cd9f4bf6b0be99f70d985efb32d43d9f44a5cf6f7f82d72d97d30b9cdfe2e09dd68f3ce94e6324954fdc0d64e03f9f2c91b57a33c9e486bedbe192aad8b8f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 866625b6f04890d0339fc889512339c8
SHA1 28eceacf632e4178596637e3c014e1886b600f2d
SHA256 fc1c2849205244e3b9f746a893ca32d4baf4f303a5e9f8567bee876331adc5bc
SHA512 3a52e4ac7d05b0693d7544b71b5d656514e1687a41dc9097750be554a264cc930011cc29bf879d82d4408db8d5e8188109f6b8bc3c651c0f9ad3ce32a2e164f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7f38f9e7a43ddf17f6464e6f1122f3b6
SHA1 6802c549d3fbf44240d29a183dbd64f250806f3d
SHA256 803d9d05ebfea1de424356cddcd04ac33fc61ede3fa3136165769cf97b5f7fcd
SHA512 f47881b8bf513635942181862a67175b8104318ff1df5caeec66b62cfff531a94a68203f40d6d3a6b679f10481c696b7e5d46fc04a0042b86b95750625a582a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

MD5 7a02ad085043ee6595f9b9c1fef9cc11
SHA1 3d3c8bac00a82356509826d537ecf36ec8f20ff6
SHA256 60b21de12f160ddaf7dde685af8ef4595a274777f518ecb83190ff5e720a1641
SHA512 cf550a5fecd9139f5f9a1ecce9dea551e5060a090fa4eae32bd23971a4f4217c7f44c4f38498a2e17359b66b811d25ddbd4aae005968b00d6f3963b0d00ef6c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 08071aa230ab530fcd11314ea29ad0f4
SHA1 78d3656ed3c1b7dddad5fc05efb3aee1e0983a17
SHA256 2b8e421ef85c643352cca786eb2ec26b0b7be253bac0774f3c53b1adf069029c
SHA512 94d7bb96bf5abc621d04a995b5e566a6681fc6b4f2a102827e1516cc298cdd7c1f04106907dd8d80020a2d58c93df9cde98f2cb1557e4b99f61aa248c8664708

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ec1ddfbe71510442887b20dedc37169
SHA1 20ac48a9f27bfad82243da88661cc13be6324d58
SHA256 4a7999bb0beafa8affe20e45efcea2fafadd1b7afc503451112f8e4061b93ae2
SHA512 9242874ef2e6095338db2cda56ddb97614657c0c876678c4c9d49f5a1d741377cd2aaa3dfa3aadfc9ea9aec7f1edb34b29c1fd7df0c59963388c2bd6d84739c6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 0c71204dc7dd088aa8f1b279e29d7bf5
SHA1 475dbeb8589312574e6b5f3ca2913b8b80af155b
SHA256 28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1
SHA512 f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\e8b2a0f4-5bb0-49d0-9258-98d5908c625f\index-dir\the-real-index~RFe5c33d9.TMP

MD5 4dd591b5575ff95a66c80398af70a6ba
SHA1 42afd0cb22a7fdc1899d287d5816f3ac77f8a673
SHA256 6bfa20a1526ebfdb6908a9e2490a614f3c67834b102c1e9f0281c9d12334b7bc
SHA512 3d785167b8c9cabd407eee0c49fb72a8d25c447e69c7e5c37aba399d80a380a1a3db680e4e0275aab17d2b8496c7439603d3bfa24af3b1bed87229cf7bf85d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\e8b2a0f4-5bb0-49d0-9258-98d5908c625f\index-dir\the-real-index

MD5 84fffdd87235b08fc8768a8396146164
SHA1 83cd4372c2c2ccc32173801a48c96ed516939bed
SHA256 f424d5120d158b7a4f0dfb374b7f8ae80f4c485be506694804667885612551d9
SHA512 c8b3544cbb5a8ba028dd3787ee52c1151f486635cff00fa875f0fa5d94903a2f6d2958f1a219f56fbd6d7b9ddfb5a81f3719543a30d6d54f029cf743488b5788

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 72739d9dcb4415d35cd0e0029dc7f7a7
SHA1 0c8218cf8fa04595ea3db41fd1b138a9b1b840ae
SHA256 b8c03e8cb676c5468d532bfcd18b0a8d39e38a9d07a1a466ba32db40ddc92a57
SHA512 0a52c5ce4a07c2e218b58cd9484c293f338b34be46768e6c873e19daf130fb68eb22b1982c823fe8e72dcc10a6dec944c2d93075d5b8ea02f659aacb7ad09b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52b13ce6903b52bfa0bcc87507d8285e
SHA1 3ddb88ff64156d9ad92a36a5ced872caaf23eb42
SHA256 716ed3d7d00d6c2be88f17f62f33a3601f6a7751abb946789d80ff5ba3ec815a
SHA512 64a520280ad3c28587b5eb51228515f0b5b2796ad04fad2e2d93a2aea735fcd3c9c29a0e7cca28d1316ce9ee3be26112ea42cfaa562f863b51509fdd4ee37a1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dc132c83e7d20444f6398f47d7cb609e
SHA1 d20481662ac5e3e4821b6cd7897b4a9f178a29e6
SHA256 3767b83a45f8c3cba1b08f54855cc9bce44d811724a0b0e0be383eb64cac95b9
SHA512 8282fa6ef88f57601fe357d19e1eb1f9817671c36ad284ad53c0fd2a8a01d8cc36d3a6c04f9812e3486a559472229e433e7d8e1685da20c3972d47c2e73bfd0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 164bbafd78a1aa990b7aad1cbda935eb
SHA1 f6b29c07917a92da882355ce59536cc34dba8436
SHA256 510ff3711d99a963391811c7033e3e147e3b083e633d87f508cc0ce056ef7ecf
SHA512 ccafb4accf96100150070c461db7df15e0ed87ca6f1632a838b7aba15d201254f4194b1d51bd1835740f94d9a7bfd7dfb8aea27b374e18bf921763ef8f7f054a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1ac044bf62ed2dfec77688711ecc91b
SHA1 ffc6fa700a331e40168c07b0cd17c7b9f171594b
SHA256 3f67a8bd77e950b53c7a051ae37f3986c4cca1aefba6ef33b94cbfb6c70e1685
SHA512 4c7fddcc9d980e0364e1c9fa0306b12f8d4de96f1bdc5f87061d9fa58e236423cea58f3956b59095ffb63f087a6fe21daee596b05ac0ed668097cfaf289296b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 665d3227cfe91aaece70f54cf92d8db9
SHA1 7f4650a402fbb66d503d2facb24d074f6dbb42cf
SHA256 981880195c1931336645458cf9747e778594dbf7b1cd2aaedb8c64bf22d7c349
SHA512 51e479b562884612a50b843d4a106377285ab909bb1428623fa1b6acbd0f87ecdae46b85a3f3116f6484fc84e6697bf8a44694415547d3504f063c984b1ecc48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f2b4bb90a5c6e1a9df0fc0b821472f6
SHA1 ebf44200d30b28ae525e32531e413ef4ef9c080a
SHA256 89a83f63702d5c8a0615104061867c4e8871479a25f81f2fffce3c482e45e020
SHA512 2663472de0c0901fba009840a7342d768c8d144de69cb606fcd24aa6ac3d957693418411bddb131f44d18bc1e295d7354ed81ec482b8a1b7405cffd0d0385138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0be68591474caf7c8e67a27424757acb
SHA1 04b101116105586336cedbcb3d0d04275c30a5d1
SHA256 bb18f5f936448ecaeca0bffcf62de29fb915f7dd074eb427747b1580d1a991c3
SHA512 b99ed27453e6ee2f238d3a6f8f4764abc4d233693d267074943c7fd1bf0ea79c742d8415e3fa26b0565a11732531915339563e0a84dd1720de28e2514208bd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f004609d8f218132e06b4bbab9b3b569
SHA1 686d35114e400151a4a33b641ef744ca535d7efb
SHA256 8b2de78181c7ada63bc5e928aca9d73e87575187a7a32085ed06da3f9e91bc03
SHA512 3b65f590ddcf9db4bf9ea02c04843b6be2af7304ff2c27bcf7015dc27562f9f63450b48b9e6197b2c5c6a90c6a0db88fcf1f7a3a5663aa8e61988a9af44bc254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5aa7edcf69604d7e7033bea0cd19760
SHA1 6a191d7f25e7025abad7d3ed9f668fd5ab8a121c
SHA256 6dadea4cbdaebec8c787f4322926b0af6142e4175e49c38dcbb38f44ed3596aa
SHA512 c0753ce48159cc566dfa4736f75a520f0971dc00b889aa30b5643afb0888b20acc80255899d5a74acc4edb30707d67e394ebb63f84abd2376c326bede8554d47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 82211a11e2b4cda73bf4a9eeb03ff95c
SHA1 fc9b78498d5be8b1ba4e6cd7cc0dcee91951405e
SHA256 5530f310aa622887a0fda0106e0c43657cd11e08e28aea2d43445ac89df3d29f
SHA512 041b9f3edbca9003372d213a75ee448c3531b45f7a42e24cc2083069a351669bb72bdcc50d521dfe8ca17870cf9c9f018bb84cfd246795f13fc45fd0eb16643f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e06004466d3cd69b74399218ccca0b4
SHA1 3cdf4265f55500db354c34df51ca22ec8279ef79
SHA256 f9341af9f98756306e3ca593d94243f0a18eaf2f734e875622fdbe41e3422803
SHA512 e7d3e4e4e20cb23ed96dc0c8930e06f76c937cfeb704f27e50151311847db996cc69bf596fb2c74bdcc13dcc55a67b7f0485e6e14bcce95b40064de73affd8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec4b57ad2e4bbba8c53b907400838e5b
SHA1 1cb1004009b467e7216cca0f4d4a7d7d2b2db3d0
SHA256 4448e60cfc4bfd5d5bd47c5b7dd53af091b0fab486886aa1bf68ca5017283188
SHA512 87f213e9538f702a5cbf7b0987ea31e636fc488927c5c695594415834f363f9a8de599bcbc1a2abe04d840cf95642d15441c95c1f12a76f5607889fc89086094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a4e986a722fc253526b61e8c75ff376
SHA1 8684a6852bb0fd01f9328f3453a1a74037c337e7
SHA256 98b9888ed5da8bec5889dd586adbaa96455d016fca0068ab09f3deae0d2477ff
SHA512 eb7f1676a66964c9c410e9cfaf74b51df93616a5fbb2066479c732130995916d9d9215b9722ebb178db7e1f5ac7f29828bf1b91656de17a79244be783b11f919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e6af7f3d4585172dc2af955f28662f09
SHA1 4bb45a53b1bf0ffb6cf09fea84195d000692b1e4
SHA256 70cd7c6241b071f78dd24c632fc8042463b16db4ae0df37d651466c2bc39d55d
SHA512 10fc9a2044ff9315d9e57a11996fce5948535e332fddea86b355efcbb16520546a075497b4a30b998a3c924893ef90aef23d2510b3e0f00ae8e97b006a584956

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af43e3d00c31786fcdba2d504c02a33b
SHA1 e351a47beecf776d65df6fbd3a5fcbbbcde18572
SHA256 17533bf3be75ca64c220a7e72406ba29ef7c32f417fde977686aef7cd410881b
SHA512 f0352c300b9a0a5508249c3e3f6fffc0b8ebb841862d68e7e7aaa152c15c8b82ffeed64c963eeb8ef1e3e6f8d601019af10a1d8912ac7c7c0dcf49736f19acd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be1b6f89c29060c1cc76bad15a09a7f8
SHA1 7dd7168e19324b6b7c78536396da18e27a1663f8
SHA256 b0feeb568b8b01b8ab48dd5372a97dd656dece6f82fe723c2f8c2dfc37510ba7
SHA512 a20418c71a30bf0c70f0e6e5c376773715757ef1eb3df711b3d275cd45c43771e12e7ad9967ad3327f2a3849d76b2fa4f676d66eb319bdf4015c9d8a41a39272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 daf19f6295f84af1198622150e6d4bb8
SHA1 42cb97301a32da903b2691dd307c37ea56514641
SHA256 a33c928a504dc0019ea948cdfef672ff541dc76913523d9bfbe491890308eb35
SHA512 52cecfc1b9f609d92922491a22ec5f26fcf9c088f0aabd415a1795598af9ed6cddebb2804a68fa102c8a70889a82c3f70fc857b3fe3b9079a19211c054997d6e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage__tmp_for_rebuild\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 661760f65468e15dd28c1fd21fb55e6d
SHA1 207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA256 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA512 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 32b9dc9cc81d0682e78627c873fdd651
SHA1 46c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512 f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 0b854a86c4a2e0010dede805a3ca3d30
SHA1 282367fea0a07eef6eab86462781d2dbb26867e4
SHA256 98f6d80a5d48b6ca0bda31e2e382c4ed59dc24556c5e6cea6816a2d3b239d245
SHA512 9d00af7f07b8f820c5ce71741a3470964023e98083b4a08a4d9433281aa944a3c03a0eeb9147031791396d39480e6117b650d399563d91feb72c1753ebbad70a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 0aceb60528dc5d9df8b11eb813fb0c53
SHA1 fb88c5becd2cdfb5ddc277a0c9962c0b7faca1be
SHA256 c5aec61d606b9073baaeca2e5b6f414bd06111948a29184fa9bff7fef036fb90
SHA512 6071700ff3c2ef72c6656637b50a161d4414aa231611668a108bbe159f90185e62070d5810b4de9ffce991616b1b4bf9a99236f5b0491e8096168412520e173f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0eb18793cf3ecbfb21863f8884b03bf5
SHA1 3fdbf08352aab12100ca62e47943349a36b00ef9
SHA256 500df6e451903d9c99a83f9b4dd342c40bf277d18c90aa03c720bc1133d7d408
SHA512 8120e308ea594c911cb5355a4907c439977fe5a084a701b65c98c78259c24f73b1cda25bf16329f6c8db94cf1c9f501b89a9da958a3fe9f7bd35dfdc716a1110

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 353419c596d6f76f3b2d0c08ef3792fd
SHA1 5ce9fa3d922305c058da9e09834f68ca32322450
SHA256 3f2e83eb9b8861e844e36754c0d84e98cdd26880e29c34174583607900f0e736
SHA512 6606cbd297733200e9a8143b828c10f2f3624e1d510dfb620a0a73756147aa645fe75d880a3ff239bbc13e242640ed2a9184fb73e6e15207b062e865a2df337b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bf4aeed22520c42394b8894c79f224ec
SHA1 be42e16c4885f01c3a5e38536394067416bd93c2
SHA256 ae109e2cfa8df1386c05fe02c76289967c81ebcf0415deccc6e8652bded509b0
SHA512 c4674bb612797e4be854c52469a2079a00b0a0f0ea9c0602934cb5407e892907511064b8cd617b72ec8a0084b03980285da3e737e3677accf4f836341cb026c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 377b599d78204a454f071700cab74a7a
SHA1 d932f773c0bd5151bd266a120aa10a12396edae6
SHA256 8d17a497e4465025a875894d2c34d5b6374b8da03efcc4cb0de7f64ab8bc2c74
SHA512 9331d46460724d4fb4c590ff25da6113110f5a28ac42d21143d6ffe023ab2fe84e9d555eb853c2cfcb90f2d654070e4bf952e9a1a506baaeefeee502dd0a6139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2fabc892e8b270f57f99d3aed4481b8
SHA1 e385e01811d6018ebf64aa7fa6c56e0a767eaab6
SHA256 67843b4050ed66b2a7288816f2215e1c440b266155f0a01de9ea81433beb62f8
SHA512 c4e75fdc81a4c3a518ffaa031f72d882ad0f594ce235002ce699713c62783756a510afb2c4323f55c3a847f9a0c4deca59a6052160d2791b1bfcfd53071d40b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3574e0e2317cf365342e2dd6351f327
SHA1 9640460dba72927de72831d1fac0dd1a61d584b4
SHA256 81cc976b2766a583e22548f46665075d6df71e49de275ed695c7c5c770d10be8
SHA512 a1a57ce88bba1601d86097e6bcb5a136f2794fd057c8183c3024568681fd00f89ad450b9920595d6ce609373bbc6551a81459bf8557abcd23992dcedca96c61b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6227489a091590c2167a5603aa87512b
SHA1 9468af7887faedc935b7270e21636606aca883df
SHA256 54e0fd0b46beb55bf5da80e4c24e19f73425ef870c27c8a780d26ceae4bdb410
SHA512 c8ccd7b3a9eefdc085e8c31e76cd2958244be619bc020be0d4ed1ce9f0a4a03271c55e989924c727b60710ee78b32392d1fabbe1297e0ea2ef63dff04e807a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1ac1191ab0ce96257b09a6d8052477d5
SHA1 d5b65f991f76d0b93c68e5430a23a3eff40117b3
SHA256 329740c2c547477d7c2fe36b287e01b698d7aebfcf0a87992419864b3564ebce
SHA512 22fb4fe11733717ce699d1f0cd28bfbfe5f9d9bc24ad10feea093340d5e3da461fc3f4fe9d5501cc81f8200fdc3c44729b9662267fbf26b304c47a972143f4f4