Malware Analysis Report

2024-11-16 15:51

Sample ID 240207-jjn98sega5
Target 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
SHA256 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965

Threat Level: Known bad

The file 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 07:42

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 07:42

Reported

2024-02-07 07:47

Platform

win10-20231215-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133517655442479373" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f14331379959da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 008eaf93cb59da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413453832" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3c7537499959da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 4352 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 2760 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 5460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4692 wrote to memory of 5460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 220 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 5584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 5584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5652 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5652 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5572 wrote to memory of 5648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5572 wrote to memory of 5648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5652 wrote to memory of 5684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5652 wrote to memory of 5684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5776 wrote to memory of 5912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5776 wrote to memory of 5912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5776 wrote to memory of 5912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5776 wrote to memory of 5912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe0259778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe0259778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x68,0xd4,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe0259778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.0.858492660\1310056818" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecaec785-3694-4522-9253-746d0f708ee2} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 1784 205881d4158 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.1.641517231\1766563721" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07599225-1c9c-4b64-8d0b-c33f4f20ecad} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2164 20588105c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.2.966105571\861911500" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2924 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5c4160-36fc-40ef-b9f4-037706cf1626} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2932 2058815ae58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1384 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3776 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1640 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1772,i,5131391783067312469,12239671036486042357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1772,i,5131391783067312469,12239671036486042357,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1836,i,1212625836051295505,17893299221643810506,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1836,i,1212625836051295505,17893299221643810506,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.3.784685649\896035228" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26044 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f4c1fd-ea78-4a28-a0a6-403f5320ab74} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 3628 2058a7b5f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4572 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4776 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.5.1061245995\590148502" -childID 4 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cc70d1c-5b1b-4e2e-8225-d4802c6614f6} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4908 2058e41a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.4.1621701193\31998953" -childID 3 -isForBrowser -prefsHandle 4576 -prefMapHandle 4592 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d03595-bf9d-419b-8c2f-fed7e3d0c554} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4672 2058e260558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.6.2144003625\717522049" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c565c4a-e372-430a-9905-28a80440617c} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4808 2058e41b758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3e0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.7.175016802\174942012" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5364 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd4d717-3e63-4b66-9979-0812551de859} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5420 2058ebecb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.8.507439062\359773167" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ad63cd-959e-4961-8921-8ebc03147ec6} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5560 2058ebee958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.9.1871330474\932939849" -parentBuildID 20221007134813 -prefsHandle 4872 -prefMapHandle 1464 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad60f027-5a5b-4e83-b2e8-31d4227741ba} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5728 205892dab58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.10.1212531939\762036233" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5888 -prefMapHandle 4872 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ba7d73-6bda-44a1-98c6-904c3254a1c3} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5992 2058c23ce58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.11.1137907100\475909226" -childID 8 -isForBrowser -prefsHandle 6340 -prefMapHandle 6332 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a3f9350-4011-4ab1-9f03-597060f8b2ab} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 6352 2058ebdf758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4024 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr3---sn-q4fl6nsk.googlevideo.com udp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 200.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 172.217.16.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:51069 tcp
N/A 127.0.0.1:51079 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.164:443 www.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.238:443 youtube.com udp
US 8.8.8.8:53 107.116.69.13.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 e2c57.gcp.gvt2.com udp
IT 35.219.224.178:443 e2c57.gcp.gvt2.com tcp
IT 35.219.224.178:443 e2c57.gcp.gvt2.com tcp
US 8.8.8.8:53 178.224.219.35.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.16.238:443 youtube.com udp
GB 172.217.16.238:443 youtube.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
GB 172.217.16.238:443 youtube.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
NL 172.217.218.94:443 beacons2.gvt2.com tcp
NL 172.217.218.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.218.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/3616-0-0x000001B183A20000-0x000001B183A30000-memory.dmp

memory/3616-16-0x000001B183E00000-0x000001B183E10000-memory.dmp

memory/3616-35-0x000001B180FD0000-0x000001B180FD2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 f7437a210debdb5bbac17b0dd4c32f8f
SHA1 cd6e7b9ffa60b5f1f569856129c3fe9c17e55a5f
SHA256 1a93176edabc94daf8093d13a466659a88f82c9e491255218fc29110f29da4c9
SHA512 133c68b9acda8ce0c478609e52e99c2a11eb7aed774fb97e741d8f5e92b8ba6a599491619d9344b137468719cdec8d9be0924ee4c3f307cb7f038ef51b4ebd9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QA584VGM.cookie

MD5 24c35d84308321ebc6297ac98644521e
SHA1 da7a22f87b8ba8624ed4ff9b4bfdba91213a2262
SHA256 444512eafdb55b14098ff3b560ca82f0708f24f96ad1293729ca469c041862d3
SHA512 594937a63a137790e25f55a67b43596f70f906cc1feb29d87b660b31a13588789cfc612c4e2fda2460ca80cb7d129ea88634f250e07017503e450a5c6cc44f82

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FKO99HIE.cookie

MD5 c277dd93cc53cd5c695728414c4d2bd8
SHA1 6ab30631c3c66298aef8741f689cf08aa0a24820
SHA256 5102ed99e3857c2804af7fd5c769265ea7e962a94e7b05b2d7841567d059c020
SHA512 4ac30dc870e9f88d859dda00140e55cfbe344576b7811a911c4a1fc4498bdfd8495154f04fe7b64ba5a8940a15e2380907b8992a50a593baefb17ec15f37ed17

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4b3fd048839d31c5ab63ff0f3b234ce7
SHA1 bc0f28fd682d50e692bd162dd11564d6c0874b75
SHA256 23cbf9b2172dbd1fc4ad26093ea988f1f363ffb9977c8d0ddf375341dae10607
SHA512 d9b03f5a87b7333b21778dc6471a2defd3283817d99693b8a79dfee927d5c4a14e64baa08831f12ce5f958432930e07745c309d89265b445deac9a9b96eeb0ac

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7f4af2405aff3d0a84677da6112fd6e1
SHA1 7bd089299f58130df6a005086beae1b3c9226504
SHA256 ffbfebf9fa8d2dd3623557f872d0879054e1cfc733c562b15805aeee1cbc45b2
SHA512 6dec95444331c43ad02ba64bc3e3aae12c3e72929b65a41955bbce973597e13c01cb6f063a45f29e598740d901190e7bc5f8d832ac0c3f1bf00185e1428c7b1f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8266c5eaf0ffcef0bf05302c7e99f727
SHA1 567eccfc87b43a4e495f2afb908e96f1856daef3
SHA256 62d07870a1c9320221afd406bd9acee64533ea1d5cd996c1a186dd57d70835a9
SHA512 ad78a75d0da051c78ced6e9cfc74a979cef7683925139d4ca41bdd48fdf5408cea1a5ad5ca291bd44fc7ad0eb07e61ad6ff1b2a7b573699e4dd0861e05591fa1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5V1DYD2L.cookie

MD5 f69dbbeb22661349e337c8d45ad59878
SHA1 360ddfe17366589856c14de9b3f8737e38a4a7ec
SHA256 8be1413e4a2624b91b4a1971320f3b61fb48b574e01ba3a51ad0b95a3692ce77
SHA512 186a0b14e47ca5c9d91f483463f142a8a2f785881a4e0ad5257dbb0e3a4d6556b54ab4e5d8e35c79bac1028d69ee9bbba00f704747f1004f4466cf185fa45f48

memory/4136-146-0x00000169711A0000-0x00000169711C0000-memory.dmp

memory/4136-160-0x0000016970D20000-0x0000016970D40000-memory.dmp

memory/4352-188-0x000001924B7F0000-0x000001924B810000-memory.dmp

memory/2016-210-0x00000204DB410000-0x00000204DB430000-memory.dmp

memory/2016-211-0x00000204CA810000-0x00000204CA910000-memory.dmp

memory/4352-223-0x000001924BDF0000-0x000001924BDF2000-memory.dmp

memory/4352-228-0x000001924C170000-0x000001924C172000-memory.dmp

memory/4352-234-0x000001924C1B0000-0x000001924C1B2000-memory.dmp

memory/4352-238-0x000001924B860000-0x000001924B862000-memory.dmp

memory/4352-247-0x000001924C1C0000-0x000001924C1C2000-memory.dmp

memory/4352-258-0x000001924C1E0000-0x000001924C1E2000-memory.dmp

memory/4352-262-0x000001924D4A0000-0x000001924D4A2000-memory.dmp

memory/4352-264-0x000001924D950000-0x000001924DA50000-memory.dmp

memory/4352-267-0x000001924C8C0000-0x000001924C8C2000-memory.dmp

memory/4352-266-0x000001924C7B0000-0x000001924C8B0000-memory.dmp

memory/4352-276-0x000001924C940000-0x000001924C942000-memory.dmp

memory/3616-380-0x000001B18ADB0000-0x000001B18ADB1000-memory.dmp

memory/3616-376-0x000001B18A5F0000-0x000001B18A5F1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\62Y1JICA\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/4352-426-0x0000019250600000-0x0000019250620000-memory.dmp

memory/4352-424-0x00000192505E0000-0x0000019250600000-memory.dmp

memory/4352-422-0x0000019250240000-0x0000019250260000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5GMM1TGX.cookie

MD5 2cdfcc2396743a20d8aec8847b4ca40d
SHA1 85697b2ed61373f6e2a5736554f3c5f6118d442c
SHA256 3164b7e385874769bdd059c87d3ecbf6d2a18095b20cea1fbeadf1f763c6f2af
SHA512 1d9a54891e87d50995e92f1e1a1b09f026181e2634945cefb5971eaa980b81e7bd49a605bfc7283c05450f8b29b0c5d141f4e6963e01652b48914c37a5d3e50b

memory/2016-507-0x00000205DC590000-0x00000205DC592000-memory.dmp

memory/2016-517-0x00000205DC630000-0x00000205DC632000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 a89819593d326e7891db3102487f18ba
SHA1 e8972c883c57976a6a6e676a08b488abae9c82a7
SHA256 07f033948e887c74df5ee50ae72c287706f58e17a5b9e62635c2d3bac3f02558
SHA512 642c680c0813b4760442e504a8ffcc4bbec65c9ec22608f608992c6393fae3525c00709e83de135511f14709ee51ac82c662cd1b26a5f45f9f2b14ba2590fcd3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b3bcb4ed194fba8a86fe60ccf54ebd21
SHA1 2fd66c0b7a373082b8250eb95c9ecc9b178137de
SHA256 32340f4bb3aefdbf65086a2375a4b8072900a2ee1e1e75c166d0549904ac7926
SHA512 22e4929a4cd171ea5c8a52d5460a34ec919f90706892a0d3c849a9a5f66848b6ff9b3fd47ce7a03404e9b8728f93ac66081e73f229281dd560cead4471ae406e

memory/2016-525-0x00000205DC680000-0x00000205DC682000-memory.dmp

memory/4352-545-0x000001924EB00000-0x000001924EC00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 e7632ffc136c2c9a3e20819ab325d8a7
SHA1 3deeaca414d6ac0a9e3825d391dfb6e3d4525393
SHA256 1225eac2e767f642b0b23909bfca6073f08cc3e7ddbaaab2797382153d7da852
SHA512 d63b606a7ea02670cdede526768929b80fe2eb580ff1d43acd09a3c7bb1b5ff9d06ccdc31a6a61ea218aeccb8bb8d78fc8d0211b1e1e182c2055acd245496cee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 15534e6c26531125fbbde99f9d5342b1
SHA1 2db92cffcce72149a61453ff815c92b98cbc0102
SHA256 2f0f536dcef7f2507e43cf26828ab9652d45fb9e36109cf0cef4e364e40e2386
SHA512 5bf014dd701a3bdd5c963ec24ba97147dad14ebfec7b2b917ff5f8cf5e151a659c0acb83ebe85df207db4fc3e6b915b9c0d1bdc438d4b8192cf8b85180a0f32d

memory/2760-649-0x0000022A52340000-0x0000022A52360000-memory.dmp

memory/2760-716-0x0000022A53B00000-0x0000022A53C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O2BGM5OG\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\myvf7we\imagestore.dat

MD5 fa9aa894eb3e884d3b881d3f6f001300
SHA1 5ca46f8f12d9bdb93b00366c9e27738d94293b7a
SHA256 9ac784a14b5a2cbf7e31a06a3be3af83edbadc6d8b3e5d3b889fbfd96bc4469c
SHA512 1d00f434c053462fccb8c38cddc25124208124ae79fa47ad52d8453513e4d325689799b49db5670475d51ad55169043def25a3b3771919fa2b640570229f0bc4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a2a4d4115f197a39fa1f8fb7b45ca3a9
SHA1 6c2ae448e5b0db9e97240186b9521959c01f8ebf
SHA256 af2ed48dcf4d5792a88cd6c0db0a5b98c12fe5d987e7a5a76c241dd02ca57ee0
SHA512 99e70c3e0e9580e811b36d469498f2f99a04ecab3cbb88ea7a7c53f77133e8ee4a3197f071cf4493e25d03c51cc54b4919870ee56c07d3c61f182adfc97164a4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 67b37708cff6a59a21fae36f1220aa3f
SHA1 e50a26dc9e7823e71cabdcab6626912c6dfb334b
SHA256 e3292c3506942be5ae2b53e6d125b55cab1895dbd5d389e65043cea48ce2cbfd
SHA512 fe74fff66281d5d170ddfb9cbcb4a84a3865370862f7fbd47240c3b8b01dd8f55cd030358404371c3ad1021789d3845e6a11fc775ed6db745ac57dd3ac74775f

memory/4352-755-0x00000192513E0000-0x00000192514E0000-memory.dmp

memory/4352-759-0x00000192512E0000-0x00000192513E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\61P8Z86D\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HKH786RB.cookie

MD5 76f4f111b6fb6272a74b9d562c21e211
SHA1 a7bfd8cac174ebecfbac1e34527ceaabac2efd06
SHA256 a15a26c3e6df8bb09412ac738c8ee57cfb5dd2920cb5229a60f51de68f7e192c
SHA512 aa1a53aa03b811473c641be6d922ad6d8f03d5b0aabebf377881005c91532af187a3adc4b8efda9d1c5cf3866381899a02f6792da901e376117e8402adf22d9f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\www-tampering[1].js

MD5 e2b71f92d13ffb96c2387e583ecf4f53
SHA1 08d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA256 41f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA512 2720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\rs=AGKMywH2YAHM2iqmI0S6UdPnCB9iMNecGA[1].css

MD5 756fe1fa95222b26371c4d69a3362f3d
SHA1 05c3b69150f7e17a8e4108a469094622f1f247cb
SHA256 766d6c4283600c0041e860dc8a6111f8aca17243d0004dcbdfa93da8b2a225fb
SHA512 fdfeba8a28eff12d7c68b70d4a9bc9956356aa03582a340eedd4840343a1faafbe20d4afefb742ec781cce0843fa89760347c831a9b17b979795ca538ddaa03d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\desktop_polymer[1].js

MD5 a2d372e7cb360decaed29b014273537c
SHA1 0cb75642b63a53e5479c46e5ad9bd5992c851b9e
SHA256 3002109998019510d652e79932ffc45fd66a847352a08467cb28eafcd483bcda
SHA512 257423af2adbe9af33bef18ce9fb997646366297ab4b9ea31f953b5db42539b6bb1eec854f3a7a5d9f2f22edac6443c126803a0a8de200d304e4cca92b09d30e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 39001fef747f060729a064073820fa85
SHA1 69b527f3f75e02823d8d26c656b948aee5e24878
SHA256 0293c9178ff646e2bc0923f6e3fd7f91001ebccf7dbb593d05ce6f1315f92fb9
SHA512 c6ec2967f065db03870a2a06759896bcaaa5b3961861be0e91cf672b1d26d5c9cc184f3cfa4a9d75ba30f27f4d0ca5ac603fb78bffecf6d3f1edee29dce4badf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 8538b416501aa5179aca045c4603af11
SHA1 ba4f41ac842cbe8df729a5f29d95b75281cfd2dd
SHA256 77a3df03dd86fea2e58773c405255f8b9958e14341f2c61036bcc90873c37b5a
SHA512 0180ed8ffcadce11e6947b71a18a5ce5aa5cdc24951f53e15875466802351467d1abc72ae5cebbc4a7349a310e07c99030b20dbe47950d2cb32bb74bc078ee68

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A7LBWGDD.cookie

MD5 191fc7056c728662e9f3b931ce622762
SHA1 9a4fc2263b4665cd4eef9adf3f4842000238dede
SHA256 cc37cc48539c5c788bf35e30b6aee3dc938f4c429c210eed946753a258517fdf
SHA512 bbc2251a4c61ac4efaec188e679419481ec2b8265f15895a6de5ca373d1ea89ea460af3b1b72d1f4c529c657e6d70c625122e63f9e05469d70f200671a70a011

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 93e4fbe63a4869fbbee38926269d504d
SHA1 ea8fcaf353b2a31a608dcbf0dcc43f5ac19a383b
SHA256 e314bf24b0e2efe84515fbef64f19a59b9a8f08bb1d1b28c5d7c02f9702c38cd
SHA512 2e8f8b376baf538b2c5f808fa6719f0a6d1e803664ba040fc86d4dbe21e5cba2d71983ea9e65f75bcb33ac0f68f32ef8ae171b64d4457b7a0e9f4ec70263523e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5652_WCKIGUJDZVSLHEPV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\db\data.safe.bin

MD5 24775acfbfdeabfe3016c76dc66e91bc
SHA1 2beb190126de3223530d31359c413361b989a7dd
SHA256 968406b9884921f23e8ead144931290b73f9a50bb520a89d2d8fe12937be439c
SHA512 d0b22be9f49d066051db8200b44a426e7953b32e6beb87ebd446d1b940f110e22c2928bd45f68d839a5a30eac17e885dfdf032fc26fa95a8d3fd676bab7db662

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5207dfb348b48ab6767992d5c283d583
SHA1 57e1531aeafb5a61c42efedb3a4f75277ec3d206
SHA256 ebd771ca08e48a125502137d497ecdb62702318cc9de68c06c0c097a9f08bf8b
SHA512 966db44246f1d559c1f5164c006e67e0a347eaa427101cef68d750a3671f738cb52ded5134e2b1a2a15e45c3ec92d6e89c6bb21a2a8fc48bab85c65f7dc7c054

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c159a349-4790-4dab-ac0f-164b48dd36e4.tmp

MD5 2dc474630cf0f53f40bf00f3124aa37a
SHA1 ea70ad6ab93fffdf481d4499e2860c597090affa
SHA256 19d79b5a4fcf2271ab68e07baea550777378b07d73b02b8f2844e999d868c994
SHA512 75d50fe68871782178c981846b97c26a89cee9bef38b4356b98e058160c4b9f37c2196231b0fbca33a8b3643ce38dcf1590ce94c132bcf851f3973e7f27e7c94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\758c0f00-1e42-40ef-b04c-ddb236296af7

MD5 d76a169d6d96b662548debba398d7770
SHA1 121d6f523e2f96d88c6fb9c494f268dfa8372fa1
SHA256 4d7583f4562e79ba62ff77add8118c826c8f039723ea12194e7f0431dfc4e78b
SHA512 32a82488c64eacb74de404ec63c5032962de3406e983e62df8e3c57866468b77c62335f568987a902b693b69183e7c97a62389b759e56032099651ac5cd7662c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\93b98d7a-f18e-4acf-8520-2e09a0f2d4db

MD5 a79ab3aabe2f15f74aa14069f9096bca
SHA1 10a041afa33cbcf9d503814edd3ed11e0b93e638
SHA256 73ab482209be9946be916e03f76cdf45cc7e0971797404c187325f9ceb40c35f
SHA512 7867e1283d187c94d8314553c2370dc6a860f7b2ac05f3c0e7aeeb9ba7c6e995f96eba8f8db44e0561b8a4a9345b2898dcd0222ff2492e95ef458e2dc0acd850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 c9a994ef58c295f0a0212db61068f308
SHA1 b98d4a1e9d33c4983ef93dab598e924f95ed7468
SHA256 45f886cf68ff0c9883ec72bb42991db874d48fffdaf100e26d821fa9e92bbba3
SHA512 e1f07b532a4cef206a27cfebd712d85ccb2ed47c49b6174466f129857e29f5d54796091e94dca417aacdf9fb9758e1d36cfb7d357ac00bdd1619e0e0fe8112ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

MD5 846521436f8e50f77a42e334a093ece4
SHA1 1ff4e5f6191f0f19645f13c2a97712a2e8704587
SHA256 790c93d53815c64fb09b9dc6a3782ed9c22c433c109bda07eab443c01df01173
SHA512 4f5615fbafbec28da0c6b10beb7637df0d1b288a2c7380ddf0831a26118d7fe4d5a817effcf42309ffe96dfede8c314727f8782f1a5f3ef403a1b6ad67a0de12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

MD5 a93eb2d96ebfed15aba50970819eb9e9
SHA1 b2829f980e013001bd07fdaae2fc0aac653b1aed
SHA256 08fdaa9f009b9919804dc0170ca4ea2e366ec8258938e4c22f1dba777adbb6f3
SHA512 d96c76655685cd01aebd7340fa15616282b5ac4db68c4a5e6881599b953504c8c7e8da250af70de55ee04c0488e6fe88f5739e75b0f745b487f4f429d5692172

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b916db9c15a9fa0670e57dbc56473028
SHA1 c49e2ad31882ddd3e6f8fd456191e0a96b240aa6
SHA256 c3ef98ec4661d7e87d49d9f0032f540c29f3cdad1ba9578266b1f0ab8d01d80f
SHA512 bd5c57be1312afa3388b5eaaab758e640baaf83ad044a96cf0a89a8778ab2a1e771d0edae05b4e529b236e1f92a23a6b4e8b98b78bae1fccfd485749d442282d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580143.TMP

MD5 a3c977181cb056ccd42d7e5d7c707ce0
SHA1 d425aba9c52b4ab96ed48b24b099af808188840d
SHA256 8b1e748f006171afe504a3687023806969f466b7555214ce79687eea810acef1
SHA512 11031f175210b4a5467d259ae8a00a2760232e1fb0552fe0da53d638130ab093288e13dbc304b19c7d1ce86dca9f71db4e20941ecfafd5c292f6848c1a814f26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 97fe34cb1b0c937af9566c0d95c86983
SHA1 d0c3c73413feb3da4ede72d263071ee2d94f692c
SHA256 f81b1f244dc4f63bb1252c40935b32712a5971df4ca3d8f353a8eadb71053165
SHA512 554b02fc30d805a4f40776074059d13c05e7b7ad737d64becd798d4262dab437daa5812ffc221c762ce4a07c1372c4538933bf029a29113311bc8b317dfff693

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e21921d2de6e6b999cb7903b865ed702
SHA1 8955b7beae225f3bac33e21e59b82636aa7cd1a4
SHA256 36dfcb78b05a25fcc17c723e1213f1eec624fb525618949a2f039fa370c4c1f9
SHA512 6ffbe9ecad7b089c8b8de2f1d3ea3261579c1a553bcbf3d8113d65a4d43b79cbed360e2d4751d8a6db9a205261dff9e86b4c061c331e430d72d768be85881f0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 7d2b53d16a81c4086b9a44eb0818546d
SHA1 322ba04b7e6a90a6465ba3898773acb69cc649b6
SHA256 9f9957ebfd559915b70ce63b7ce0b5b850e6bbe62b248e7ae6b098afcce98488
SHA512 4cfdb3e4369608df6ea920abfc9bf6f42c8d01bb08ecb55455262a418dce64bd28575e4f4363f3d3114b5f6185d36978767ef75eb51859f8dccd051560f9ee5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 64dc6bf837315a45892972d5647a7311
SHA1 8a534c1b01aaeb5d61b62bb2e4004d3d1fd82806
SHA256 38acf0a95dc22d1ada52e6526f5e7989747930bdc321076e88c681b30746660c
SHA512 2a24bbb9d03578bc37a4eed64a2a6e035d0e0bb28c691511d039e242cb40eb2cb8293e9746f14141a6f21c011e4f1ec2bf70a72f8d01cdf234b577064bb98642

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 33c75310ef142a3b29072652b1a97a9a
SHA1 b1c89f62454d85a452928dfabd5be4be0cc90d7f
SHA256 094dc4ef3040a32ddeaf1a2ee10bc09dca43f13fc383b21b2882f4698fecce95
SHA512 7d70c9e96635db47f7ffce90de82d5ef63fa0ccf916659a24ac3e2b58d66ed7c0bf9107237bf1cfb63ae0e444317b94ebb57eac487081aa6e36bb3f1da049b84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 383c6de87b1a49aad7a195d02ba555cc
SHA1 51e2beb10930a2f211229ac07f57b32011758b65
SHA256 0ea99016ca2a820f9d338213d33bde4376b1f3b88d49a9d33bd27ae6b63a2a8e
SHA512 09f4f0f25fa1508fb865824c367e8e4f2ba54572160f1ad8b2370c294918fab1bcfb34f08467564d939722681578f13d020dffc1d86c367f5e50ab5725b6625c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91cd1b9178e69bf5e158465928c38b64
SHA1 15ae2e4d7a18a2b5ef69443325ed5cc7915c7a28
SHA256 bef59fcc7cc092364ba64da14ac62d8d493c0983be2285ae278e758308617a36
SHA512 ee88d2514424615eae556ba551339b7778bd50e0e12ef4a8ffdc479a360b72007aad4e900b6794e5435f8d5548f3fbc19f8b9a66c133f3246f70e7804b29b9c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 3fa057a53f831ad6f787c01bdde50221
SHA1 a1fcdbaedf935bca14b366514cf7fee3e3f175a2
SHA256 efef42a7e15c6cdba8a3e03452281dbe161deb054dc90858abd0e54cc18c34b3
SHA512 6b2620574a789ad95a4e63ecdf3f76d84fd153cb664b8ac844054531b408d2d96785738efd74c1d761d5c10ced1be9ea4e9c1d019f18e2d991dcd54095cba635

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 e1cef60dbd744768d0bb35b469ae17b7
SHA1 f58108a5719f8dd7b6459290f4ec156f4841f4b1
SHA256 b061a2596b234a39e34d8c82da304accadb9dc31c113a54b747fa85ad44ff004
SHA512 8bad36275c1881eaff3842d10808bf909a9c702a2c234aee5e4b484945dc3523947584722ae2e45c28f6bd1e7f0dd5b114bebdb099d1f76bf28519215dbef12f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6OMHFB77\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 00af9586e0d13048da88abcfcc3091a3
SHA1 2f1b98e532a7fdea1aae9f015409fa4a62cca4c4
SHA256 babbb0340a5978b0c9688f083c8761a887a111183789d1104baf5792d42b655c
SHA512 a746f301782237b0632e816088ffcca9ee4525c42d57aeeca5124f43ced64d35766c5cd160a78b0070298ca7056622c7b6e7fd2a6f0456cacf8c866218bc0bb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\236\{0c7bf986-0b88-47e2-a5fa-4dabd50818ec}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5b25e087da9eb1bcc1e4646d074dffe
SHA1 bd70ae17af0b846ffd916835bd47a7d1778728ee
SHA256 acb733b578034493bc0fb19329c111dc6a9cfc32cff80bf623cbd5454d901a60
SHA512 5e155f38450d452fb16ff5575ba7fdf1baf8d303f32a8698273950667c91d98a1ad9d009ed100412ad6fad36640e25ae3d650b6c75772e359f18252673fbb957

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\idb\786246857yCt7-%iCt7-%rbe1sep9o.sqlite

MD5 cf0dd162d071e5eaef2345d1ad99e1a1
SHA1 1babb8424a511f9d6d0713467c60d4276888da1a
SHA256 b9e6296d6f4cfe67f75568ca058a3ae7e40d3e4674004863b4409c26294c1e88
SHA512 3c5964da08782dfa2a19edce9a63f5de62a74602e94990d9bcc29c3fd0fedd75e07597012fdb12b4cdb20263b7c635537fe33724112684b08dc3ce8c4f0163b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 624187d4b13b38b25ee52a2d7acb1f0b
SHA1 861e1ea9adf9e4c85b9a7d3c35d035573daf0dfd
SHA256 609329aa5ea4d3f4e8561e933d9fecbbf3a94c687a1b31bbc9394d307d8303a3
SHA512 9e25360bf7c0da5aff1e2b56d3debc41e10bcd86f25ad0d7b9aa4f434e8b048829b5cc2e259ee51d97f2a17e1e9ea1e414522cfd9b3659ed5e43a7b6a58a17ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585290.TMP

MD5 0812a0cd9b1d327b35c9f7df64508d6d
SHA1 346bc5a4da930335c481b2bc83d93901e8119d66
SHA256 2c6b026ecd452b1af9d6bf70b23f7bcc06a3d9c5803be737d19a312abdad6b92
SHA512 4938a026dabd1becf8b6ba3aacaac9bee4e7fe4ce5f5b6971cce20352a4ab4fde4a402cd933e4c3cd2497daac75cbd4cd1be9849c64d764ad9b5b9a67d004641

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

MD5 29787a8434a73db0d1f176645c63ae2c
SHA1 38e85445f86b553a629ee357e940df467b322932
SHA256 de3b81425847ec9911765a792e62306d8eb80644dc8fa60982460a9bb4d91d84
SHA512 4ffb4be8ac03eea7f19c6a91785aab06954c1fbade08f4397a1e1ec89f0a0732209d3da73fd74bfafac7dd5972bb17c6c84706d6d9452db3d6463cd6304ab462

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13bfddb150ce5fbd11b393fe7d042329
SHA1 dcf4fac4a3d0568e04931fd0e6ec692cce69e8df
SHA256 2fe44b110eea25624938a038be119e19e21738636d8777a97bd95d15d5f1c378
SHA512 92864f61029ac176a41282c5b8abc4a1d3807a5fb03d17642d03d0b35adb5003fd0e452c907227a272e6134f09e845af007e18279449ef92b2de457dd5266761

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index~RFe587cad.TMP

MD5 44230a7fdf37f52dbff2ca87035e448f
SHA1 25f4b9d3b73f5d4c9f44e52c5be8f38c7140e27d
SHA256 d2f7b9dbb2a9cee23e574a8dfb90fc5dd600b9eee529a9f4f74c7b0c3cb479d5
SHA512 2ee20a520fa5ee790724693339d99fda72863a366eee439bb7c25eb280fc36471c062798eaf2440d90de5bb5b6e5c8f179c6eefc72277637e0f0b1d48339499d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index

MD5 81df5e367a46f1fa175cd0dbc281f520
SHA1 79117a7eea6dba23dd4c813716ffd14b5412a5f7
SHA256 878357c9049475e9f7400b8bfbe8a1a6329a749aa13c5d3b7e81002afe806f22
SHA512 325ebd6fc9e4aa9893eb29746c2842c1a033faef8737dee3d05f85c6ce64a327e41bafff701aa1645b7b6b9e609016a52ddc26117ea36ec69865df35da6567e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9255e5051bae55927276af3aba21cabd
SHA1 502d46ba53e067c6f584f09cbe27460189aa5efe
SHA256 54da3680067e8fe12baa41f250d479fae5f5c75963ad0e0ed20ab048da185776
SHA512 0097b61b073682b806ffeae67c57ba743bae3c1f55736df068a33488f87dfa77fbff979281081c0e0bc9d0341f9684202b85c65dcb28f9910ab93c915f187b04

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

MD5 3b296769c1fe72dd8a320b550f847acf
SHA1 9c74aa72b988f8b5af5ba07fa185f61b4baf1b4a
SHA256 fbcfd2749b9fafb9c1fab2926e7d6cf0dcae0ef1ff411e404177fa1bd8ad8795
SHA512 dcba9b8602e40d664cc5d6b09eb0d8bb99eb3461ea14baa67e57a8c57c88b04aa0855cd3aa793f31b0a57aea2a4bcaccb6d22e6902b40653d8b9991dc5813e84

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VCHQP890\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 afdf8c1034f89276fe9202523f565ef2
SHA1 d736a53e22cd9dbf26c07b68aca76d473c3cc74e
SHA256 7c40ecf4b688b1649a16d24055c71cb1f8611da5ad272aeaa396ee2c91867d90
SHA512 056ca3579b2c4d5261136285bd1a9a4a3a13db5b94fa10617bce03f0bfa21124408ba7d5108b32b2baeba861707596d0bba2ab8694dcb2dace2e63696ea89a02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 dfd39d9844289af83fcc322bf25a8ba9
SHA1 ec9b494a88e5af853e7ff209191774ca33e1b477
SHA256 be3289ed5183aec3822480b01c11a4281b24c623189f86654839c8233dea6d35
SHA512 1a15d2af3bfbe71424ffb449aad9d80097f3bf78ede6746bd48e185ba9e50a2b7ebea36a67c39a80d198f2ba39f0d142379ba5ba8e4af8b537e8cfd696ed0dba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\47\{ff96b5c9-f100-4e63-873c-52bcf931442f}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{fb44c63f-ad59-458d-bbca-142b5d726b30}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{f70749f2-aea1-4aad-a2b7-46243aceb29f}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3cfd3acd0049da4973a5e4181c0df397
SHA1 d8befc13d450ff0cc57c3d74e301eecc953251b3
SHA256 42e8e4a9fc5a68125d1a3d6c842bb5ea6a441649f81210ecdad93588bf3f8b9d
SHA512 7f2de007f0d67b9de70d54c4b863fdc324960e3c0da33bd1b24647fcaa8acb0d5f5518a33946bae917ec2d4c05089041cdfbde8ec399ad7dbc70fc956c9783f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 547890aac56011686c1991044a8c8683
SHA1 f1b5de6e884f5b232005afdfdcc2a54512997bdd
SHA256 8331095e370446b6b5b29a678490897b381b8db901387cc5f228541d01c30e4a
SHA512 184516e8b88dcb2f40cb50029dc76d6e2f96878dbdda595506ce2a01cdd19b75dab45a21254eae7a19287b12fe0206121950479bbe5763e756075ac7f2799bfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f202f40d1c31a64bf998adf32f484ee0
SHA1 6cc24c145b7576a6ae4745df19c74d223d59f1c3
SHA256 200b3d01e8f94e70a1995fd8dc6f3d3f8c44bdbb89e5056ee989b232d9feee0b
SHA512 7040493c54645a1d22e59838ec30c0a0267b05cacdf95e3410e89b353b6ec93cd10ad1b58f7bf4941e0605dd18f67cd40edf671d3b6412717be185b085ca66ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c58530433c9ec56fa049867c710f098
SHA1 3e09eb800614c8b59451e54385e15c43cefd7bae
SHA256 bebb18e3149a0c5a5d1621b33f042e349cec846c12dce3d4cbe743875c19303c
SHA512 a3398c5730f493d715bfc351de325c169a2e411f7fe2f2e082df59509ce9f679cde8eebd064bebe57102f6b75d909879eee2388a3c39e9a8ddefd4915783f03a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07469066b356340f4104de5d9d1a3775
SHA1 c0b395217117e011d0461bc4871bc7a72d7be243
SHA256 04e20db5dd4537efdd988e8db419b7e552178e127395fa8efef2efe78cd47f39
SHA512 a0c35577132c92027d9d5a45eadd07b0bf44fa69ff0a492b24b783cc789352b3e53170b912db4d0278bc2f4197cfb26e8d11d7779bf0f2cbfca5bf438c353f98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20ace756053e44618e4889e47bff5cba
SHA1 cb06b8732db9c62ea7723f88773f24be2d40aa29
SHA256 86ddd779cddab2cccc17db0ae03f1b0caa7fe526f56cdd7767bf24cf0c7464d9
SHA512 2b59cb10d25442e010cd9cadecddebddd7a1f3cb4b04a01922dc40bf537905e7a8d06d333adbace0d2fb61a27fec11c12ada1d700cb2c3a8df62b0a1a958b320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d86c55e0797ca8a7985aecfa183d0f3
SHA1 9c84198fa287dc60c5a9aa8b6676d4bf0a5ddcd3
SHA256 8b0e9b7b0dce10526916f4d0a07e05558d80da7643195f81c14a4ac127559323
SHA512 46563bc4568f260ba07bfd5fee75ab730738b54e45bcb11363e2a7dcc0ad9faaa74e54e88a7e5d684a630ff982cfc72e090a0644469cdc0090ab819b62b3f9e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index

MD5 422966d7c9f0a07e74f4d1b80555c8b5
SHA1 7458d75360a8dbe49761ea9b3b2aa76770ee5410
SHA256 e8628fd4c136e3bea291a710009008989ae203d50ace094b71eff7ee992e1a05
SHA512 a28465bef9c11e33727c0104fc11741678d1cf4a0780a7bf6594f80dc0ec93834a2df2ecd1fc2b7d33c14d865a7c74cee848fb4bbc32888a20f7c0987dbcb400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ce4568709ee26b19f804c37d7f136871
SHA1 dda3c202b14fec425262c26f0dd9de9681a9d7ab
SHA256 fd1768b4ce1769ae8dbe2694576a6dd533f8540fc5a7f9b3f927622d1e36be34
SHA512 62d003a9e8b6c9eaea58b9f4462076e3a488f0f65262f0026cc74dec6acd496f3812462deb40b9cb69c9f24c1f76135e76fc3f3878fdc479105702f2eddfcd5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ff8124589945646cc825a31755f8b145
SHA1 5bff00290b2c44307ec3138afe4cfd58fcbd720a
SHA256 c7ea877577810481671623cbd0a41b96fa5992f8af4336747e65e0110ec67004
SHA512 02aaf099a5f04c115af0daea8ae32cc2760331b69f536e5b4ed465e3015e5824e72269e0a679f88da148ce5e5d8a3f9ae5c00168df5dbcb86b72fb5882b2bf59

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 338dba62677d4ec5916271c2bdc4b671
SHA1 14c4b1436d5ad12281f21a6a40cce40634b5eaf2
SHA256 75a1385be00c38f0430675096ab556584757bc062dda53bca653271b1022b595
SHA512 be062228bb1e2beff947cc5d5ae8e2829cb0dbcc9d67e481295b03f7760da9f501f12b0d9a4e0e761395ba96134fd31c99068851d4cc39309921192b9cd2f265

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2b6d34d9ac4cf1a9d06bd17ff254c3db
SHA1 39248f4bd8f36f6cb305e0287a9da9bbe5b6cfdb
SHA256 92451adadcc01c0719d6d560a218de0ca48277e0532c271d43c7b38f613bbbd3
SHA512 7feda40212b5f6742baf1b9d7a1b38a2ed951868671125812c36a680ec5bd89052cc6e04aba2c8f3512463ae3eb906a95faacc459b59d4fc8a3213f339091c4e

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 07:42

Reported

2024-02-07 07:47

Platform

win7-20231215-en

Max time kernel

57s

Max time network

293s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66A3FAE1-C58C-11EE-92E9-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{669F1111-C58C-11EE-92E9-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000a54976f85172ab3d1f3e06fee2117e669b77d2a10f784a79bc8d0c981961e324000000000e8000000002000020000000d928664916022d3182363e3c67958de76e4f0c2800bca16c918d5d9aa384f5eb2000000050ded67c6291c4940d27341563fa8490457a342376bd7b584167d17138c3f7af40000000bcbcd74f7198bfca9728858c9fe53bcfbc60c7c16ad6b02a265393e646ded1e43ce27b466bd2343b9529f3a8a907a3bf21dc225af579bfe2df00bfe23d0a25a7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 816 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 816 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1340 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1340 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1340 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1340 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 280 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 280 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 280 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 280 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2120 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2120 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2120 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2120 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 816 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2724 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2724 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2724 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 816 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 816 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1064 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1064 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1748 wrote to memory of 1852 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1748 wrote to memory of 1852 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1748 wrote to memory of 1852 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:280 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ab9758,0x7fef5ab9768,0x7fef5ab9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5ab9758,0x7fef5ab9768,0x7fef5ab9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5ab9758,0x7fef5ab9768,0x7fef5ab9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1296,i,139791803592644533,17909344240681432544,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2732 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1296,i,139791803592644533,17909344240681432544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2908 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1380,i,2692513534013854246,9684496846531078744,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1380,i,2692513534013854246,9684496846531078744,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.0.15163443\685874943" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1136 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5e16dad-35c5-49ce-bb90-034832b192bb} 752 "\\.\pipe\gecko-crash-server-pipe.752" 1344 101d8a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.1.895238954\76069218" -parentBuildID 20221007134813 -prefsHandle 1548 -prefMapHandle 1544 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e75e2b7-42c3-4b14-9ea1-9b7cbb042700} 752 "\\.\pipe\gecko-crash-server-pipe.752" 1576 f046958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.2.2035008449\1539515136" -childID 1 -isForBrowser -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3701e00-95a8-4c87-8d45-21ce5a9867cc} 752 "\\.\pipe\gecko-crash-server-pipe.752" 2400 199b1758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.3.450891515\211164820" -childID 2 -isForBrowser -prefsHandle 2796 -prefMapHandle 784 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d97cde-5f4b-4842-93a9-1298fbe04f95} 752 "\\.\pipe\gecko-crash-server-pipe.752" 2808 d68158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3808 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.5.433566505\634530549" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3d5ba1-ae3a-4ef2-806d-f01d1b060610} 752 "\\.\pipe\gecko-crash-server-pipe.752" 3836 1f8bed58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.6.1527710810\440804096" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1036b23-4358-4356-8d13-a7f698c05edb} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4000 1f8bf658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.4.585016747\1010528753" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a431a1-dae8-47f9-a64c-2583bc5d7d13} 752 "\\.\pipe\gecko-crash-server-pipe.752" 3740 1f8bff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.7.1815647003\543050920" -childID 6 -isForBrowser -prefsHandle 3724 -prefMapHandle 3760 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {795c4435-ca67-446f-9587-055ca9b0e7bd} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4000 2088a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.8.550226171\116218225" -childID 7 -isForBrowser -prefsHandle 4036 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0275e36c-6191-4936-a8de-49b8b8f19681} 752 "\\.\pipe\gecko-crash-server-pipe.752" 3724 2098d258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1116 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.9.2063316268\672413013" -childID 8 -isForBrowser -prefsHandle 4440 -prefMapHandle 4444 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6c5cc8d-a80f-4533-9f9e-faabb6f56a9c} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4428 2098d858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2312 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2852 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.10.862742983\384605944" -parentBuildID 20221007134813 -prefsHandle 4800 -prefMapHandle 4764 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {778151ba-c480-479d-8e9a-97fb4e893da1} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4808 20e8a658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.11.194145458\371805747" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3180 -prefMapHandle 2944 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fcf5497-59ac-4804-a373-0605b6345233} 752 "\\.\pipe\gecko-crash-server-pipe.752" 2808 1f581e58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.12.948296132\740671219" -childID 9 -isForBrowser -prefsHandle 5048 -prefMapHandle 5004 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {440ddb85-9bcc-426c-bc0d-8facfdee6b22} 752 "\\.\pipe\gecko-crash-server-pipe.752" 5060 1e9e0158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1364,i,17232203247669858656,13841077234541451099,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 example.org udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:50131 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 157.240.214.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4fl6ndl.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-q4fl6ndl.googlevideo.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 youtube.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 172.217.16.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 172.217.16.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
N/A 127.0.0.1:50220 tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/816-0-0x0000000000B20000-0x0000000000B21000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66A17271-C58C-11EE-92E9-F6BE0C79E4FA}.dat

MD5 f44ff11ed7925b1ae84abacbaecedf8a
SHA1 64ed2e7522e22fc7e3b9c20de80cbfc5b6901611
SHA256 8f56b016edc35b43b3888b683da898ae8f3806700a441e28a42a544f2e9f8b64
SHA512 ae7aa16fd0ddaaab97b69bb896a79f0438328d99747aa9a7fa0cea72b0ef1c12ebc6c2eabc7547640400d10168c76ed502f13fa586dead71fdc91849a73f72ee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66A3D3D1-C58C-11EE-92E9-F6BE0C79E4FA}.dat

MD5 088959f73edc6ebb7c3b2bdf8790405b
SHA1 2f7f26cb4f62ba2a98f611a8dbd77ac5bd5c95d7
SHA256 d3bf6fff4f2a667697796b962c0fe7f039fec837bdb252bd6dcab0c7ba63e320
SHA512 37558dddc84b13666f11dbc2eb1b7de8c801db81312b87b8f50987ed03e5bc9ee70e98f14ca6e01486c5e21ac8a0ede670448fbb85ca70c3a3e71fbfcd7f3120

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66A17271-C58C-11EE-92E9-F6BE0C79E4FA}.dat

MD5 43737b367262c0297097b5a1575ba3d9
SHA1 da0419991e8438aa485078e421613143dd6125a2
SHA256 85ddf5b72b16c4cbe52e7f701c4f8c2a2c754443b7c37f2a7a96ab8f48e0b073
SHA512 1f7e7b60ba3094e01fa069a3d871ee9d9cca9228a5b3e345248a942eb146e55c783741cf90bfe9bd2729ac80a88dff464a4b76ee7ba784e37f4e7524530285b4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66A3D3D1-C58C-11EE-92E9-F6BE0C79E4FA}.dat

MD5 8a5f0cc3cd28338900e762f20cf1b10a
SHA1 7308eaa1314a82466b271fd6f04e07910bdae55d
SHA256 a9fb0d96255cf18f40561d3a5f594842d258b139e2e28eaf86988d93d12eaa62
SHA512 b11d1611bf0a26ee5102b4a21d800a5056c6da004171358a9408909a63f8fbf4f9767e2b833f7a808be23b9b240e300fd926830288e96a16414ebe0aefaa586f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9edc9dbd695f7f89eeb742eaa2082b1b
SHA1 bfcb2d7448860bbe7a0c68aaa571f1ef118776fb
SHA256 3f3aafe22b8c300b50b75963e12f9fa143f6f116dbbdac91e07373940ef9b04d
SHA512 bac53bac90a4cdb671747825143aa57afd876e7f3aa974a483bd9181be46c3403ee703d0b7796a403057f6036219c8a060c45b2614c8bbad60d290f38cc2ddee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7f4af2405aff3d0a84677da6112fd6e1
SHA1 7bd089299f58130df6a005086beae1b3c9226504
SHA256 ffbfebf9fa8d2dd3623557f872d0879054e1cfc733c562b15805aeee1cbc45b2
SHA512 6dec95444331c43ad02ba64bc3e3aae12c3e72929b65a41955bbce973597e13c01cb6f063a45f29e598740d901190e7bc5f8d832ac0c3f1bf00185e1428c7b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3846f336be9981a7310cb18339385a48
SHA1 a493823163a1351a8e230b33d98e52d9836c4faf
SHA256 b207cb674fea5b7970688d1d80c23e5ee363630a54e3466e145eaa4d7cb37489
SHA512 3abe093c21355e927eb4c4f0c77ee437ca15c2e99a40a284a10353641957d22bb35a67f20a4f3c9ac486b6553ccf03d4781c1844d551f513ae471435824b2474

C:\Users\Admin\AppData\Local\Temp\Cab591A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 67df65701721b278f10b13aab9984bb8
SHA1 bb0b1f5f8716582f9fce9d19b776794be8c13c91
SHA256 ce820d4eabe314621578ca75d6ac81cac04fb81c24c6fef947b23d81dacfe981
SHA512 1ebb266a2aa5c76b0d7d891d14131aa2f49d6b9a199adfbcc9472b9a8002c0b5b3241d317d1640938aff1152b2d429303bcdc081a634201ba2ae84d121a1b7c4

C:\Users\Admin\AppData\Local\Temp\Tar59E4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02b9336923c8e9e93e0c1c252e8f3df6
SHA1 98f9b63a81b82d6b3d5ba91b1ca550c9ddd92125
SHA256 1fe9f41bc393f8335366708d8bf391bc815eb98ee53f2c83d11bfa46b045e5d2
SHA512 c6bbd4155793314f72bd684f6c041d24902cd3ec9cc076283216ad939cc485d5da2efad0c19112f1d7318d076fb0bbad12a1be27cdb79607d2de26c960520fd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ed536952497c53971620352de29a253
SHA1 13b8f54d659c5e171852ba69a8c9134df1ca89d6
SHA256 6f66f1ede3c18f05e713b5a9d53713262c906a546afa877eaebeff27a047b76b
SHA512 465b93bb68a2c3d52dfe9f4b2158a39ba966a8ad7a569f665857b2d3ccc5f572397bff7d8dd87653e5fb67bb677bbdb9ac9e031601678b4aa6e4babba738f807

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 d8570c145b056a3551a4b3554cf433a5
SHA1 cdd9856e5201ec59039af9c79b49f441c643c657
SHA256 f8fd69ca960d585a0e2e669a8a28f6eccc5161c69fc18e3de5d49c4818236edf
SHA512 bdb2b3e66a4e678edd5993191add553aaf151c44b9d873c9ab6571e672558ec342aee3b2c40e6c1fc8e02d5f0c076c807c5ecd7abed27966c51acf716eddfba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a2a4d4115f197a39fa1f8fb7b45ca3a9
SHA1 6c2ae448e5b0db9e97240186b9521959c01f8ebf
SHA256 af2ed48dcf4d5792a88cd6c0db0a5b98c12fe5d987e7a5a76c241dd02ca57ee0
SHA512 99e70c3e0e9580e811b36d469498f2f99a04ecab3cbb88ea7a7c53f77133e8ee4a3197f071cf4493e25d03c51cc54b4919870ee56c07d3c61f182adfc97164a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 089d553fb0220a27fbb0063c44e1a11c
SHA1 2e9a8492c322b976ff0805868d29dbf7956bed09
SHA256 7242451498adeeb8facc34945043f868e9087ac0a9bfb9a87a3a7d9f5c5abd0a
SHA512 13973f6f059026174039b26262d8b0153b5875e1ef4ce3e5c32f4f7b516ce11e91bd8fe8b793d359d5adf6de972bf7864d51e52960953be56a68ca3b99cae60d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 d5faf283c08c20d6a8d2aeb48f7dd133
SHA1 d039d28d0ba46729311a14833e16bab6a2702c7c
SHA256 9f64e11aa2f6381c89e27e5a8a12bf94f2d24779e2df8f98262f2395463c427b
SHA512 568946cef41fc9ee05bcd637acdcfe9d0e22224ce6a68d15ead7db4a2e2ae776f88aa702e49a760ed52f02afb02ad1f14e7a0fa9436c628e0c655d768f33aa90

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HKRFUIUZ.txt

MD5 f29b368ff32371596e54eae97613ddd4
SHA1 8c154634bcb8f7c0f5cf7fa6020039fb4cac136c
SHA256 7f96926744255b86ca50c502a6a48e2d385f7f506888aa738e1d8142744b332a
SHA512 87eedfba21bb01dc72a8f6bcd35a3343b40e617cd02628a099520b1cf7de2a90e53b45430e22b0dbcc5e9f9da8d3e6dd3e681588669a7a14fff53d786d59840a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 1ecca17f68896e8c6f074afb7eda34db
SHA1 68045e0cc3bcc9396af80c8e9a6f262c86872005
SHA256 9104584fef31b67ca60a34b70636e973dcfcfdcfd6d9aa88b7ff782705d6b8e4
SHA512 8826a1ba6b66494d3df647a20e92176752c2ce185d5c716eaf13a06de0ab7a496dcd3c2bcf7b51b8f1b166472b023b21eccd9569583dbee73535ff6ab9fb9616

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 e7632ffc136c2c9a3e20819ab325d8a7
SHA1 3deeaca414d6ac0a9e3825d391dfb6e3d4525393
SHA256 1225eac2e767f642b0b23909bfca6073f08cc3e7ddbaaab2797382153d7da852
SHA512 d63b606a7ea02670cdede526768929b80fe2eb580ff1d43acd09a3c7bb1b5ff9d06ccdc31a6a61ea218aeccb8bb8d78fc8d0211b1e1e182c2055acd245496cee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c68e00dd7c2d61bfce66c2167dd3c833
SHA1 d6065cb16a46b8d934409df70dbc215b36d90aa5
SHA256 9d1dec8140d0bb796222bd8cf062b071ea3236f4bd07c0f50ac311367b9aceb3
SHA512 8315a81fc21947d134a4513d2c3cc674bb2b222c6effc0e8aa3f569eb6d78befa4424fd72e28ae601291a5747c7831b437d0548e4ea81b1a96f31c097a695a42

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 eaacebf5ae948c8e0e091389e932b4ae
SHA1 8d2715bfa6a5aea3449e6db10bb26063884c10f8
SHA256 32773ab2f7129f81608d7758e8e1d8298183046535798340e937761b4ed7810c
SHA512 a6158ac44811521bbb6fff978eb2a5ea44bd303a21d31231741d1e6dfde0bff5c4cd09725c9cb1db981903ff80676918f466910e30450b66ada104ad1153c1c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1120f9decb17ec5b2c9c82c3ab6ba000
SHA1 df6e7a2c633b03b71617bcad7d8ca82dd7f8883b
SHA256 4777f9d518efdbc02b4cbe5f3f5652ea98ac730d489b97ab6b2f9da6e856d8c0
SHA512 008d6920feb20d41cc30babb906fd6cb27d65e20a87bb6272eb59a636f5d025dc8851d8c9ffb510e58387ccfbd49b37090374c856fea4a9ac67b751c40ce7153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df3acc95add770538be99833e9f26595
SHA1 bf02a99c45a470df5180c40b1d234d4cd528937b
SHA256 4019eac136608c57e737aad991f966263986ba00660fc848c73b61daa8b64156
SHA512 672762804f2d469c9ba4312f3e0a4b5d70d1bcaf01093fefd2254859c9d5ab775f772b58801b435901eef845aabb5085e529ff6b8c67601f3cb13dbd9e43352a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51bfb380c4aaee23ba5f933aa64f7ad5
SHA1 ee776560961d1981fcaa73e5ce164d0e6ef58285
SHA256 56f1fced6eb02bcb9e398d6176fe1c56d4ade94c58da1927589ad7bbf8731678
SHA512 32646268e6c9ea8b036f4e615eea2650f01f6831fbcc96e1215a7b7a79b9b71a69d6b7b38af618c565a604e1681171a1fc8ae06eb763a4b05436819e21ed7792

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0c495fd6eca072bb8cf532e617b665e
SHA1 08b856946875fd2a10633d5fe2561af7c41f6272
SHA256 5e271ca70afc978aaf72d03b140d36352d0ad0d195c4b73c1d16a403548e79f5
SHA512 173249668fc6ea4d42ba392ce5854cc8de3649e299499b28e4757b37f2a7cc0487d48cb7f41a580cec105fa80abb1e046e82c9bf0701672cb5b87350e450e93e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9bc5a2b5bdf35283b9276f5b9aedba4
SHA1 1fa6f53f327c8420e1b5c28549bb8a1059e7f408
SHA256 7ccea46f2f4ee80d0d284491129e67d293683c6730f9e64888cde5f06450e03e
SHA512 76740be2b4c7d109e516573112c8af97913e8bfc004386139ae8d2da5f9cd31538aa0ccf2870b1db3b506df1836cc242c0944e736113367e6a5d9dcddf9118f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1b8b9863d6d56154307095f3f10ea26
SHA1 478e62cf5f347486ab42ab55c942a78c3fa868af
SHA256 abbe0a5c63024e2d58623957a43abd27a331c38947374d75834ba0bca4816131
SHA512 4d7ef229fe8c9180376b6257d5ba54c8fbd8dc22645b5f9f8edab938cb5304a93f2ec594912d6d61df70d2de97ad0c477b9337424058132af87bf0302e9f5461

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41d20965b9ffd182cc4e04fca2daec9c
SHA1 895a6f689e1d827c7752bb7e150b6da6b31d9748
SHA256 cf2bb7fdc446bb21392b2621566b7c5cc2956a23b44c0f03c4bccdd5c8d074b5
SHA512 9a4b21768c8fabe89787a90a914fdc193183a9d0ba0bf4730bd7ebfb0b69eee139eb8030619d27500064be78e10c54b2f32570f5b4418f966caa92896b0acc53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e79c1da5b84d34c4007354c9a5c88187
SHA1 23d888823adbba020f578b59e32e31ee3a179366
SHA256 4714f37a57c7e5ad4ba09fbf2720d3d6a8e78a5dbc57c948f8241dd9553bf93c
SHA512 d04f48641eb4036fe9a4920a44198d13feae199d66d098bb87568a9cb4c41b9a5be7604efbf6634a92c89d1133688dcace8fdfe8132c963a120dc6fe80b7d6b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0503f807e9c5442cbdd6b02056517f24
SHA1 ceebb65a4bbc52d84d5b43110e105ec0c1d119ec
SHA256 30e82fd741c522cfe523ea80cc3a541be6a3414b1466226226ef16549fe2f8d2
SHA512 3e9a18197a6786d15e38a8a937e1fde12831f92146f471ad1dbd154fdb3686766352aee48f02f1664cbc53277fd496048547a26f02a2345ccf4ae703c0fd106a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a93f7d1dc7cd3a01b5cbd7a54c16ac9a
SHA1 6c88b71a9a225cfd8e24258feb1e8d94b978af66
SHA256 0696061c5ac4fa40a2deea1d9f1b57fc52b4762a084bbe09b58bd1843d4d2951
SHA512 9f7a6b146ebb36590d8ee6acaf7bde1091b63d8091c1a0d4303fe8923d7923475495c85b4152de171a2cb4d3bdf85db59740d8e32aa4fc3fd27ea123d28b9381

memory/816-841-0x0000000000B20000-0x0000000000B21000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ff684cd3d1d94c2fb6b46100f307d8
SHA1 132f5fb5a6dcae572dbd0ff97eb367dbbb9c87b5
SHA256 c872f03f360cd719310fd2303105d47b8ab815561280819e5fd03241e8029959
SHA512 419b717a78bfa29fc5f8d45515e1c50cbb2afb8702b5b152c9833c63b25f951a70eb0f2c7b32d6ea1ca747175753e853d62629ef51eddf91ea59072f6e8a0cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_2724_OHCEALKEKBXQINEO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bcb2c897-e648-4b04-a50c-a3dc60a463a8.tmp

MD5 a66a63f2d6907eadb84e544ac0911cdd
SHA1 f8e626c187e636f7175ca948829569b4cbb3e9f2
SHA256 2163ccde5afe7e5479e34a422293f9bce9520608147ceb229c1ae6e1164a3ec2
SHA512 c51cd1cf1ea62ec8a458981b85112ee46c86406faf03c59d00f13d417269a6ab1af12b2fde0100fe0007a58d07ef46ae3d41ca61fb4d5a20952e8eac7bab3ce8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0ab1681a-65c1-45cd-97d3-98f7dc48c425.tmp

MD5 822e032899688bf6113799b09940218b
SHA1 05ab8a9c30bc7235d1e8283eccc8e4c55ef48c4d
SHA256 b4e77a860cef44c14136dd78af07388651ad9f3b45349e5a1af4f860a0b2e78c
SHA512 ce019f3dbbc52fc93a9d1ef596533a3faed9618fef3e18f4f86422b6760e7c4c1f53575c0c49d7262675bef5bfa1619cad291050b11edbf3e3234127ef3075de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_DEFE6B99A4F3DB39CF646AFC270A09C7

MD5 55e01414d80ecf6eece51ab44b12328f
SHA1 6355b24f1391674d2e5b7b661c90d43e15347c89
SHA256 8c0cd130e449c049237473eacc451fbb6f094ec6b4e9184ca5abfe3e7917b99c
SHA512 f7c4dd32c12699e5b1b67c1190e459fc2d8a90adfca7928e7f3fccf6d2f8c795cce74ca0cafd7cdc6ca316004d4a6dab84d0108124a4e308cd66d9ee3243e165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_DEFE6B99A4F3DB39CF646AFC270A09C7

MD5 581ece214bc0bbf76fd7f62e8f7b49ff
SHA1 3a15afba457338b7443e42177366162113097061
SHA256 6ffc1d638244bcc59137373ac2899a996fbb4b5fed88344f26f389d3a4c675b6
SHA512 621d48105bad2c29f220994a8994c330a65b6bf22e1ffb7d700d291281a2170098cf66e611ee731c89e0994c2cc883272b34319a9a76bd3ab1bbdf27a7d6db0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 eacebe84291f7e271720077a84c0a7c3
SHA1 c77393aa2e322599b268050b9e4b182e479d33d8
SHA256 3aa59b011b2a62d3f4190adedc9f35637a5956477d332643e913588203303bb4
SHA512 264f94336a9e8f7ce5ec5668fa2653550bd4e8375e9f4a3f1154aaa246e9120449d255df6b7fac568c8b50a3b0fd88ca4e5e38b81001c94753c85c506c74a196

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 5252066f674ab70eaa9fd575b45d69bd
SHA1 942d0137d5882feced7f8059fbba819a2defc9fd
SHA256 38d0f640decb673e79f7d2a16d3dc058d990fd2b102d36d7c3e57f0adbb4fcd0
SHA512 6448c139383b7572b881d1fa1c6dfccd11906ee9638c577a9efde4050b8977cd037599d9ab59ca625a4991336c9b7a80925138f37eac06aab0a5a18773e854c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 1515b46bad3b12e3dee6f6dbdf78d962
SHA1 fe4aa3ecbfbf3531ce0b97537c1af3bf221b69ec
SHA256 8add6b01aaf1ea6117619fa093b0aef5107cec54e168f27a6f4d85f8ca3b3155
SHA512 ec5d3a4654d72472faef085b2a3da5b584a098cc80936ecb6e78d4ec510a935d25d0de873d931bf7af266d9c67c3bd1fe1bded50a38198bd7ba2c54bd0cc1435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5929a5eee3a602e856804bcee9da23d8
SHA1 a4d3b74d4a344a774d6e779b08e872dd31a69943
SHA256 613825c753f63ed2fa9d988fac13bb7f46602f611cc20dab02ad32f5361ce14c
SHA512 552de4adaccfa6b72850ecd82bbe39bc899c3db325a2c22ab9edc54d3057d5473654a10f0c0f490b267a50f6297d77590b99a7c03e26cdb3de1ed3cbb3932fb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 a89819593d326e7891db3102487f18ba
SHA1 e8972c883c57976a6a6e676a08b488abae9c82a7
SHA256 07f033948e887c74df5ee50ae72c287706f58e17a5b9e62635c2d3bac3f02558
SHA512 642c680c0813b4760442e504a8ffcc4bbec65c9ec22608f608992c6393fae3525c00709e83de135511f14709ee51ac82c662cd1b26a5f45f9f2b14ba2590fcd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 0113178bc5ae00735f18dfa81ec6645f
SHA1 b4935e7ac9c639ac709262d69a15d0a1233f126f
SHA256 faddd603379eecd69ae7fc7acb713447afd75fd4f46bdf1b32c73c43bd3435c7
SHA512 64948388eed7d1631f2b110593c2be7d78eba94bb03972e68bdb1091329cc6334be4baf4dbfb44c4a0c63a3704e7e5fad5008f0693abd2d57e920efc8b609a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 b6a407200bcb7c46eaa0f25979e102dc
SHA1 be87700d86dcd56300667e85ab468ab61f480944
SHA256 d2196b1a9bca6873ad25049a3d7022e296a1f7eb72bc73a20a38dbe86aa61fdc
SHA512 5127ed8e40e381bbc50846bf4707757b841fbbf1b1a4a0c1d431f82b254093da3d8801513a43331341d10046106f89eabb3e6649d267d4fcaa4cae9473a3a8db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 8411e1807ced8ed8131ee09c3c135596
SHA1 2ee35e98951739663d9690f63438e4732f81caa0
SHA256 e26f8ec5d9575f66b00a51691ba4b6b0fe5d7e75d897ecf81ee28e3d241e7129
SHA512 3466231741f5c0ce026a22639f015c55a1357d342ba68f3e9b4b7fb53dae4fb00b7add7926c2d44a6ddc658d30e3ab3424d52b36bae5f98a8a9d02526e8bfe05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 dfd7ca76f3c4fd4663284e8922ad9c4b
SHA1 3cc9a9045ab9b77c462aa154ec7eaa6f77c6c041
SHA256 d1caca78e9e24fdafe324c080be695aa29647254f6e188a45f440a846512cb50
SHA512 e7da182caa145e069e6e77ff49a7282cc7a50530df441e4b2e295f308a05eef92381ec69772a882239c5265d8787d46c9b34abe5c8cb50119acaaf274ef38b3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\eb56c855-e8ce-4d26-b26e-ced851d9057b

MD5 b525eecff766715c6c169b854bfd2375
SHA1 32ba91f3232bdd10aa24f260188637517640e731
SHA256 611e36be6653cafbb7691f0940b0f47a64d70c22602fa1d0d67f66a7f4dde22c
SHA512 6c04b48ff0e24ccaa680f2bd4d0c8d50b1dc44b81af7d828e34d6ebc1f6b347d8556c329f095e00fba2bbc2f0fd5bc0f50d9e750833f0409232bf797c89e6da1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\c0b366d1-1f16-4a79-84fc-7e6757924036

MD5 2461be4f41cfbaeafb9a013828e32ec2
SHA1 ace1347ada908b018801b1691ee8c7e0a55f4bad
SHA256 ee0ed392f1ee68a78744f79952d47bf63e3bb11e0f19ccbf984c6f669e743eb2
SHA512 d81e4f07541e7ca3413e3d62b881eef77b72cdd72d2904427e21ab5c00b73e1aa2ffacf648cee4802a944d127abf546ff15a069c12362a145a1aacd0044aac0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

MD5 7f4a046af431639c08e818789f73e515
SHA1 8916bee3d667c95e49d4d85a80782311811927b8
SHA256 7315a42ebd84841202ac3bd24b656052a58a48691fc6644760ccf307f54addb2
SHA512 a78e45cd7484cd5c7bb5ebf8dce60a22b8f468296a41e4d75f1e58855b63abbaffaf5b8acad0d6b98cba36cb95d2c6dc430c8ebe97f0248d9222bfc2cb5fcb05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs.js

MD5 c48a628e36ba266fe10b39da876a4e7c
SHA1 c7afe9fade1cec41b696197b34800f582fd17c98
SHA256 67d43aaf724adfd2b5a15fa8121d0d1c49aea771cf60a2946ef403f495337ead
SHA512 77c5cc7e3da1195871a14bde701612b75b15211d33a274c4ce250b2230fc5441a1baf06f4ca7b3dfe46621ead4516e5da513e12c8c1c319a344e728e5bf391e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1a3730d2c03dc5dd6ca328fd31ffae25
SHA1 ea5ee0830758e5e374b9b6f4ea53c70e988fd1df
SHA256 012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579
SHA512 2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 2ce259b002b2dcd36efd12f83d975a18
SHA1 ab8fd9ff011a24783618fb30604169e67fc8e8e2
SHA256 8737e5d7c2d858a31c2622992076c8e371d5324e13a7097b82288b420ff2dd9d
SHA512 a895ba38dab1a933da678ebe1a3bffa2f17a7b64a58717213595b27dd2eed7768feff89efaa393008cf15bb5d48c623236a441e9618a4495d39039fb4812016a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 933e5c5536c1d6b40b0cbe2bfc14f7df
SHA1 9c12964b26eb8ec57aab83673eb675a9fad166f7
SHA256 a559161e78fa22997df65f314c226825fc6c26614614c5e69fd3ae9da0d9bfdd
SHA512 8cc16f7e8778cb8a34b35dfdcf2db62a37e259d81a7c74ecfda8b744fe2dd516726eac73c1ce4bf253877f21905e212aa58e0aa2b9781ad87f0db0ed0fde211c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76dd93.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 8cf02201846b563f311edf624525bcee
SHA1 50fba2b52b6e8bde74a4c0cec3e309a880d3e13b
SHA256 b001642cf3575258495714860e55dffbc93a7fa4f0523090c92c377e352095c9
SHA512 31566709df4a9535c38647b7a60dd561c259692c2f6548cbdd509b8b49378a5b55d2c85a973f15a6ae3ca81f52adcd6f1b7b045573678f40ea7971f2a7e428b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 4e28197dba1cdccc8abeb0dea592ba28
SHA1 3f4cc8b60717d252a653d139db918b0c28de6f81
SHA256 f3a72344e773e45eb4dfdd54b9e7505cba5fdde0248d2f443ee07d9cbbae5fb1
SHA512 138d9e69f6e8e6203d5b1dc6c12dc75f42986ab09550c0c969b42e4b3fe988617abf4c24fc95ba503f2b8a4cd5bc4a766694088d6d3f8fea696c574d4e269e54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f5f44d8c8fa66e4ff3b80624123f7294
SHA1 7b05787c28d19ebd5bdbb7133752dd48e5e9b468
SHA256 1a4648f918e770a47c983ea25c645f4415ec4d9c8f7cecc7ba91ea599c683045
SHA512 ff7ac9b547593027348c0a38af6cbdf5ff05d7891a97d6d7b04ae74318236aec2e4d9f98e417d63834e264f5526e6caeb23654480a82536b9402e48a3f679298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\131\{5873db9f-65d8-425f-9cc8-f45aceb99b83}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\idb\2364716468yCt7-%iCt7-%rceas7p1o.sqlite

MD5 db3992d110162909f34691fdb7cac63b
SHA1 b3398a6da5dffa5e1a52776794d1c03fd4b535a7
SHA256 71b97f1f44a8e82798098a482c9c5bff0fbd2eae914bb348306686cb54de8ce6
SHA512 96e20c1639a40162039561e60bc8bed5d1df9facfac38ca55da6a70f28c20a66a826187983d2d9d3f3a73a62b49a970d122e61477a980afdb0105076b01f4f5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bacebc39eb5b22aa717b2a1b724cb910
SHA1 6dcdc52f841e0e0c9dbd7857a03ae4757232f39c
SHA256 befd2f29753848735c0e4f8eec49234d1153400604c2d546db709d2c56534a59
SHA512 de61242721f2126ec4d12a5f46bf5ad94abdd3aa4c2ad6add9c49c3b3ecf21d078739feaf058c423230858002ea62318bb92f8000086fa007dc84549bdf2acc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6cb52b46bf4f14c5ecde162a5ad25f43
SHA1 b6a0e6505beb10c66873c18baa848d7ca84e103d
SHA256 91769658bd736bbb7d9a5127c6ec61b4703c25a931ee7a49280deec13802377e
SHA512 6868ded94a94cb2f4292a24b1fdf0d0ebaa2ec5317335e91a146743a2845bbada42d33278a456a111de21539428c5e76016d11e0879ef47cae25fc4984c70c73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 1b15152a1e40657a799f6fe54246dd7a
SHA1 68d3b6aefc7cc3f7c2f46e053db46ed85173257d
SHA256 6bfa493b92ccf4fec67e6ec51c18a62531a0752c3cf59c28d3235eb0c70b93e1
SHA512 13b0ded553a2af3132a5705e49f96045634130c76634ae98ca29d96ccaf57542dcc93f86c25d3aaf82f4bcb50d7ef033c52333e52cc8b9e3557ef2543b2a4dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 82a914598eaf87cb48d0949c27021c71
SHA1 6b965036494b1fd6e7cf17a62e4e4d98ab55a2ec
SHA256 b8136862dbb574e85c9dbde427580a91ca1f85f70a3a901bb727d37b29eca8f5
SHA512 79de4bf4f500e2c3792c9e21b415d56c176db5faf241998ba5dd397dfa0cd3e7badbb5bbdf451208d47f21d13d055f3600be26cb4d0e80ad69b1a611391e4478

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 9c6226b1d240619a8c07496398e0d78d
SHA1 4237f1f422b2b9f945d3d08d0db7f7b1b19fbf99
SHA256 178ac34448e82b19105280d888cff1c65c079579b9ab85bd78b1441f19081c00
SHA512 180dd6c74cca08a3a1d168adf3bf054cc9de1b21bac0687ea6c6d318599b100db16e30c1f949a7d262d6b06d38e9e7013a8f947a6f52c1415c96ae54bc469c63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\01184112-9797-41c1-9dce-3d8878d822c7.tmp

MD5 0b43ef77ba880d92d10d44ef3b45381c
SHA1 7294ca199d939ef436829e7deff7add75c149ff6
SHA256 8c89d2e41e2c23859294fed6086fe491da74e071d564efff100eb99c6705a81c
SHA512 b4b1311b7b4c43352e1d4d0f21aaf51a45986591d34138d5a77739b9e1f38a52fe5194be243c8509d082f2e970274269c91a8ac3d2b6f3a1b98a0ffc4944a183

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b97a857e9462865f8140bf7b4f37db5d
SHA1 f719c269baa443f2aed2f67dc9f6ddb7588c39a7
SHA256 d706e3279866e7734a5a7c1b677c49b789ae533b8301b20aa264036deb407e10
SHA512 65a87c1d886a174672bb467b2212cee6d1fd60a98cee64b821db33a21033eb63b49f244a63ae0b372ccddcfd219042e2aee381591e10720e8c41b26b79ff9ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 785bec01cd6bf955b4b099e925c678df
SHA1 a0edf3dbe96561cc8d58d66c4796ea83ba4c0916
SHA256 cc5528bc402668f1e572bbe9de036b41c67248aa33a84d51c6329460e03ce3f0
SHA512 a88ef5399e73df0e2817e9870d4d0518e0ae7a13e0b2729a29e3d3ec618ac8250f27429a6cc7d064cddc104921400f6683e5b4fdf3ffaffe396d08511b93dfa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 218475f4dd313aed40f96254f6cea367
SHA1 c0ab427eac0cab6a240bdcb75dd0783638c2c7aa
SHA256 df3e5de59ee1e945f91d95d73a666285d74685ed695d3418aa8ba2865c8883b3
SHA512 ff0d4e8d4e7cc4c18a7bd8e1c973ea65f0bb59e34a4732d1986f17047fc49e0d0a5d58f64c19fcdf670bdc0ead9d2ec890877aa3eabb9a2858e45acfc93872d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97cc0b0d92a8b85ef34f848e8bc96cb5
SHA1 38dd971459658a74a99f9618eb3ddc9ff4e97e17
SHA256 57f2ce45348b159ef1eb41329afe09753fe9012739de034dd0471dffa1954a2e
SHA512 e36d8603126448da71cab41a6f2fd79ee50b609df0deba3b8748e8c98c85a1a61372444bb264c583841821692f13503f641e7c6c655b250a21c51d67b5ee67a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bee8e48fa695e809eca4e688c3b631c
SHA1 1865cf0671514c610ccdedcac8110d44b7faf102
SHA256 ffe5d9e72d8077e9a18f8a7443ad499628e9fa4c8790ac05bd75a7d033f9597d
SHA512 0ce77f0174caad12f51b0dda49da881fa8632a6576fc3bc057e4aa07b84305ff295781b91ec4af0fb33d17fddaf888d7908c5e19cfa5cf2d06de3bc482858894

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a6493e557224424e3afd62a4ec03ae9
SHA1 0aed3df79d4642e0cfa1b11f6b8c19bb16040f62
SHA256 d491d9fddb987d3899d8447c6f48e6d3da918c183d146f8230afee92f4802430
SHA512 9d750253d8b471879d50203e2ca9d6e9b4e4b6f38c6a0377491747a3387d6b864a556558d8eaf118e2a43203887ffc7f5ab52554cf053d4a098e4034c07b33b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe11ff131b52c5b939e3f3e862cc872e
SHA1 4aae90ada70a2d3a80cb3d722cdf8cfa1f6997d8
SHA256 1f6b71f662afa1f0618d84018d87b6ddc34130b6d4f48a2944834c7798819362
SHA512 f8d247d5dcd277b668c3c4b0b8a786a4fca17ff127dabf4a444c6bf707a520d534f99c80b52553d98bfab686bb1d7daf0e2ad06f0e4e7e65a0f3997355697cc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 40af0e95f4595dd2ca6230cdcf58ea30
SHA1 97edb233513057354052adba63b983e741c38173
SHA256 99a4ce9fd169e91df79d908769adac35a09b14c58a2af95cf2382979f8ebf27e
SHA512 5517e29abeb82dda57b36283323784a031e2bc346e3ec96cf7c71bd291c649036952a26ce98ca2536589a022f7515d0614efcb9f9329a59a336e89f808f26e80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccdc3ca22a4072ac7ce756a3e0383b06
SHA1 9cdcda9ef8d017087a938cbb5307f1e905081a91
SHA256 43d0f69a6cf6f08ff56d162f89df1874824a360e547117bae6dd6400a3396905
SHA512 ce7a2e11f7eb094d52ded90a5a83b0d3ea622e61b5d66d36d35e27951dbb594bc184fc9fc5dcbaaa3ea1a1f7579cd0d5f6baed171ec173ea68099365d95baa33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28384a3f1ac35eb5fe226d8546e20b59
SHA1 21623735066b82cd9c6ce841e75a30a920550ffe
SHA256 7d7a9919e5774fbc29cb6b823951047462fc64db37f8fc03767562da3b94d1a2
SHA512 32ba5e23e0d201c6686e63b021c5a3ae1212013811ccaf34a13e2d20b8427b32fea9b2dddef20a3767a3ac8e6520bac4f449f268b377dff2e754a4e87ba27da1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1507418a902e092854ae1ff0c29e4d62
SHA1 b5f189f9020eabdd50b4b94d0aacf58a289485ca
SHA256 37cd17cfd7faf5ea5a027c9988eb091f3a4495c9370070fac120fa2212a86377
SHA512 94bdb0511e0a885a74afd61440a78c5dfec3864c22fb159f05f999c0b16344b8027bab86e16773120bd5308fedd2d0840c7dd046f2a58eba8b9935544112e980

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 43732c4c9ca130cc752539a85dc6f098
SHA1 20855e53d3e85f9e1ff5411e5783024d047a3b69
SHA256 013ed79784086c105cd97b7c771a2053a56180beed004eb2184e428b34d79ec0
SHA512 d8dafa9abb2c9dc99b6e3dcc8f850f7fece071abd8b9902fb58060ac59c9f319411da931e14c68fd63fad5e6c2b66fe946b15868b897423d066ef9334f62850c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a0feb07f7aa22aaa10be9aa842b7f364
SHA1 ef46b5e7d0efc200a0a2d37ba42ae67b1fd8ccd2
SHA256 062035540354004cd5ec6e56c5fbf324100c5f031914c669a3d51d94e046f43c
SHA512 3998689b19c8b303b9798c6516a611e0bc48a1ace0fe0439352b9d2315ce48238ca7da575c7f6cc027ffc01e8d54a90369f731c687bbbde1f4750b69c1c6d7f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5500522dc0546dcb4cd7b6644c23122
SHA1 f36cd733f26bcad419a9b1b2e8cd708e39d51ac8
SHA256 18c5e42dcd2f356ae3d83e62274abc33f855f7f24e79e06f562b8f45a5ac1add
SHA512 23813760534520162a4f6bbc9f7864885db7268d19a6515f077f350222c2b5f576591dbee77068786822236ff74ddd3dae67915a1c3db1b032ed24f33fa323cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 daceb4fd63be87c8548c33ff49703b1c
SHA1 c44391825a9d51efc6fbd8fdf78164320d83a8f8
SHA256 077820b5fbf8e3348ec1cac6086b0079bceb6000889901326a622db3772a7007
SHA512 09796d742e388d0f9f2c5e914df4d143ae8ee2f1d3b737bab7cc622d9178ae681f1ba8267fc4d63e4dcea9f0f7f6d7b83f81bf26a09fce0579d946350264167b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b7c951b07ccc3a07b0df85675fe3f46f
SHA1 2b081d5a69898405460633a5fdf07ce91b0dcf6d
SHA256 a9e021313d022f4aeb1338a829788b4596eaf2dedcf1eb74a9d28e20e8fc421e
SHA512 95749c2b95e88e9d8afbaa4e5bc430775b173d4807a2f6c5455acea1eb93b55d20eb5446b960d6aab665acb5ff3cff40a3e943260271f055637fd1c27ed7e9ee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 33ef02348fedbfff0c26ed9cf30b3a3b
SHA1 3fd4bc878b0dd2d1ee3e39e599f8c58c33f6c70b
SHA256 7f561abb147ef625e36ae12c3f362d045305b8ecdf4bcfd78e6db034413d63af
SHA512 e7f3558887b4dabf2b416c9ed7d5388e5b4da886fa01ba6244b593d1c50c1f4d9c3f2605abd9e63169a71eed6c84e8bed10ed16b3878c85c5d815e395af61afb