Malware Analysis Report

2024-11-16 15:52

Sample ID 240206-ecby4sgebm
Target f619f14d19db93c671eb6214a3881d50.bin
SHA256 f60d04f87738a0ca09404b1439d31469e7629f16643bcda267283eb7ab767731
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f60d04f87738a0ca09404b1439d31469e7629f16643bcda267283eb7ab767731

Threat Level: Known bad

The file f619f14d19db93c671eb6214a3881d50.bin was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 03:47

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 03:47

Reported

2024-02-06 03:49

Platform

win7-20231129-en

Max time kernel

75s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F2CB8E1-C4A2-11EE-8232-4E2C21FEB07B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000947045eb5f05128bcc42d6989154b9deefb40baca1506fd55920ec36dda11b57000000000e8000000002000020000000b222ae601cb85cf93ccd475491ffc81cf1323ab9c2c150b5212a0946f16f431f900000001856023779a0717ebebb595ab84ec56d83666fca800a3e51547afd6e6a403f816ad8743b11344d78aea86f0e3fda1886d394b13658160a74203e98c32b9d9d4dd6178f4d7827dc85cabc46a1b54a152e97fe8fcfee4bc5b9e312a2dd7f0d62cbcd02bfd97d1b7da6b65191897ff3763308964b30f2f57280499729dbe753d8c22294360035ddb1bc7892a41b9614b92b400000000be1270990260f8c19703f3de8762cbf50db43b170fb29254f0377071921aa843142faf3b3b67a2b730be92531959736b01a26dfdbc0be4e7bae0fbb758fe6cd C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F2A5781-C4A2-11EE-8232-4E2C21FEB07B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f1200000000002000000000010660000000100002000000072758d6b4fb94e8ebfb1f0f0e8b7dc1c49336771cd9040c6d1f181f94de47404000000000e8000000002000020000000e1f218167afc480289278d78badfe50362fccadfc3408071e9ec3c4ad1f160a72000000089454de566f06549f99ae1f1ac09cc2fb4eb8ffaa76d21a959e0b47b9c39c1cb40000000e9a56eb606887bdfb75279d2c104b7351fc291afc6e36a5612b29b1d6ed3a0df0e1b9d5e0855e0e9e3f4f536a7fb3bc8580d18db8701faf27946d77ede5882a2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2088 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2088 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1708 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1844 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1844 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1844 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2412 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1692 wrote to memory of 680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1692 wrote to memory of 680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2088 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2088 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe

"C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6329758,0x7fef6329768,0x7fef6329778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6329758,0x7fef6329768,0x7fef6329778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6329758,0x7fef6329768,0x7fef6329778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.0.856113249\215010082" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1132 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aed1fffb-9581-45ff-806a-9b2cc9dcb341} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1280 105d7658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.1.2109933038\743450172" -parentBuildID 20221007134813 -prefsHandle 1556 -prefMapHandle 1552 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {730ed23c-e0e1-4e76-bb67-66c60b399f4e} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1568 ee0b58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1316 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1456 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.2.462956901\662076363" -childID 1 -isForBrowser -prefsHandle 2728 -prefMapHandle 2724 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {384dcb19-4ae6-4e77-b943-8c0a34afa4a2} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 2740 1a965558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2684 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1320,i,2714187721077338656,15025455572886883873,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1312,i,14846536751803569687,2757697320323363202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1312,i,14846536751803569687,2757697320323363202,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1320,i,2714187721077338656,15025455572886883873,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2688 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.3.507420834\256505198" -childID 2 -isForBrowser -prefsHandle 1092 -prefMapHandle 1716 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba3a1946-96f1-44e1-a706-23e053cacc8a} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1332 1cc96058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3316 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.4.1844139408\1668628589" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3644 -prefsLen 26142 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1519910e-1534-41be-bdd1-9b6c0262fc27} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3664 1f0e4b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.5.494682009\902839809" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 26142 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1808d8f0-afd0-4734-9e4e-aef5b83ef822} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3744 19a7cb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.6.739109400\2097427531" -childID 5 -isForBrowser -prefsHandle 3900 -prefMapHandle 3840 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3f94aa-9030-4779-b16b-b3f95a487244} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3888 1f0e2458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1884 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2516 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2780 --field-trial-handle=1356,i,12642638637858590041,11845884295985125421,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.7.339017269\2044359894" -childID 6 -isForBrowser -prefsHandle 3840 -prefMapHandle 4200 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77398267-93c2-4b7f-a514-2d260dd0f84f} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4448 21d1c458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.8.2033466905\1391378105" -childID 7 -isForBrowser -prefsHandle 4480 -prefMapHandle 4484 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38465ebe-89e1-489e-9289-4ba08c1433b8} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4352 21d1d358 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 m.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.14:443 accounts.youtube.com tcp
GB 142.250.178.14:443 accounts.youtube.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 54.148.110.228:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50212 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.14:443 accounts.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 127.0.0.1:50236 tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.14:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.14:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com udp

Files

memory/2088-0-0x00000000003A0000-0x00000000003A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F2CB8E1-C4A2-11EE-8232-4E2C21FEB07B}.dat

MD5 583a8487a7e225512edc5a243b8e2fa3
SHA1 ebfc4611b40aa8641ecf99c59a224c4bc4d56f52
SHA256 7e247f66c6f9315222e577d05130360ae6e82378af66227dcd0e7c423e1afa95
SHA512 b64bd68203fa0fcd22790f247f66b876a827d89beb75958cb3b6775ae49faf26f8524989b0b87c1fec075f5e71de3198d4151cc1aa06e2c4f3362d5d1c0ac384

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F2CDFF1-C4A2-11EE-8232-4E2C21FEB07B}.dat

MD5 9fb4bd1a9c8415943ba9e036a0acd2a3
SHA1 7d60ea5bcd9d747d1c35fcc293869558b835c38e
SHA256 b92838ede37ec447a775efa3b503ab0c76c7a85bdf48899e8da28623db8777c5
SHA512 666b2ed1cc89f4385ebe1c355bd4e5f56f88e086220d5a7403410d5bdc39c9d97cb430d03fbb1d23fb1f9fbf1e19ec27b64fd58a503b4cc9696c6dc15d540cc0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F2CB8E1-C4A2-11EE-8232-4E2C21FEB07B}.dat

MD5 127ac304098f2901830c84dfd34e4b6e
SHA1 878997f0825642b5e5f0e00b210736ecde345345
SHA256 d05afa253bfc8b5aa068bbe3d2c8682ec96bc14fde642469ac681bc59c4663c3
SHA512 88b3cb6d17489448f0670791590614c2c5846e08fb4a2e66233416cda587260295ee3c4ec40d3f762f3f4d26b6ee2ed57cb274874d7e49ba774503551dfdbe0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 b98a60dca9e43b4f27582705436a117b
SHA1 ae55313526e7b18eb8d5a32c43d65833daf3a379
SHA256 63d48e9a8603e9f33257bd35a7c591eeade30a9a9981c2fc8493c688b0f1809f
SHA512 d91a81d38bbee8d949b00b41928307820261dc7b5244b11f86f30a4759896c39794c7e56950b8195db1f33ffd693613a221978469f7b524955227f2837246da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\Local\Temp\CabCCD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4371f9d9e3f8584293588ed42e6b8d3
SHA1 3e30ecfece1998d91a18247fd4f304b3f58cb2e1
SHA256 b5275153543fdb2b6969530bb892e055a3d2e6512ca0304f7340263e628096c4
SHA512 ebacc2fee2bd7d12e436903ab36e65a0ed840c016d44c2a263adb69937922fb18703b7ad84784eed81ebd1431bb1dc4f8fe0a1443150fa4f760ed1eb51518090

C:\Users\Admin\AppData\Local\Temp\TarD3B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dc01a87159fcce10b057e139eb3a5a4
SHA1 7eb839348ac599647def781535ab81a0eb0643cb
SHA256 e0a13eb8255c5e7c5098052ae6130485a1ea254ed2387eafc9dbeb4e65299d4e
SHA512 6b8985681b0e1de771fda8a907432e8743a47488912c4f4423e2f38de7d2bc514de21ed2cc4f11ea91a07b8807fa2b8d36bee2f30f6bc3a51d25fbd701675b0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 702aac01c00f61f0ed31b6562276fbeb
SHA1 1afcad85bcc7d7a0f98264029b83abeb6843bc8b
SHA256 f53ee4837bbb7eb7bd712b19fa4f74ff4d27b9e6eb12a567b5a1a545da335a9a
SHA512 b2b26e43b58fccba0a84b522e84ddce33c419e5cfb50c61304617d14a7feabaa4eeb6e9edb8be09d3233143dd0b8ad0fe993a03fa01b1dcf4e2ad882238c7de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 46eb5ec960e527b7fa9c1a0b177c9edd
SHA1 798dfd1b1c1b4549bd0306c0c738d5012d717128
SHA256 b19f16fbce06b7a878af73dcd7de6ee4f84c8174c0d3166d6c76a25a286b4bc2
SHA512 445d8a3612b7941cb5207ee3b4db98808369c341029baac11d3b1acc5d6d7ca7dae2c248f064448cee1a06de7367254c0f8331ad243ee8f455e0fea9d9a00472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53be49e942b6c5c1424728e4278a6f80
SHA1 8b670f62432d7a6a85f98df7f0b660adafb55558
SHA256 352ee370f9dee8dc0b4a2c10c02e1085019dee7d9a35a9315957a524172d24ac
SHA512 00a86c6d79b6c25c834ea18e2ec929be86d9221366f80ca6b82ba6dc5560bd4432395e6d9efda11e347909d91ba6b5c3c8ffe214f0bbf624a9ec74b8b508d20c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 59fd4000df1ffafae30f4dde4f1af0d5
SHA1 bdf724fc29fd82db4e2ec9da8dc8c85000eaf3ba
SHA256 add70998a60753cb1188921e1505bd6223f59fc98ed93daa8da534c416fb918a
SHA512 18bf07f8d9e84a18cccc382827bf64e3f70ff2cc8071777667a28affc77fedcd86368e9e7b659188b6ced58b8b01902738c73eb57b7a4bdc2828b6ae582e9f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f0e0ff7a16595d20dc837a3dd7033f4
SHA1 2a43e22b8f72c3ae69e0c4893d0535a0cd86afb3
SHA256 4650a45f2f6dfdaa4dfa1053402aa429984f424013af94f9f054e4a759868cbe
SHA512 3d256213af01c06a89f0f6bed6f040d499ed498df7d3a5655949e71366503004dafb8b5ab0cdfed9db730b782cfcf9179ec237f21f230fa333dc1768c3a1f5ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6e794dbb93712d80f6660e2a32c87c45
SHA1 729af88c9eb4adfe31c8a8ac534db52ab31506a1
SHA256 c977c82be794a88b7d63eb2036e39cf3232b496437b3a867a5c1df682093e671
SHA512 724acfd506b3c49c4331b1e15916aee6cb69c620fbf33d6228f4303fea7d9d2e963ebc8a5128adb316c944f646d9c87711ae81cbe8fd4eeb5ec8b0c60ceda894

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb5f40bc9552ce7f7b4c5ec9bf11710a
SHA1 2aad6c3e5fdd4d62c6855fa49a6c2a6c5d0ee1ed
SHA256 ed8313b16cc2ec0c4efbdb1d0c939529b0dfa3bbcea7219cc151e09cebf3decb
SHA512 b9d35b6e72fdeb48ecf27976a239834de6e6c7aea1c0d385326538bc9916f8b18b2e5891cbb2c8c3e0892d94e3ae4d0b2ff2b332d7f9fb2b0b095c8b9b69ec32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c771750c877f3d1276d5272f06f8d90b
SHA1 d111721bd5ede0d6cc66dba75887c0711b7cf7d8
SHA256 defce66502d993464d3aa66e234bc77b74854de2389f31fc6e2d4c3efccf6b23
SHA512 05e7f391bf267b5c522c7e6e173f5ec662ba9aea9bd54260aa8df124a459e8f7c67c496d12800f19d758c63980223188cc17cc9e4eb777a50c56640652e41e31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f16a7e3ff1af923637c0622813ae4201
SHA1 ee47b51e6c7dac9437568949b82cfb2f53b001aa
SHA256 cd97a8ad1d0f11389c631f0d16a74e85ebc79d529a00d7e5065e15478014efc9
SHA512 dabde8b6898a24a29be253dba096d81d56c74b6ac89568212df7d3b008c78ca59997ff84beaa9bc1cd67416fcfc08ae4eeadd709ebeb1a0f2214837636679600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0bb13ed451001b7ce55fda261ce3f09c
SHA1 11479cc07d924f5188f24353561fc84a1218cdc2
SHA256 6c3cdbbd75a8054c702cc45aa337c91dc0ad569f86a100105811509ca37a508c
SHA512 bb1ce43c4b81119f311addab5a13ae3ee049fee1787be24e9ab164da976b33f478fee9c71a5df1046094a86eb90411b0373858a7e39bcb7f6d62def514c52c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61b848180f9b1752b0176f4d8ab4fcd6
SHA1 9f6fa9480b5f0eacf70b8ef1eeb6cf4ab5ee14a2
SHA256 f1df97da5dc6c196f5c48fb2e979d5e429482c0b3ed6fc0a55de3b57cd45d3c9
SHA512 6ce173f7e2e3facf1001e9870c4a2743854c4bd0c05f23cdd9da8e3f6618e7e7dfba22632ed99e14701d77e4074129feb9f98e3fdb60123b5fd27aa12030c917

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4937fe567a14ee32d119464fb10fd6f0
SHA1 f02ed32dc05db4a930ee2c4051e35ea4c15db35f
SHA256 b4a9d717b40894666f1d194c74b0f00d97cce4acad0a86f27a98b30fd006ad2e
SHA512 6066020013489987ef91efc184beaa8c71a0a84d70806ee65ec477363bfb5d87887278a66a2e07cbacf5177397333c05a2d5f4479b1f15b09dd38b1ae0cbaffa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 43a0f8a3766af30342966c35a977747a
SHA1 4a75e422a94f64c1ba4990c01c8fa3b83edc848d
SHA256 f6515eda1f13c27fd2d560e14cd91566ae47731559576f0412c3b127763926e5
SHA512 b6b137784b5e89fbcaa01f5ea490ae25ca99571e0c1bfcd6d61ac8a06e7e6ff8a4e3fdb91ef253d97fdf624e58ededa6b01a95064aa0eece8ddedc4d313385fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7373b6c92c242cc19b0c040f12aac03e
SHA1 ba1546ff0e5ba9a2b0fc4c5107215955e5f3197d
SHA256 abc65c0b03c377da04109f9d2af1d9c3e16970167ecc45a1fc334b9b4edcf66a
SHA512 e6686da1574cfd9e162a8cafc5f8088b830e595e92c217f132f7d52a3b8bd5c8e477bb8c77f44e802f70e28d603faf46733412be61e9d0ee4e231957546d03e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 e59ffffaed50374ef66591f64bce1e31
SHA1 293010c39fc64891de62b101d4debb4a6462678f
SHA256 9a08f8091fa3fa024c7b115d302b62660abd934a6fb761e04cfe734453f15ad8
SHA512 026283b526697965433bdf39863cecb9b60e8dc9c95e073e5650f133fbb36ab2a99ca3f038ca2599fd8e91a6fc495199a6922131a4006dd9d66858b70530fad2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDW53T33\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 a337e68c8aa488fdca1faa4194b1dee1
SHA1 cf3eee4d131828ed49d707c60e2282ce4fdc1364
SHA256 3554dc5117899118b1a5291364294198662a675788be229695cae28303ee09c4
SHA512 8d9a1b5808ea86eefbb32af46de979dcf12175cf5808486d281335beabce356735ab1bb29c78f0a3781b58cc6e25cc4f622d8495ced9f0f73c39bc8d43b9e259

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PO8Z9UUE.txt

MD5 17b67719efaefbab4b940c8fc4aad9bd
SHA1 ce94fe1f3374d432e79d260dab9912e571367f13
SHA256 52bdc50bd416f2e44fb45f93b45664d61069e5ae9203b5fc8da4f480a4aec670
SHA512 3f489e9b2225399573a4cfade3e21bd5c4bd514910e0d697e84c1f795d2a6b2f6a8c1dcff0fdd7a2bb7ef7b906fd6cc201fd59f73ec257324476231c8e6170d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSLF20X3\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 b38aac5bde2f66ab755887cb9bb257a5
SHA1 8d6a2c6c05764db383e15ac4bce2a1234e3bae70
SHA256 3c2509d6bf8445c341c9381a4b0f22b6e1759be6c78e5efd1f936a2288b6e143
SHA512 0edbc146b7112d1671207e73c37a1a092f9ee2f1e675310511dc6fee62d2c40517cfd8faae1d66c12f0df4f83939b0512c77756e280f7e145330d4fc867d72a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 d9006b00e8f5d859cd6b7c6d3b62593b
SHA1 ed8f7e9bd9e2a2c0c7d4d87a4fd30f85751b6d0d
SHA256 9d4304899d0aec101b4534cecc525554f28a9acb781b348e77dec25638e82381
SHA512 2c05b4db30c677500fd618ee13ea27a51fc32479eafc9bd4f1879dff826db5b42c32e8d26c2ef710fcb8e71d82a223c2c09c239e7450ba6ecb87e1b2bcba5bef

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 f1289f672ebd28bf65701603aea6e7fd
SHA1 be5f29124f5b4b0776ee0b052605407299e5cf90
SHA256 dbc96f759110e198b2819b8533e45a569444115a146c9913050587a47028716b
SHA512 ac56c8fd7f1305233836780004ed42212c6a87d4d4948e2a858cd907065a733a6f31770927b71969f2343394da778b4d55b6d22fabc1d2a9b28dc3a2ce902b6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b9652fb15b31b3b5f2ae57f65fe3a3d
SHA1 a606830bcfa2cc3095f50f371e0af4b70491be02
SHA256 9adf81c4e0066eac27c9fc5e2f9b3b0a5bb7f232856bfc9b654025fefabe1d41
SHA512 276c8afbb93742ef2dea63ffce9acfc4627c7159e3d621125fd09a6c7e2e95fbb85a05a35e26524237a55ead99e791dd2627090408f3d92412f54c8116378944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8175686f075221267a08aef56825e26
SHA1 37a3a75493c70cb9adfddad9492f240791b44b55
SHA256 0cbbb9c281168a718aa98fc66355c9b626aa2b3c469658456ccf418ffc059580
SHA512 ee83db2da1f937f7ebecc4365420c39786672b7480d72bdcf7f8c34fa34b428e58454e0788ec337793d94ce8127b78463df6a27f27292e4723363a66d3017fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f8512b0c1d207d40a41caeb06c97d00
SHA1 cf520d97a0a1e143d14db23b032be9447ea817a3
SHA256 be3c65538a028e08142c08aeda6815b25349a1836998490cfb0c062437f27463
SHA512 00bb767716c4bc401d5e5d5f7f216c5d5cf308a14ed887d069a670c531a5daecf29091cf1f0969d69b36680051bc146fd07f2956de2613881fe1eef462c0444e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48dabc460c2f53a2b436e637b029881c
SHA1 32354ec96b85f3c8fd7854d3717b40fe9f982b2a
SHA256 f51e991f3fcccfada12be1c206817da8df938f4e676c11f61980144ae5286aa7
SHA512 02d7561ca294e8272bbc9c933b4b5627a8ce231909f06c98984650a9ef05f6084ebc38ddced3fd0c470f64d2e35d789995cdd223449ae5604629b7e3cd6d5c35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e858d7d55f432588f31a0b072fd52f1
SHA1 6373b45e3114b155728de2549c58611cbfb80260
SHA256 8c5e3135d2e9410ac836120963de0cb8d004f6fb57163cc39ffd4ecf5ffd174e
SHA512 e9876085c8595e94a4d54df2239cacb73e476220d718d1307662d6ee9347415cdbbc9d23e7572797841a84653a94258c9bd7e95c14a14947070bb1fb67aeb46b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac3ebf12956b09e9d085e6f6739939ec
SHA1 1efe5a9b8c25d1e6276af7cec5a08930e24364dd
SHA256 d834676ed39f387ef6b4c3f1a19156798b17f5380e1a9dcfa74c965f23d5cbad
SHA512 daa5a405e125686ef27ca5ed2d63d8c0ec6655a71845be0c874eba9e32bc044da995cd0d87c882593b1a4275894bf9e82aae034cf56a6c58727533f05815f247

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf5d01839c5f52c9e3a399f0b5828805
SHA1 20fe209f7e6f262c2cfb5dadb7e3008241b1d80a
SHA256 7800b594f925183d43208b039cc1c387950d0070ca2f454949439264cd04ad3d
SHA512 02d5fdf79c2308088ce46a073a1ad90feb44cdaed03c3f25dce65468bb9f6337b9a76f684c88146cb1ad952ef10bc5ca6951fee862771d64e21a3eb3e24bb078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c0aabc38fe4177a000546685afc3cd78
SHA1 892af2bbd039ac39792e9ad60f7de2b34eaa235d
SHA256 eaa9a141d6a79a6d0eb59380a8411a0a79e25e34543c3350170e918fbd0ec9d3
SHA512 5ac584254d62a151a4437fbd81460750abbd5b5108517c275eba21e22af7b967dcc78773fb469de028c9a22b2a7018a8a3c43eacf3413a9939ea607c4135ba87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1150b7987e5a29dab1c7e6ac9b58891
SHA1 2440bac70f435c3e3036f981096fdb68a95eda10
SHA256 6a5ea5e11a7277143d6399be58a3d215882de0e1eda55b7f213bac34b34e81a9
SHA512 b85e815869b3a8ec6107781e517a9558744b89ef05c9b0a0677fbd12de4eeb33588ded98bb8d500b64f1486851973f4bfc7bdc63b73f03ff5a863d3daceaf484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3a6859ef71d4f1ee7061336f84eae78
SHA1 26587e12d17fead72d2de69335a2534a1469be8c
SHA256 421d2c1ce84305885f731dde29f4dbef243c5a9db1692244cbfe4cba84d70c32
SHA512 4d9450380b97277eca516052a06ab84bf50187eb902750626ae95fa43ad58be451742e647571af9941e4690b152098db7d3bd42a036b49abcfea32d1dc222fa1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDW53T33\favicon[2].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2088-941-0x00000000003A0000-0x00000000003A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1512_JBLFYVWVSAVKZBTP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9c37194d-4918-4a5e-b92b-324d7e520ba3.tmp

MD5 82dd226b381ba7c20e9f47d0ce25d4da
SHA1 d6432d0f9ac9048d99e8a55e6ab2f887ea0317d5
SHA256 d0b98ccb88e599afe4a602dbce593c87777cf5df85926668ff579dce94f70a41
SHA512 2a8362fc8b1424cc544587b6462e98117002b5864c56884639b01f76a6e2dc7ef138bf9e8c682478a1fbb9019fa477fad9dda63bdd37cc2734c45e6cc8c939fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d34bd719-ae40-43b0-8e02-82a0963dd755.tmp

MD5 bcb8c02156dc97fe98f4bef2320143a2
SHA1 c7a9e56c9f1b64142fa766983086cc3b2627341a
SHA256 80a29398b778caab1217cb8d50c3c85a656b76d0e04ad401e4fbbd5dc981060a
SHA512 1512d56f36c03f635b74954886b8f4915f0616c17d45b781d6892622015745b7881bd6e958a00155afca02b783e488afeb016c8c0b87eca9a822d5d6b68c1758

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\97423f64-056b-40cc-94bc-66ffeda39181

MD5 a259b2c3912d50c31ea5a3d855e971f7
SHA1 d001d186dd2666c7963948074baba29f083603b9
SHA256 1b4d2263e71be88a5a1e0db867d4d2d2b63176c7da79f5efceb1d274b90dbedb
SHA512 1d60489ae411bb246f583592198a3ff8a91f9806758f255cbe6f5ea5be9610867b0290258ef74d19892efbf6b62be56b38630a3004698bca66cf81dd1b30a150

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 78e230681f4d64f95b8ea4afa7a3073e
SHA1 5b14a94263bc4c21876fd9c6f404c829eb8d52f2
SHA256 eb35a75866765c87452eedd68061d2e3ca4e7a4ebf413fc545a8e3e1917b25f9
SHA512 2af27b367db9e62702230e0439cd992a8d6b0301a5beac1cbf09ed61d1de6d93af3dfd73107ab59df02097456b7dc3a9f2a023c19a5602f4b509b7a1c92d5184

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 883eb987fb067e8986999925fa10622a
SHA1 5218c2f4e7d08d08b5eb13cd215694452f829107
SHA256 be4dc260090aad0d7daa30a0cfd5e43b18747ee80a8c08a010ca1b6cdf2ffa48
SHA512 a1cfe83b51b702a708f6de336b2bcb278ddf3deccb11383da1f1b38ce4d011e7f4248b931bca30b40b55a7a4ff0c21885e9521cb119a65b930c5c8eacb869df7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 0308b410a61095a1f0a74c07dfb96233
SHA1 073182231048d64198847218a4e68935b86b1b57
SHA256 91d39db5fa9e8233460a98880813391fa487d8ae187732ada64fb58299f4c326
SHA512 74aab748a25fdb01c3315ff0b546bd9c87e607898ce88408b382c97e8164b99148ee9202826344aeab35ab8807b42dab3b3e5c4791ef32837cfddb6c5f099147

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 01c4191edd3f4031c086a52b8f7376f7
SHA1 8287a8295ff0f7b7047a3f9b2402d7bc4f640239
SHA256 3812f93ae38a214fa24134c725755602038255382adf58c8efad1cabe9f03422
SHA512 69100363c430c123cd31d592d2068ab6d7c39795639b6bef39c427f7563b55e92a5edf960ad99acd4083731b41be003384a8d40b57372fdf370e632ff66c453b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3e896722ba581c5455b184af2654db41
SHA1 fb1e535dcb2a41b61751e5fd75d874d133bf9425
SHA256 658bcae60ca7cb8e381162ac47b556e6161c07c27e61c19b88f99f6f8a7e5e92
SHA512 36b344573592c4da8fa429b1c20ed9da239b5c403d4101e4221c5d1f3f5c7327135d80d14404db0b9222470c0a40cff63b90d3f1b0266e886ea13c31b77678cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 f2c34b6af4b1fa4e7f9b6d5231cfae1f
SHA1 21257ef8bab07bb08feb50710f2ae8c077184c89
SHA256 b54d3f5327b30f192730485a3fdfd251d88bc93bdf60103df6fb7e09fc17ab4a
SHA512 53fcbbb77bbd716dcbdfb8e87e46815c0f44ce6745d9d01b6280cb938a078aee214dfd0cc66d11cb569500e1850817a5399a18786fb287f90c1a1c2a083eab2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 89708d5f77a2d607fd24c12126c8e8e8
SHA1 329dff46bcdf0be7ad9a41245e43ab39ae169965
SHA256 fa7c34ec6d0a4c8b5e9cf5ec97d6ab6eef02dd39f0e0baad372759bb90363628
SHA512 18bf5e023eda250def43d5082cebaec37e0be654112db236b388f9e681e7658eee282e25e7e160e544f4ce48098d6c3682bcc96126f0596cc2a681646dbfb131

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2f70016b9a9b600a3d55d42da54732a0
SHA1 6d0ea9e305af45391b13d0d881afabe20a6d5cd1
SHA256 27b0e6a768d0485e740fa70a35093b7bb9a1d7b3a27518361f92736463b8bee8
SHA512 e549eae14147be443deb09f49bd1073b8d2e5420f81d692763bb4bcb3d355e2fa0111bd15d37f340a4056ffb0a5327c2e3fdc6fd67684e243d7256c2b6132247

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 a96b4f4ce9c9d808881d571735a475dd
SHA1 831b2ff1aecdbb8ded0aef835e4b6e7437b83d22
SHA256 128de0dedc41d890289748cb375de23a9f1f9af3e63b5e3c281d04a725b665ec
SHA512 c67deab771b5601509f998cdb9d11e5a785b34a784e3c583ec0e1a51bbcdb58e5a065083d3d30b82a88391b8d9c8c3cf12572910443a3659388015ad00fe4e31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5111ddfa1e7858b8db542395b713dcac
SHA1 7a5ff59d789b59051b1db2bd7600b728a4c04310
SHA256 8f80adaf19f40382eaf13c79b2a306be0e19d2408af48ab6cafd4a464b1d3121
SHA512 fe97eabef3eab87314255f51ab5b5e338c2809c3d0bc28e9230f9633b0f956c8ef69542b2cd0837faf5fc40c099475516bffdc09e6cf0c6263e07eb2faa172b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 006d6af382a6c4d68c58bebc0e529cae
SHA1 fb1864d3c7edc3cf5ed887573d79418d64eebd60
SHA256 74b564f7a846b88c1057b2818521777fa6b1da93e311ab9a76c130d55614a3be
SHA512 390814be581c50bb118a96f964713ce4c8fe46198023c97ea48ab9ff4a4a7f1d181128bb9754237e02c5f4cf9411d4b2216c992d647b93ded4c7fc06a534245d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85e10b6d51c893c026fd15a495371236
SHA1 35e7c7478dabf8503f233022f4cbeb0ae28e80fc
SHA256 0767e1aa3bf5feeb76b527559b009afbe755592c24a01cdcf003626b58705ff7
SHA512 9f7d97567007a57ed2829000694cf3725ab2d7ba4fc0e62d9b3a8bd5aaf5baaaead46d02004f308540e8748dff69313d548d1bc16aa993c4c0b714f4e8c16a8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a29ab75f01e1b2ee9686b78707be636
SHA1 7c06c940ffc111299253a1756e0989da4faf1016
SHA256 0b506e3575d524d64995e3a4d6467f2566f203a91cea5588c519f0816bf9b1e0
SHA512 95687315e9d99b1c53bfd0f24228790ca583d5cf331ef1490063d5498e9ff47d8f0e1c9db0a097891d0ab8b9c72a04aec69639c758cd111fd0fb2adca95afee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6eade33235832a8a297be9fabdc24e
SHA1 1f1b8c74246bbb49e1c1ddb3d88c92c8129e9f05
SHA256 9aea2740330065b6a3942ba4173cd21a454e671575c3b0f89f29cf6886d411d4
SHA512 410d3eef424b458f23d09627345d665c271b7e87636bbc99b04340d42219a9be9898bb5716975f8dab6896e6dcfab4c48aadad38841e6b34464f0d65ae95f8f1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 068b55c39cfda9a6ae480a007769d6f2
SHA1 89c6702152bf310d545386aec5b63aa1cb471f18
SHA256 8f3a281045a1bea48c937e730a054b3d02fdc26a9d774942c90ebe943e355e5e
SHA512 39dfdc3e0c5578b8842ad25057f744a1e450e965ee899ca54b39e1faeadd33edfa3bbb8825774fe643cd8d58fd0c633178212e16ab1082145898da9b927ff94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d71a19148351b88e8762ea977437fe8
SHA1 86de42f8487bda877166da3f327f32b28202906c
SHA256 aa17481b6374a24230d9262db83ce718ccb9362d91351e84d7c6cf51e49f8483
SHA512 99d001568b9ca3b3f6998f596ee0629e1dfa0e664ab13557a1d8677f156237ce145109f3479ec21c7628f7f0ab1f87857d4bfde10823b0874315f2df540d54d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 992f2afb2055796b5f74898e8e714113
SHA1 004120041cee891e426863e172450a1eb7775bdf
SHA256 f1bcc46e5a9a755761f6791dd7b9bd28f497fab6740a9287b1bbc5a745603c9e
SHA512 900e02293c02afe73d941f8ac0a258bb2b5651d93c6caed7c203610e1474ee609009de1cc8360496b197eb427c9d7839c9b6bf700e08a43360209e2f00c852db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3107d8df-04ed-48c6-a8bd-76a5dd54d94d.tmp

MD5 49032b12d2b5520f4a4df0062acd2dca
SHA1 faa829f9bab6b3edbd1d52a48cb2b72742f83048
SHA256 37587cdf6c0f2f1533027f50763a6084404374c4a04d56c2433b38285f776b37
SHA512 3f4520aa544f5d499ab8980e88efa9233b39c76c88447d02b30a447b1c4aa509d9993b7f55c690fff231d8dae50dc19bf74b27ec23ed1965a1de308c23b1a2f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 487abe650bed2cfc11902b859d95c2ae
SHA1 4b806da1fda6d08a643e494e692d56a923c214ca
SHA256 4b74e1aeb7b10429198fd49a903e9b99e9ae749e45bed503edf236f98cba0c8c
SHA512 0e60345c52b2688ac709d4ade0d9cd3aa7594449b9ebdbe739386af18174a938420b8cc565b1721b26cb919689eed74833194ed39c3c16dc167d4cdba1898592

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 2ec330f53dab5adacdbfbed65f7ca742
SHA1 a51dc2c8f4437bab18694a92911f0f850848be84
SHA256 f254072957435db114932a0750f4adcfc2f2dcdadd1f645be765fb5c6beeab54
SHA512 368c53690d9a11b6c2339bbd91c7acae7d77c82350c9730f3d148b0f58539c971f98a4a7b7ef73a7e60deb61bf0754bfe67f683a8cf50856a90731510de10870

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 15d43980f2377cff28aa906ce52c3167
SHA1 1ec01b7b41a672bed48aff8e4a7933fc12d27fcc
SHA256 95becb92cd9a06678aa00bb9a593d264cf6ecb37fdd629b63eb77b2bc0851696
SHA512 b86f7ae55c9f0d96ba54153aba5f299d4e7b2151ab6e1fffcbb0f381deac41fc779ea6a9d4aa84f5cd6084eb8815bd6303df9950ac581f1714d74c6d4af23d56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 341d7acc3ea2ffaea8e5a94d965c0c68
SHA1 067b986b267bc94b5e60ead64cadc50b00e37edd
SHA256 77021f704c5550627b3848a1b47e12e71d317aafbd5ea0c1053e388f8d9c342e
SHA512 1b9c3ca403cde2702c850b386ca9c35dcf72f657ac88d3f3c96ce35a57e56e04055d2fd4cc5cb57c7c2576121fc18bcab0a27b5c1a8a4dc31a581904079625b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a065530e1eb0d1a2b57b8b790ab3c253
SHA1 728380c9c8d8b486224f8cc9c42b18cfeb016233
SHA256 7067073d094d22e292703e4093c5f40925591ff0a5d8a660950cb83ad1c6c027
SHA512 adf796124629f8e87ed1a1265c61198a7aef5bd0a145834c77f54310abfe25d8ee96c59923c3dae4917928cb8c26e3b79581c35f7112de7bce48ad8b1c81d59e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da7e95c12644dee0cf0139fe9d680565
SHA1 7aec132040be5c27b152151aec7debedd7ffe3c0
SHA256 46468022d9d7c53599d642402b30dbdd5ec53a1cbc186a117b7ccd80c6a43e50
SHA512 3f44d51450f6754e3312d417850d9ba191c8aa8ceae87698d5d181735577f79e240aea9abd08c21186799c9bf26e488712a23164f6d9055fbddb6825298bef69

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 03:47

Reported

2024-02-06 03:50

Platform

win10v2004-20231215-en

Max time kernel

152s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133516648848527211" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{9854C6CD-2BF8-4443-A182-A29F6827EFF8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\servicing\TrustedInstaller.exe N/A
N/A N/A C:\Windows\servicing\TrustedInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3904 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1596 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1596 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4612 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4612 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3904 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 788 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 788 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 564 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 564 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4224 wrote to memory of 1368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 1368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3904 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3904 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4540 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4540 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3904 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3904 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 3964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 3964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3904 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3904 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 4516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3904 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3904 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3904 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3904 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe

"C:\Users\Admin\AppData\Local\Temp\6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe84689758,0x7ffe84689768,0x7ffe84689778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe84689758,0x7ffe84689768,0x7ffe84689778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe84689758,0x7ffe84689768,0x7ffe84689778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17428852672885566420,4061021824533205341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17428852672885566420,4061021824533205341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14765945916218681155,495408551278378733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.0.858106794\655536636" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1716 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaf3da44-653a-4ae0-afe0-f70b35056823} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 1896 139557d4e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14765945916218681155,495408551278378733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9763150789735962899,14387410596233318085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5811487026261472353,2589226237077294628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5811487026261472353,2589226237077294628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7743141383549567581,13971195157990361789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.1.1119456611\1043254692" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f80fbfb6-f333-4942-8ca0-be20ed792601} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 2372 13955703858 socket

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.2.1183241347\679273214" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3240 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eabdc14b-1fff-4739-9a0b-2c8e42f835fd} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 3096 13959a54358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.3.1203763616\449695999" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3380 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70962fd4-44de-4652-9f9f-9760e3bb6194} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 3480 1395a489758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.4.1095253802\73497064" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3652 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0996dbe-98ef-4cc7-9232-b8e671006995} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 3640 1395a48b558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,1224533293866269663,8438331425909244519,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,1224533293866269663,8438331425909244519,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3892 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4180 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.5.1871304345\1820114654" -childID 4 -isForBrowser -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 21943 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2948d197-074b-4935-ad64-fef9d93c8633} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 4756 1395820e658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5000 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1988,i,2278010397989530288,6915089836687400991,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1988,i,2278010397989530288,6915089836687400991,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4272 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:8

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.6.1580015622\304148209" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5036 -prefsLen 22208 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa6f19c-ef99-418a-9499-7d3421bcbe29} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 4996 13958c05c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.7.2146077205\1899127778" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4112 -prefsLen 22208 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db475d06-0a0a-4456-b4ce-5bed1ea7045b} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 5016 13958c04158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4516.8.2134504732\1499423563" -childID 7 -isForBrowser -prefsHandle 5000 -prefMapHandle 5056 -prefsLen 22208 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed2f8cd-bbf5-45d8-a930-9a8aac00b2f5} 4516 "\\.\pipe\gecko-crash-server-pipe.4516" 3600 13958c05958 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1260595932282079034,8430325393693363728,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=1888,i,11361556256819188933,6690919651304361659,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.14:443 accounts.youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:60001 tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:52733 tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b810b01c5f47e2b44bbdd46d6b9571de
SHA1 8e3d866cf56193ca92a9b74d1c0e4520b5a74fdc
SHA256 d1100cf9e4db12cc60cce6e0e2e3d9697e762c219f6068eb55a1390777bf4b45
SHA512 6bbf900b2f7614dd17aa6d5febe3ad1100851e2309ba2cd5219c5aa5af7bf830eec2cc88071d37987aa7e3f527b8df5b2d85e8b21b18fcb071baaab1a2eadae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8ae25b226e0662d256cdb32f2777f840
SHA1 39594f82a6dd98b6e4a341648cd56e9efc6aa16e
SHA256 935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207
SHA512 e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_4932_QHGKLVHOYEZWYJRG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b369b9d82077b703738e59ca380f07d3
SHA1 1cc39fa2d4f37e8256855548d390ca607cc7e4bc
SHA256 73c2cb5d27ada0ad0a00a010838543086e74b66e85f77c6bc083c0637b2c6f8e
SHA512 a943046569ece8c410726c0e6d80234e6043feaf96b4982c9063a67afee272825e6cf6e586da2451419923de45c296e6ed82b535db81e28f5da1d3865b14bb25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4995cf4005d9b7852d422495efd98e44
SHA1 37cf8c12a3e5c7b9b90cf1d4d3d1c59304b94f2e
SHA256 facb77115fb37e7585f4d0834c7f3241ab3377fb71cf3374ac23d4d3d643e499
SHA512 9c8710215e837fa8ae2db7a28562989d4586e2678524ce98004790cfb67279810be75fe662e94cdd955a37222879e2fee3375f518fc03bb673d2e155afae5b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a18f22b30d2ba8385822cd620b5e8f06
SHA1 fa416769544aeaee1f08507d2c2f21efdab5e7fc
SHA256 452a76582d8f6c3af792a4f5d8fb0bbff278d70759e4f7c5ae14733fab2b2fa2
SHA512 ba50655636c7467fee8232873b75573a3ccac3db154af0428f611a824cd55403ed59d24781888a9104d7819cdcbd6ae2abcbb8e004a41133247392cc331a91d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6e4d1f2b9a85135438f8f0cf810fbeb
SHA1 a8af99fb40a86cd8263d22d2e822b8a626344c51
SHA256 6c5ddfb64becc454ec4583e4c3df741831878d39cc3cca8e5348e240c9acbc5d
SHA512 33af89d9420273e098de382586accc451a23da6e8dfc065f063761c04535beb948a8703cf3d7f6222d72cecc1e13a83dd82c5505c1967bd8cba2bbbe54eb89f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc403b8f5ece83a5cd1145f140a2bc01
SHA1 2f4c7b7511f93549bfb1b693236a416ed9ab3586
SHA256 7d727597b429874d21267f2fa0b36b3b208ab9836303734fc13c284db4ab5ec7
SHA512 a9e9be48c012437e12d2555a96e81270f07ff2ce63fa1f57a99052235e0cb97a192410edff5fd7fa2ec8f6424a2b21c46eae46b09e6777552275de1e680900c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ae77e9e5edec16784ef24d2664bc439
SHA1 bd5d2cecf138a62932d03d395a96dcfac4c06b21
SHA256 c2fdb2ea41e31d70217aae4c07f29d2ca2517f5910c3b23e17d279062eaf4a03
SHA512 5d2cbc8cc85b9c74795df5e9214f4bed03e6dfd504c98938940f9feadf1f42b88252a936ebef15409396f600ddb9f114aa7a23557c0b1f99a1eb01430984668c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 32285f43af25cf830ab6440997697e09
SHA1 7efbb132a52d29f46877487f4dd576ace33711b4
SHA256 540030c006ecd189f2853246fb959691cc6d3df5c4634689d07e5df6a6c97f56
SHA512 7bee6e1d00e16821e52f3d85af8bd3f6fc39a92563329ee56e64953fd94696d5931f26948dbea99161a0a3a2f0c080750eed86e7a6f7b84fac06c0494cac675f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a06e899237bf9292e03de94fefe4773e
SHA1 f793257884bd77d0c4d153e88d378a3c2b66470a
SHA256 7f8c9a9bdeb714d3e31d6560cba79ad81ccd1c7e649588115e3d133075510e98
SHA512 68abeba900333c17ad2b3568d5307aaf529d5c2088fbc660fa8f7c626b8f358e6d4b453f4437aff9fb698a6cdb43d0a76f036705603267720029aba3323c3cae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 18d053a05c0105b546762771a922201f
SHA1 509a86bf14bbc95f71d79740d6a27fbd99ee086a
SHA256 8fa8cbc4dac652ae03c8bef35a4f1060bc93f73aef11d2fe566436f7b8ea3fb1
SHA512 2514b17b2fc8113bd54e0a03830d55ef97dd6dea1f5909f637049510931a2130f2c3b53cb6759ebeb997e56294fe0303168054ca6162225cae43aaa2edd1990a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9a84cc6693744baeaa077fcc39f9900e
SHA1 56557adacb07fd7fa7a22bf4cfc1469c9f525392
SHA256 8f4cf8869d5528dab634797d19e488fb74b25c059b8b02798b868338e41d65ce
SHA512 64c50aaf58781666b2f72dd147a91a1f9de99e3ccdfeccc10d33bce69ce25d4c226582d786eecfd66d3864934d90a3bbcf258ada7331a8ed1930fed3b116bcd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a9d467dcc644ca70e03653883f6fcaa5
SHA1 77e1c7951a2f71a1945dc58d76f9c88329829dc2
SHA256 7ec21175b5b62f03402f18399fa4419d78a047873a2a3c89cb6b2a6de743facd
SHA512 a684dc6515b920a3ea2fee84269c67b7626938847c0c77fee3f143e5ba4f49daa9eaac0995ecd8a5d02853615d1da939d28e078131be1f6951a9f69ff833fa70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 bdc089a0dacb6b8be42a02059cffcd49
SHA1 7254523265787e1b15f0a639bf876f405e60d6ec
SHA256 5ccf8c403a088bb56e5875315e4c28ddd441b4efca98f385394c0c2e9b09f66d
SHA512 9ec4382a2706971cf14892e708aafa6cbb4b31eaeb9c6ee2946c6cb85eb2518a45901c4c43d92791c3e2f4bd46a8449ea1140428c032462c949511c866dfe58b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

MD5 875e1475e59b47a9af218dd7eafbd30e
SHA1 7dac1faff3a0a70e2a77bd5f6498632c1a48646c
SHA256 6c5f0d8d0434d58362eb08095af02b878d550d2addbf97ece102b1db34a093bf
SHA512 98fc58f5563eebf63e056c4f9566374c583c2e7fb7b0422858c7304244963970077b0fc6fd19ec225870d6f7d19d59681ff8c230063ba319b3ea4ed3d04ba30a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 032e01aa8988e9dadadf88667463b3bd
SHA1 1d4964bb0e686260631bc42ed758267838e39ab7
SHA256 a1e0e1ffed126f4fdf1a8c6f2a6ff3930faa7a575f8cc1e59a81621503654d4c
SHA512 d417039c7299db304da10f7a33b3e5526cdf555dbf99a142bda6a613752b6e6a5c63469c9f275ce946822f1d881452b5d2977576a6663a5c68773f712a65fb90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 121510c1483c9de9fdb590c20526ec0a
SHA1 96443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256 cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512 b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e87f3b356bb827bc6aaac071beb93ba
SHA1 a397cd190a61a79d5dda67e8d96ca46dd91c921e
SHA256 6188b7fb82d9a6f5a981713f7e80e7b1dd278fd9e903a9081cc8928c89f203dd
SHA512 b49d33335a121a9c93b0731cebf6af80b85cc21dbebb4eda1d05e2127729000e284319f75e423cedcfd535723af9a309af1cf07627fb0f4a5c1d1241d721a9f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65e06a26ad309d26e4b14005d4a6efae
SHA1 5d48c53d67a4e7eb7fd4dcccf6be31c64623c19e
SHA256 cf1cda87e0af6472c5de29f9248e6c2aceb51e1478443b3d69d7f8067bffba6e
SHA512 d9d2aa7c09fb98b889dd4cca325041bcc43f9f3ec4f5b4f1cf32a1cc13b44a84b7df679a7caedbf4298d3ca658d4863bf5014cf8ce98e2beacbb043fd5117f96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e6e5ff7a3e6790a0f9cf41cf0f6de8a
SHA1 4a5edc2aa594e0ae28ca120d1a8cc04a3dc44a64
SHA256 5ac6a7e895a509b82b7ec2f9907d22203232bf54ab76ea23345d26a208eb9cd2
SHA512 38da8356352fc57c2c2ac429932a0760753025ee52be4b6dac33ab5ca6a09c9eadf7d8aff3d427acb7458153a71284e3756c6fe2f966d9cacf4e5bc1d88aa3a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 63fa228cec68545c79f3c71c56e4812c
SHA1 b802d4c3aa65aa5d8832daa69c5bae55cae88867
SHA256 5aa951cef8240a05803fd1334fac3818a9c1b6076f34f1a476213299ed2bb5dc
SHA512 87dd25fe76ab1c6931e355ae48cada5a9f0e3c849ae094701cfc879d409b4955830acc5a636353e5ad3a6b636784d938d038420653060a056a12532c9ffb0f2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 6686240bc8fde45cce7a08351901aa87
SHA1 9a77b17cd17da5bfefa44813944c2f83a0be7fe4
SHA256 5e03df5cf23f281e1468adbd4f7c6fecde0aa49aa091dff502c502259f08804e
SHA512 54d778639e5cac66fc9c6cc47198afef9ddb12052620ee35116c7e84131e10da986f45188db5ab384eb038d27d45ac7986ceb5a45f5683145b79c0f6d92c14e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d486cfc32c059fc585d5b4e06905d4f
SHA1 ca10f66e17baa6fc273cbacbf2d79a0344c27fb8
SHA256 b5a6a2be821ac38faecde57a337b4d5d1914baad0e65e7f963bd32f02997786f
SHA512 f0376be89c04a4ded4d68cdd1662ab753322fb8259bfccb22f95ccbc9000b3a389e825a14b1451b18c223ba941bc448b309db54169d686f9ae962e2d1850faae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0c02d995f160897339b4d3413f94b30
SHA1 e1ccb6b736359736f0b47d031e209faeb7d25bb2
SHA256 ae4d0d23f508ff890d0c6d06d724b695d1af92b715903e1d216c48972f58b320
SHA512 6c2b5bd7751ebaf4c76b732c4ab450757e68612137d308965aa7f4fd57d74979e4e05973034beecbdd6201edc5cd27f6b27aaa6f178588cf20ced8c82fda38b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 0f25e9ae7693dcac68f70df214f0b832
SHA1 9948336ae2575e5017a88dd366b124338bfa38dc
SHA256 a3e80d6724cad3988c3a7af5a2dbf6a2987aa2ff12acd23502e22d0b537fb448
SHA512 099f2f3d1f77654a1943d6b4b5eb2178f7db9eec968806789aecebf889b608feb20d1cd27dc9743bb9daabf8433c89bb7a1d0d1e43d286b46e381a05958ef3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 9afae28cf1e88d8cb631c0423d3e586f
SHA1 65a394596387cee5a488dd70f7adbbd9518e98d7
SHA256 c487dbabc79628bb38bd3cb9b466ad36e0bb0b8018de709c67aa3c79eab0b00d
SHA512 836e499d429d9f2a8e3847721aef5d1061446a2cce2651914bc87bb90d616e0eca6435144c304e779de9ca0460aba97b908fcd93e69e51bf43c7c84632e3f164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 2b6e1187601828b99dc29a13ef9aac46
SHA1 41cb7fab48a7901c5fb387d686c00cad1bc2dae0
SHA256 3ff5d2e14cfc576d42ac99508b4e1831334338b901c37c3c6a0fcd2637501f9e
SHA512 76f5c1c1899f394691775da933e376cbbfa90c7c08c0e62357b5308d14c11abfecb58f1e51841675f0200ccb711e6ce3ccd370b3e24f4a085856e6160ee4f8d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 39869871b8a9f83cffe029d1469eeede
SHA1 9fa00a0333576bee8af01705a46980422847c934
SHA256 022b7d94b142d31414e79d3be5445c5d857a1c13412221f0cccdb5567caef9ed
SHA512 c3c88fb3dc4b5ab2fbb7b7a385a59bc8610a5f1f4487cec61386fcba2cc91ae94a93461e4f7c91951b9bf213c2b31c05f5e69b76e8a058492a9942837f182232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70215b415c4ff77dc35f2a9e076d5e90
SHA1 e04ec96536538a2616bb2098ead6c84e6c6c2e75
SHA256 c3f267dc11f62fb1af7e450c37c922d18bf2b939423d7ebe18bca8a43bd1d128
SHA512 92a45848e2c159748f102543b28c5f707192e93aeffee42bff01221fc329a869743e07b402e2ffb404dbc8ceec47b8909e4a616583dc3ca89b3d45dcbdb6d314

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f8bee70d67b865e05a48d059b16521f
SHA1 b4bf587ad837329a00877dcef2342df1735c57d9
SHA256 0d5e168555d0a1c8b778763993cf98547990e2dfcfdac76a7a6ee55bb5c82cb4
SHA512 e6c5f49d96f55f57cca8f71606b743adcbb55a7f34696846fbc8df4c9573b75aea95377d09f75f338d7ed36674ca477241be6eb0001e8b72048620e79d125215

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be4a.TMP

MD5 15bdb012e2cc75943d8c38250a7e17d0
SHA1 05a36136ab4aa0f9fa1f11ad5745db3eb2e65319
SHA256 38161a498f1de0c54cc85d12259dd154543eeb3b28315105c27a9943d4c67586
SHA512 86af45050717825968b7c67c3e8880aed08011b0160de966f2457e748f566f54259ab5dce8d818466a00bb8c0d8a76f4309f6d7c449421af7c379601c1522a7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee52139c93a08aa22550d28963151e5e
SHA1 360ffafa59c39be0b31364ea46bab3a92171fad7
SHA256 15128a3a463012e81595e09ce56aa5b152bea34d2636d99928b514f01310dd0d
SHA512 57aee3c1130cc062c397126b7a2ae7a1e08f4af8ffb04d45eaa974cba25e29b40d8104b06da327921bf05b0b6060fa9b8cde5f3b7d282db229af10467e924bdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 793988adbf16dd20cf312c379816431a
SHA1 6f02b1d4dc59a9b55651a649462a10011f4d801c
SHA256 53e387787d602e94456980df458743e33fd5000476e00a641f56caa2eb087626
SHA512 bdac805b7d99a3c88490512c19b3e5a33c0eb15159f60ee2be46e728050ceebb10b69aa39ba3b468632248eeefc81ba0906480eb96f6350bd7a607447df008e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 6b17976c012bc2ca303c5d5dbda9989e
SHA1 2fd8da614da7adf64f51ed26aa60894bbf556c4a
SHA256 f29a362cc2471b3e9fd34533ee0141cf99df5f4c107bf767d31e52fd4590d33d
SHA512 b3085d4dbc7104216de418516145665b30c266e56b18e2092d6e7b8c671a140684e8c406bd217b30f3b084fbaa14f243e3d8f698839c1340d4eb8681ace7074c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 09767280c6be3cc0d640642a9f57c02f
SHA1 dc745b23570a9712a60402d65ebda5a3abf78d5f
SHA256 48340432df3c3b62dbd1696fea8cf2eeae72e83db7a714442789533bd1860913
SHA512 31992846615c665a5a3d16d3b7a829cbb61fa60e8d5503d5617d65755c80e1e8ade32068d810636484d949bf2a51a7a0d78e0ce8daff8d11a290ba01e87dee5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 6a2d775d769277612a796454b727f404
SHA1 3180d339a289687eee1feca7e6cb6a08abb48340
SHA256 5dbdf64dab17a3b54845fb68a6246bd9b5f412eb4dc836156ee68799de06e77c
SHA512 a29d2b2cd0cf7f7bd92fe9e0f812e0f6ec83a5a295afd5e8dffbf3d0734f7befe02e1c80dcdd28ea7812bf274fda6ee580e2dea5f90f74996a6fba1269738a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 a10ee24a1ae7802b3f2663f8832206e3
SHA1 33c313822b61aed7fdc216a61551f1a0511e5428
SHA256 2fd85b4910fefdfd20958ae40bb95b27e97c18d22baf6e1a9d5cf4eda6c2cd74
SHA512 0eeaa72caae875888ab71e30529091df4de86ccc1ce0ac3160e3a7624a5ab643b5cec27f1f120d1c7c9c4fff7b097eb93fc1807eaaa0a2159d74cb410d8e4f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 9dc4649fa16988ec78278b9c920f1755
SHA1 39deaa15c46963f39f7495fc3071b8fe73aeac0b
SHA256 7b8f0c37f1c3a657d5aef5d898406bdc1abb324e93dde0a60864f63f298df48d
SHA512 f387f1a16c1c3299c5e7d55897ffd561d55203477a72df2251cd8f7ddd7b5180337f6f34ff7d8d208e7cba0f22a414c72f5e3cf04ce1accd39cb80e2cb2854c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 73bbdb434d459bbad95a4299f0638a1f
SHA1 3f170e9cfa16c4c7588d909f0b589cf4ff819787
SHA256 3c0ff265488c0d3334db3b0308dcb948c543d6b687bb08b4150e441a07b08e0f
SHA512 6c8cc52afe154daf64b9df3915a4a68ca2bb400bdd6ee5ce550649fd893f9ff8fac053ba0714b6babea9f384c168cc41a6575eaa714e41568a0f74c9e169f7a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 5a5c67772d44eca9ecb08e0ead7570af
SHA1 93ffda7f3ac636f88f7a453ba8c536fafc2d858b
SHA256 eef62541016d82bd804928b0fe0123d9ddbc20c2f4c0198ce98ae3adbf9a9c7a
SHA512 14a649db943dc9a756e24a043c5a946ab0dda3cdecbffa090bb71996ca3a35ad674052895a496195799def768ea318ec4ce8b97e4f2350106c84a6c4f50affb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 3fa057a53f831ad6f787c01bdde50221
SHA1 a1fcdbaedf935bca14b366514cf7fee3e3f175a2
SHA256 efef42a7e15c6cdba8a3e03452281dbe161deb054dc90858abd0e54cc18c34b3
SHA512 6b2620574a789ad95a4e63ecdf3f76d84fd153cb664b8ac844054531b408d2d96785738efd74c1d761d5c10ced1be9ea4e9c1d019f18e2d991dcd54095cba635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 62ce5e754fa31ce29c260476ef7ac977
SHA1 ac1f81f1e37c0347bb9bda350427911c87132efd
SHA256 087773b73f5bf76fc4b4b6294f9ef7cbbe78f503580a4e8c58b53cf770ee0bf1
SHA512 47307b45d41589b39a23e9732e29b9810909b3edd56230afe48d451009a23c5f5b1bcf369df5588739acd303eacfedf83be8056b8f44dc3559aa3da92ad0be3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 dd5a72e9dbf061181916221786baffba
SHA1 8bdb0f974e3c0be5b48b86372b789e64dc39ab8b
SHA256 d2023b1931081aa85fb81b0d6c8d463d42630a3c71c3a15891cad374d30d0b6a
SHA512 ed5071ade26dcfd9a8dd37432367d81c1170739cf8028d241e40e657b95af17852b518aa214e544af08c48f32cdc1e52fcbfae777f8e4610c15172060835c84c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 f552667b3c3398fc7d4bf2e5c09f0054
SHA1 7e1332e8633f8d01e188be2ec37fa4877b61c82d
SHA256 c413aa191536619c117fbcb518dc6ec2969a6294c702758d8c5f5eb052cdf5eb
SHA512 49cd0b3b326de01b6b5e981ab7eca0d97e08df7186c2047d048f84d82282773c1a248c637c1a39becf99a02edc1ff26b7d44be7960ca270d1caea6ca1dbb243d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 af1a6635af0143507791a5825842ee5b
SHA1 5f35b36ad4dcb73658c08d912d07f803ad04f975
SHA256 fdec3353a47c2a508976ff3076b3b63512050565f241f01dca18975eeb7475b8
SHA512 7f9bb2064e70486165e23d6833f9e94f5c0f89d0c738ac9b6e62185491f09cad2a1fd7eefdeca77786f777e4893b69f0f4c11b56acaafd09be0a8b0c72ebdaf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 8d857d4f4ec82a998fb460c7db6fa3db
SHA1 e95ebe68c85c2a63985e7e87476375b0827292e7
SHA256 b0cd02b34e8eea42cf44d15d7024b495440b62cb3d79282e01d4b2eca8bcc4a3
SHA512 e1921f2e1a68d686c8dceffa8e49e5625914fccd4e5c33d308e22743a111a165dbe33870000e276e3a4014ec36774a64372b8925215450c7411d78ec1eadc9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 a181868bbaabb08c6ddd19c99f18249e
SHA1 af2295f5c1031f7c63c052e94a7f58f85e528648
SHA256 232344db94b0b69f0af6ca74b3f533050af946411dbebb1ce3ad37766a65dfe7
SHA512 dc955dca9f3e10ea3ed97abbc98a1993f490ec6b09a75760143db4bc727524a46a0184e3307872216cf3c072384423f4f5779a709331e92dcba88e5443811325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 9301f37b626106a4aa736464b59c27b4
SHA1 afb984ca62b766e0ef01828e28aca626ed35fbdf
SHA256 b8857d6289bbc55987e0c7b7618518a5168b2428f42dcf22c5b37f25a6fd0f08
SHA512 2f0151678be23532d90500fe941e9886b1b0fad708fdf4234c047faf502aabef53e3bc6cdbaaa57799d272e7285ad5fe0105e1aa3d10d93e78ce3e3040cda756

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 6c87cfc1613de14cbde615938ed45c2f
SHA1 b65e947b09a311e0e42526a364858d118526450b
SHA256 77e6e27632cd989103638689fead8a4e48d6a17659bf5fa0e2167e8e11ee750e
SHA512 4c20d4c7783e5388c46fb7d61d59623628b2361c6c08a03b6923ee51dfbb2f7dd14ad0b6f9aa6887e42154b6783ffff5d3d084c02e5ddcfa144a10f5dfe3f768

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a6fae764fa08f7b4fcbae8a75af5448
SHA1 ac6c751eff034aa9be5514c741a3dfa1745da5a4
SHA256 a9aeef79a31ecaa760cb97c29ab388b36cb27569073b7269f2f5bd318e996b49
SHA512 6762923e34ead7ff54623b6830f8df88300a5fdfba3a221bce74537393a730425dc7ebb2aacc29ba6bfc64679f06a3e4181fc4a0c4561012fb21ab29d6f6410b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87bc1c9fea8abe7cf06bb98f3a5fc158
SHA1 6f48ed33f4c1b77b1ff7b7d0d67041fc2ffdd09c
SHA256 a54a3842898b9171b533f6e4c0f37493a446b2fb00bd2b99547e7195f9d7fa2f
SHA512 ce3a65618d1c705676ab4fb6e61d6a40bbe6abd1a2b22bceaafbe242f5bc435d3830cadcbc90d36576ac96f878fb9445336b30a0c9c7c9431dec475307df34b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 c24509b5c94bbc7938d432e43df80930
SHA1 7e3393ecf872fd9de12bcf982793e77f8014048a
SHA256 7e3e1f385dd12010d4ab92f2178202bccee67b0f1b598bc009cda801bc6b8a7e
SHA512 a6fa8443dd66f7fc89b50768e0811a73b3810bb92ddc5eadd077cb91a96e774df1e5eec33ba92fe559d6d2c91b32be986113386879d282f60cfcd5faa038c8a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67bc4050268155e75606f4e9cd107475
SHA1 eccd77590993933201f1aab20bb85639e6129e69
SHA256 678b651b1380bf620e15ab71ddd2d7f586ba773f8a79ecefda9bbc9b3c87b476
SHA512 92f7bb3b2a7d52f5ad336749d4ce47ae35b11d9e0218cbc80a6002634ffccbb61117d8229dbbc95018513d616c023389eb4006e0c56eb68b12b529226d0ffc81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 9f38f529d1f8c99908d1af906af082ca
SHA1 242d6a411b91a868f7dab4f8ea8b11c116104c07
SHA256 61ecc9000f3715df298747cd4e729b18676ee07bd44c573bfc1b92151f70b6fc
SHA512 782c8b1bbe572de566f0a3ee96a624e43809c08f544e17931f2daf90792913d2781fadedd1689a8298a89ac72120e14ea6c0d8f605d4f09cc65ff58b676c4c01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c030544c835db197d14a464559d92276
SHA1 c3fd5399f623db69122a47af1201c6b6a631cb78
SHA256 037f7783b25450280186c59f70a7d457dbaf1483d9a67604c1d1057360d311e0
SHA512 0cc0cb4ee06381b034d191fa4d462d08784602ee018a03c6627b16dc48e7ecf1227822b109665cd515e26df1133d51b27c99aa73f5d92f2e7af4f922a1a724bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72b06fdf11dd4f1a241dccf4ecfa2322
SHA1 c2da2212ef9e2482ccdad143f777e1a786012811
SHA256 135aada9d5c9d91c4006ac75ee7b920886c3fb37fdeab48376beca721ed61588
SHA512 e454a8e56f840954f8e4a575f737567e010e3448509af0f24d8a5e8177222fc8f0bb6d65c7131a8c513aa2085105bd308f233a75ba01cb88bf3ae013382dfd43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 417b59a60d13b108baa7dd76903dea4d
SHA1 54597031408f257ab556fa0e64dad35707f2fb6d
SHA256 10aa9fce98f5543f124d3337477fb248314fb8c6700f2cb9294bc0e45beb3fda
SHA512 b2aeb2405ad80211ccb5fc50918105bca6138622810ce614c713b004b78754f4fbf69fd7d1c0ca011b2b843d06a7beef6cf0db10c4aae447cada43eca01157bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20779be8437d54f61f01c16c22f2910f
SHA1 54b79900c7aa94e41676ba2e70e833bf8592e049
SHA256 f23921e6e88ce428a96d7476087a6856b458a49a960757e581c5a2c330f388dd
SHA512 88de6181bf4dd5dfcfc35a5d37cfa5a1a6d42e9d5c575b1cb4df915641e9140418f1553c4f5ce0a05c0217a777a7c1e30f21f1c523b495d3a63156294226a537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2a7bb03738112062770c9c074de9e144
SHA1 754e2830d651b368fc1146266db1f5d7036d78ff
SHA256 0ee85984eb2b2f5b5be8c1ae675347caba8397cf528be1ff8c412694d2d73fa6
SHA512 e86cca90ad1bee9d9cdb40fd1d5bac8ffe2f94d7aca4ce52933ba4ebc7ca450ed212a5553d3ef1e1c2777e4a5ece47650877091e6e6bcbeff03e34d5a0fbe610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ddb0502e961e566da60426d4c30e5712
SHA1 0b3293d43fdf67f91a7cf5e1f9746b24a80fe66c
SHA256 12ededee9b5c3ddd8a4c264154e7ec7bc9a9b7a3c309c7672c08010c6d6bd660
SHA512 a411ea3a96215ded1f416e9140f48a8abf1b9312a8f5350d3b061ea8fdc5143efa31f94f9b617567cab65af0f0bcd5e64434a77ba6053e6b59d03a534dc42eaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a64389505a83776c14a77abc8fade00
SHA1 2c7675ae03d19469ae4cdb7a113d4a41125e75a6
SHA256 dbf20ac93e8f6852af4ed512ff6e6e99541fe264c0478cfc1ae47b8558dfc37d
SHA512 e8d0fc07f4e7fbb4944ca62fd378df6b5f6f161c03a09aaf30fd5408e7bb52e1647f38fa9ac8e270c59f08dcac538185640eef519a863b7bcb2ccedfa6cb21fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2c1c18d9195e082865145e07e9bd595b
SHA1 171871e285288697429f64c47292bd4c05db7d89
SHA256 29b444efd564385ae7f3fca858dfb2fede24f9298dfe2d51f583af23cf59732b
SHA512 8bb3870f4c6548cc09bf6c0556b4e2e9e6ec2d0389fefde7dec133be43613e0630fd0fd7c6324d9128b9c30739084574d623abf71c5002f5f8ea91f04c21e2d9