Malware Analysis Report

2024-11-16 15:49

Sample ID 240208-3147kaee57
Target 51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969
SHA256 51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969

Threat Level: Known bad

The file 51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 23:59

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 23:59

Reported

2024-02-09 00:04

Platform

win7-20231215-en

Max time kernel

57s

Max time network

295s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2675F4C1-C6DE-11EE-BE47-DECE4B73D784} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1728 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1728 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3060 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2768 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2768 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2768 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2768 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 3028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 3028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 3028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 3028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1728 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2252 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2252 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2252 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1728 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1728 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1728 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1728 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1632 wrote to memory of 1048 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe

"C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.0.2084470928\1847977256" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {500ea992-abe2-4710-83aa-23171e55a1c9} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 1332 42e2e58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1264,i,8463380301945021980,11426047877460944127,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1176,i,18275347342721255872,10386074271867341295,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1264,i,8463380301945021980,11426047877460944127,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1176,i,18275347342721255872,10386074271867341295,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2524 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2552 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.1.1041135344\1614787733" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b907d449-59f4-4993-9c9f-aacf780535d7} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 1512 41fb858 socket

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.2.782977700\788094984" -childID 1 -isForBrowser -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23768267-1a04-46c6-8d58-5a6a4d5877c2} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 2308 197eb858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3396 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3340 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.3.2080137419\1757147528" -childID 2 -isForBrowser -prefsHandle 2624 -prefMapHandle 2620 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd85ed3b-6543-4937-9f6e-b737ab3e2f7b} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 2636 1ba08858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.6.1787569268\943099526" -childID 5 -isForBrowser -prefsHandle 3984 -prefMapHandle 4000 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95fb10dc-d891-4e71-9610-c1f5f5edc978} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 3748 203f2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.5.511148756\1286964897" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a24a5a4-7c87-435e-a5b4-df1e5fd0dc45} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 3820 203fa858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.4.262304278\1197794474" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f877cc0-f30d-4624-bf67-4242e145f32a} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 3720 203f7258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.7.697276708\206361520" -childID 6 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daad086b-0675-48b9-9b0b-dd2c7ffddca1} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 3856 1aa56858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.8.5696654\1647837438" -childID 7 -isForBrowser -prefsHandle 4296 -prefMapHandle 4300 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6b4d6e9-8082-4842-98b9-09565c7d3cee} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 4284 1aa54158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.9.1216860576\1218780036" -childID 8 -isForBrowser -prefsHandle 4476 -prefMapHandle 4480 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ab0324-de08-4bd5-a19b-83f95909d2c7} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 4464 1aa56258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.10.1643580669\1941350533" -parentBuildID 20221007134813 -prefsHandle 4808 -prefMapHandle 4648 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {091c57be-13a0-48a2-9c60-40094914d033} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 4820 1e5aea58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.11.666846929\1413029090" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4924 -prefMapHandle 4904 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9da4a528-6675-4be0-8504-883608c642ee} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 4936 22738558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.12.910000327\2017066565" -childID 9 -isForBrowser -prefsHandle 3156 -prefMapHandle 3148 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {668449de-ada3-4438-9f4e-8f264622c9b5} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 2060 230c6658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4488 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1252,i,13284768377686021114,1342919569272258844,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x170

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 216.58.213.14:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4flrnlz.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4flrnlz.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50175 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.104:443 rr3---sn-q4flrn7r.googlevideo.com tcp
N/A 127.0.0.1:50242 tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 173.194.197.94:443 beacons2.gvt2.com tcp
US 173.194.197.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 173.194.197.94:443 beacons2.gvt2.com udp
US 173.194.197.94:443 beacons2.gvt2.com tcp

Files

memory/1728-0-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{266EA991-C6DE-11EE-BE47-DECE4B73D784}.dat

MD5 f08d6a92b1150a56eea6efbb383330ba
SHA1 1a086af6d123febff62086a5cc4c76f3534dd9d4
SHA256 69c56a45e6aed7f62531c14ddd631ac0296df6aa0b1f3994efc7a8dd09f6750d
SHA512 2f8eada7afe98e04689757326bcb5275cee6da0eb127b66e8fe2af6eff2fd133e025a73f61841f3576156c3cf51b78783d6211c13ab4403a14665da18a78668b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2675F4C1-C6DE-11EE-BE47-DECE4B73D784}.dat

MD5 b0315133ca1bbe5a54bd6102b7106322
SHA1 f413f3bb45d45161475afad7393ffb50090d8567
SHA256 18946b540d3dc32d3bedc024d9a4dc92b660dfd1ab3d3c99ef3c23ea4ba3d898
SHA512 967f001fed7fff610252a91530dd1595c65168001ef88d09bfa9ef0ee7ebf7496443e83d3f19cc68636323467bf08cacd581eecdc52b4b7252c5997851fc17fc

C:\Users\Admin\AppData\Local\Temp\Cab534E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2675F4C1-C6DE-11EE-BE47-DECE4B73D784}.dat

MD5 378b71ec29215c6c0472707b5352313a
SHA1 943d1da5946ca80fe9d268cb9110d91b6b9af2c7
SHA256 93171e115bc9c9ae0d6711e55cb99fe8be99aff1662a350104573c9e0c73daba
SHA512 a4659621a3b54226cc4e045c837ce8cddd8bf6161638a77c48627440387dac593b4be0202efa043e32fc9652a866a1fd49f99cd81359606bf0c98268c3f1a21f

C:\Users\Admin\AppData\Local\Temp\Tar53F0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f69739e34adf432f8e2c3abeae9a9d17
SHA1 05fa30af229c0c2d91a0f4e90a62da210b9095e6
SHA256 219aa366cd92c12cbb869a5b84e9c3dd0d3e37e940fe4f7b8d9fb0dfe40f35f5
SHA512 9784f3a9d0abd17f0c371c8d5ea20c7e44590a524f79b02bc87ff2d4d29cfaae0b7d56fac9398da4d1917d980303cb1650b824e9b9ba8802e48865e8f57f7a1e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2675F4C1-C6DE-11EE-BE47-DECE4B73D784}.dat

MD5 364322bf70a7192f0bb5c36dc673ded9
SHA1 243a222c945ac373c08fba46ea062cb0728e32d2
SHA256 a5719b4ed5275abcef8b52adf363e46b1d5a5c27bf51d2a034153453f02f116b
SHA512 dbbb1a5e6844af16b85927c588fb87fa11fa58142eefa462bfa8f974af33fdd2b2cb47f64945228e18260992f262112a9451c762379422d44a765b82fadd7920

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f73231e4645c187c722803bebe3f841e
SHA1 64e4ab646a85878d665bf1119b78f7cff3f9f3b8
SHA256 b7dfb2f1ad8450cbc5f7838914a5fc8dd0c85769e418b97b1319c866e5a58795
SHA512 93d93ad36e729b6ab7bdc7121872fac5940403611e7f394caeb4655652b28d891f3165b7f288070e947608b906200b9a68e619698618c8fc06d2358d8d1148a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3bed00c761c6de28237eb535109d82d2
SHA1 b2d4c3fc62c1ebc73d14fd361087be2abbbf8b4f
SHA256 db901be84dd792f31eced04ccaf78b7953fd8d6585f6e3f4e464cac76411f959
SHA512 9463522ed71c5b792b2811eed3382cb05e9524b92dc833dae23d14fca73d29a49cf59dc08471331ec2444f1b5de32a9dc0b4aa50ba226eebe0e13ce3afc52685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 418c76e77110115925c0fddc937c6647
SHA1 4f4d35397accdbca7e3e310762626236fbe8ef4f
SHA256 6de5feef00d6a895f9a06ee26647a6b754bee2dcfa9ff87c9622d04021e94980
SHA512 fccbc280d5722676371ff0a78de9581b334b0ecafdfe8ef887842225c52aab2bae51955d5e5d600bec74bb7bf2fb21cde6074f1c94797bb9f0f1a566040e489e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 4c9c83d7a62a72abf29a5d7b0b79326c
SHA1 7cc3f84610d75aa6f980b0979dfb21724753fa92
SHA256 9b2e2b47b885f1885acde3c65a609a4d1b97f5cffc6cb24566bc135357877572
SHA512 e178b7341ab8ba74add1bfe21f79e0b0957e649321c305b775769ed6d90988e2850279a1f9b914edc07104e41a694144761d7d50cca25bdc89388ec392842330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 b0db7cada450c5a76ff481078a76914c
SHA1 43eb9a3fde16c7ac4c4c4dd77bd55a07bd9c5225
SHA256 d577a90bc8619317cdbb4ad4deb40c9d16816e0bcd37e21d636cc5d85fe9151a
SHA512 24845f9c1e3f869eb529ae818fa7a87bd57a3ecae53b5cf8d2aee1fbe272b4a5015d0ad0e48b205ca8d08b5678a2e2c4ef359e64321fd583a08a8f056ae3a4bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 6ccd7fb2349ab50a9dbb8155713a1183
SHA1 c86be648e56d9cae84c4fc5680c45abefa252ac1
SHA256 740e25c5ef46d997ecfc5611287625213dcd3a1ec478a7df2883e38e3420fb81
SHA512 22f36c0e188c310d60e28961c3a1a1de1eaebb7bea38fcafb13f85e6754dbe16ae123a78cf456e1c85f88c393da63564330bebe32dbdb96921c7cb04ebfcee80

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 796e10509a5545468ba7028061fccf58
SHA1 0006e818bfbe62434ace45b74d3b4f7d8140ab1c
SHA256 55ca8248f7a37c8d864cd117ed651f91c3251ab19f80d1ef1c48f11c386f9e62
SHA512 f5d17c4076eea75b70e6465a6fea5a6fca0e1df8b8e6925be4a38297e36fbbeca956329224ced276b1bdc0d92cd80b378b9db8acf7db3816869f801262b5586d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFHPCFFP\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 8ce87610cf73a8cc0640c0bcd528be68
SHA1 efb5779b10863958974819deaa03deee87c5dd15
SHA256 8a0a768cfdfde542dd2938e2114027b5aca5130f387168cd87cdd3e84bfd3087
SHA512 12c54ec8b8f206740bd2cd0fb808b944d4e9a5083d069b012bf7076474a47df9ae14daf3cc69e0bc663071f04effcb3311d20092f0704183a60f6ce69a338332

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JXTAQ6GC\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7H6IOIZ6.txt

MD5 3131b1a9e02b0b754399536f15153613
SHA1 fb3b090e3945b1c3c04b12e730032a62e6a287f6
SHA256 1f89c1b14359f05385f01fe0434bef49dc08a0f409bf1f3e773d6b2c5e9e03a8
SHA512 3ee84edd9c897651c9adb07bf402dc3182669ea818319db126746d9ec73b563d34b7da1feafd9f7e71a3eba008fc995dfc458e49267be9c2826f71737f7e5079

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 8c901cebfc5c6e14a82b918944b9ee30
SHA1 c5b938d1520eab3148501728e6fef6bd05f41d56
SHA256 b71f9ec43158144ed189e51d935bdc646d9ab1c7e763d507ec408323416ba953
SHA512 833dc36b77918a83c83bd86ecaa591f856c7de2ccd9834046a382ae9c149a721476d911ee54b3218f703a075d69f1135290915b55d5cb5d562a69d2b2b773419

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 9b3bd11009a59d066ededf596dfb393f
SHA1 f4147809859b1458eb9528d0993768e4960c0e60
SHA256 9466b23095d427293896fe6406fada94206cdf6f072dfe08b1e466ab4b1ac998
SHA512 73e2ed111a7de5f8acb91ac3d1c75743069722a45b9769d6eb56d54c74b957339a589a1e9e3c0b6fd2e26415eabd4b38d854a37f28830a3221c5753c956afc18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFHPCFFP\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9b83266defb2dee53051d2c587cf2e6b
SHA1 0916554f97dbab866bc04ec522aa814c2867088a
SHA256 60b4a2a422ec376cf1ca89ba5961ce614d4983ad90a36ec8d1aeac8cbdc87e8a
SHA512 d20940c8a7486dacee5358719a350ba7be343cce52a06832377fb5838be3941fd906492d3b84f31e63e2a81c37003118f839c1887b87d726331a09f24b738004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a709a8416f3b9c20ae14828cdc03baab
SHA1 fbbd66cddb51a640abcbf09c293e9cc169b09f94
SHA256 0b597c637800eb8656d83b76ea4a84a4dc4011d1a71322acb3f26efde3f9d31a
SHA512 be880ded04faafffbe5e48962b4961c2c02d22792f55b7c05707e4b3926a8b81f93f93f260902e3b8dc51e50dbe86a2b39eef36bb6138f274a474805afc1b170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f40b06b274f205bafc19190b1ca2128d
SHA1 badea7c4b6704d711cebdccbc5db243fca025f12
SHA256 acd489f9f782385b3d19ac6f19157c511e54a7386e68572554de934286b42874
SHA512 818aaa52129362b13bd1856a8f74b7d5d4591a3d473cbe783aa1b26da74b06eb36a058a17dd6a2b5440c2b42efc0da46dc956eb28ff2ff576451bd5ae9783e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d5d3a67664b7830ee57764003e042b7
SHA1 ce2b7145a747e6fcc2cfb887e5ef5df7bc630854
SHA256 7ca22cc22a95f4b6ec9d757eeb705692dab7b8f27192be0d6bc02f71fa5e1744
SHA512 0263eb8055fe16e42b4fa5850bfaae0a45367115557915aed2c7a365409b18a9c2c894679f895b3f7a5a86bea231da14a2119aa7b68653f2472a8f224b844446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 835fafd27a2171c06943d23fbeb953d0
SHA1 0773f3cc84bfb7532eb3bc10b2959848ddd3d4ed
SHA256 d89394d7fce8b49d13a49794548fb27101ce1171f26fe23a1b261328b2988097
SHA512 9d5acd0733874b439762815fb21e92655c87ae5550bd1ba8a996329c862db39390fd27ef8a51f07f9287213be6cfc6747fc284257976cff81739f02e7cc5f04c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6316aeec3fea860ed78b0c6c92112f0d
SHA1 ec66508d06c87e9638b13cdff6912be886a586dd
SHA256 29a8d22d041ab0690efd92010372bbd7839012ea62d61e5013170b5b9401bc83
SHA512 1e39af0e386ae75d62aa784ec364d5e72d51ec49a354e4c7d6774e37cd4294439a0ec9d95c8f9f67dd002bee816fb456d3691a2e3bbaa989406db567abeab295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b6828cee74c9e7a5a9ea68338973b07
SHA1 d8a18beb5dd64a77cc2f1706af141550e3ca47ee
SHA256 68ea59999dfbbb968157c9e9b8b37132bd2144673d1e04a37757e0c7677c411b
SHA512 3dd1f2d87a0c79b99259294006fedee6bc1f42a7187110855090c03baa186a009b96e97016b478f8154e344dafed336936294632585d004d217ecbb11fa50733

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9e9133fff162031356143b7736791cc
SHA1 23ed344d1b593e29a79aadd87e3293bcd1895bee
SHA256 99785d26498b9add317180370df6ead7d1f9b6f974525b23ae57dce1435121a2
SHA512 649291e1614841d004dca2e0f23fd3cefdb1d3b08bad84ac0b95bd1f1475441fbcc1acba8d7cd788fef9ad47f74e88559e6bc6790ff041de40bcb8aaa9770c90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f15069041f075911920b8ada33f710b9
SHA1 c9419bc672087b90c777f3185d8d02ebb2fef2fd
SHA256 3a44941b7077d8f3551f4eaa6e316369f7d99843244b72a524f00fe841b7a4c7
SHA512 2a0eb92aa405bcdd0eae1b691e96ea60c25a0bdea5a1990fb6e9e39e60a04ca723f0b67ac8132db6def657e127fc2da47041a737562965313ac306bf67f57311

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cdf4a19d3ad1add7ffbf0b69b1816be
SHA1 9e040a7ad9b7483bfcf11ba3889de519454b16a7
SHA256 2ea23dc9d22136327049247e623465ab550247b47955b87319f9c539e14941b4
SHA512 8e9db783cd79bfd0d653e75a670cf890a919f09361cbf2e752fb0b4eb1bff0515d8658c99dcd95072d36c638770a0343a31a82141b508d9ffa61f43eb5644485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b61db27996de70783f8c83b475c02bab
SHA1 976e56896804ee117b2567a09cfd17e41f1e4ce4
SHA256 f54f567a2b7e30b175fb267bfade66b0844ec9b8b1a76efa0f42ce25a1d54908
SHA512 1a06266508376b3078b0a86a7c70732c2e59f6936824ff940e07dbe5f2094c0c754284ff6a28e022855cbd4775feb39b05338c5da5b502ac1023205b77ddd022

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6992aa2d747756123be1c5b182f9ddec
SHA1 ca793310391afb6484938a731839ef59a13ded93
SHA256 89563071fb7bb4205206469f561504c6b36e764dd658eaaf8d02c0901d7dee26
SHA512 022312f898dbc857d3d9bcfec3b8661e61e46bce311ea4b885b30527c05b739fdc1b3c0a0bab6f6fc0b0d972f1dc03a7ed1027b7bf649bc6b46d7a73ccd4e864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2052_JKCQURJQHODSMBAR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d5486c2a-d293-4897-bd86-220bf2697bd3.tmp

MD5 8fe070d38588ec2514b4089eabaf0579
SHA1 46ed58b9297030062a0d08a6e2cfeb6adf744fdc
SHA256 70fa6963f5dbf4059ac0af7e441201c2430189ca41476972c115d17ddd74ce70
SHA512 732e29828cfcd84869fc64dd624f548319f2e3dbaf8d64baa55ba482a4ff2ccb90fa56bd6ca84e1fba2d221645934527745a07ce469453d48baa3ab35a049733

memory/1728-943-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7ab23d37-9c94-43aa-b67f-5aad8b15a16e.tmp

MD5 96cd9abab45c85f9c332e9cc7bfcb6f9
SHA1 866a07f5789e8830f8e29ff55d143d7dd3a3b71f
SHA256 d228217d1381ac09f0d289a2105ff12346fe1ab9f762edb83cc32a2314a125de
SHA512 98a74cabc6e546de2dcbbd5429b3270b1e22071a00cf97718ce7f5d6d9627ff1c76ff171e5c411f5090c88558472f4bbe635ba5c1ee000a6f57828cefdf08ac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 4fe528b43e2d27f36bc50ded690f5b2e
SHA1 59155bb5c6c577fb2f27b13a95cb20b9ffcaab99
SHA256 7e53950ab4514aa82fcb32737106f0d865a12ac1dc39fd5fcd721df9652d76cc
SHA512 ab5ad6db3f1c91ee584cfb65aada4528076702baa79a6d88290240d5e46849fc847097be869d26ea71e5a5ae452eb757c0dd9ad74f44388557b050e9ba165a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1eeb46d7378b08473f6c5c1a9701fa2f
SHA1 f61424645c5324df9e352c9f39655fb81ece4ed7
SHA256 8167bdbfe66ef9da5c44191efdf78ac9217e8811c970253d6d0197fcd91626e2
SHA512 24ea1170bc926248c871fd4bd6ce81b9f9419e7d111ed21135a91a22cf70dc814df32e0cc45497ac1d55ac9d217e5dd86c9cb2fff75abcf3af5aee63511fc592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 4ab0aa3e0ba0d933ce554c8c5e22632b
SHA1 606ceb30c4d61a5f88ac98687ed904a27d0718db
SHA256 515d400c7a3727fa2abbe97ac8b53d03238c4e3a9162cf05e11b08fc031ace4d
SHA512 b7344459e54ab38495cf72e38267453201a14dd9a73d9f4f99be44f14473fa2983a789f1518de4997f8dcee09f32b546983d8b37599cbbddd52e5e9204ddabac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 9583243c1a56477bffd67b3e4808b7c4
SHA1 3f7ceb0caa1bef0966ca504fb369aeee085527c6
SHA256 a86688e02205cbfb05e2785fbb27bdc2159a78dc2ecbb7e8a8f59d7b58a10231
SHA512 8b27349233d5ae0355fb1f766276abf198ab667c9e8c56c973660511fe47676c9d8494da8cbd1019639ed41a92cd2d5c222e642497ab4b15c24e9b3c04a08e56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 401b26033d643e6a82d094df6b449c0a
SHA1 ccd9defb2ba41a5d88bd6271089480758c84d3f9
SHA256 93766c5aeec337f8a8c910974a7c6a3ad39bb7bdee7eb6c40d840968037cd9bc
SHA512 39857c58109e7846f0798b1dfeeedd229805226aaf736b3ce1ff4c85e6f51e96871de5dd30a0a0ef4487a48975e10ea1420e8fa19eff61a1e32abf65f3046ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 b108116fc5d4975aea10c81ecc14ee70
SHA1 4fecbe58c0a7ee569db64000233f712cc58a1892
SHA256 1c6b4393a26d1bc5509eb070bf02dbf026c7b7df2343af1b568f71c17a54aa81
SHA512 d5f050532be90aee4b71d9fa1bd0c926fdd6b0e21433ac4b6349dae6083e51db746f21f617b91ea98ca0ac02de50ce937bbb642b8cb28b4edc37d82330c7b380

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 0d66b390a7e8c8c1b7d2f5642c107096
SHA1 98d0aedb189c851eb93f5f8f6aafb62004a0b1d0
SHA256 097f050be68ae094a7997c1f9933a0fe84906b2ca558fce4429978df26b2ab17
SHA512 d400bf4c9a630e781654c4558b08171f24012d16ed7edfcb3c4515479c1a627e17d7035a7a06d9f7da1447324cc7dbeb74e4f99e475549bea10e9a68ddb4b7b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin

MD5 e7b35220b02c14ef7b985918b35e4542
SHA1 60d54810b3103921b271cdc8198ceb57f06c2749
SHA256 ff369be3c489917d317aa82a386ca6c40362a5344ffb4a459022cdc5f785f31a
SHA512 53c669b1bb90b8458f35147a613034960213f8b1346cc233ae3b0ccfb1cac32852b163f746d7e3956b36c6537765bfb99ff6503943b20520f466c02dbbe0cee6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\699fb3aa-7159-4a59-aab1-b9c8b18fe1f0

MD5 f3c3e0da4002da8b4280c268a20c0fb1
SHA1 f29a718005f18599f7f69c19a0566fe1bc02569a
SHA256 7416e236371ebcd6d8f083e4eb6efc578e35efd498eb59d78e4ec6fd6ef79133
SHA512 311b5cdda473738aebbf6493c7d776d2f77c03fa8f04b50fa0910f47d1990cadd10560b8c56e478e0d52a808632c9d81520910ed7d1a3e856fe62144636308f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs.js

MD5 a6ba08d2b3f878c92fa2b9e4ea3281db
SHA1 39d4d534372856cbe20113d8c29b7611f9d7ea64
SHA256 f6f4565bf6f400ed996514e96075ee49ef6b874b1fc623ebbb8391580170d53b
SHA512 a25e834e96dd010d2a264eeb8c0f3ff8fa63be6c242eac87329fdcc765fb1c581c956de7509af2344b39fff586122b2472d9678c40b92817f7bf5fd5d94b40f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs.js

MD5 01d6adea97ed54e4dd41419ab013beb3
SHA1 45411a77f85b47f1371713880ff7b96a6d867507
SHA256 0da8254fe7e2e466840abb7171cc2aac96a1566ab9c23cc2411f442d3c810b40
SHA512 e3e224039dd6a752056db65d89f14304e89c2e5e1f92c1fa1eb03aae06624f7ea39da2e1a8c89e3e32e9fa15d3494cfc7be09b091e79190e077f18c61727061c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 09324eab6d51a2f33182f4bac5a15985
SHA1 db5fca99d901ba52c0ae6708d455152619d80195
SHA256 a950b96997230720e38225c428ae84b8a7b584e42879375166c7fa57380acd7b
SHA512 25126c87ef87aca10b6bc4c69576d90fa4f3ea18316b5234d24356f52758cd53a2ba15748d4814d05185ebaeacda3faee71a2b09d8f9b8b1db25c486af17c43c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 aa674ede2fec16203f29751b6f4098af
SHA1 145314b914ddca70176ac52a74a888c4f9984239
SHA256 dc52f76d46d0fe5c1fd0d39a7560df523ada732b95af14d54657c22baca0e04e
SHA512 465c6052bdbabc0987ad98180e555de67f654443ba07661a1f5c641fa0535537835db65b8584842c2d61391cb910ac26401021a4bd10714eb10cb67deec78793

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 cbc401620f5a53681b2d98f29468a0a5
SHA1 ac30cc74ed0c9321659725f970e26f410191704f
SHA256 a18633583c6bf6b6145daaf1c229ad36773c1de5a696b4e9c351e0864939c38f
SHA512 fc36febe4aea47e1abc43cda567732015df82d38c40fb787095d06c2c65769cf476f122439fc137d8f8b3b1b3cae05338014e1df786675bd8bd459e7c383fcbd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\60\{0e24dc0e-6a2e-4479-b231-2f453309293c}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\idb\3239009701yCt7-%iCt7-%r9e4sap4o.sqlite

MD5 950065d88f5d99ccbbe779ef10fdd3c2
SHA1 e5b2ac0749a0478c8e060bd5d335b50dc601b1ca
SHA256 64af3fa90c141be11532f9a2ed95f4a3e6235f8dcca84cacf236db2abc013233
SHA512 1b5439b1de3541f659a3e619e3a4b9ea1a6ae8c2198100adfada4529a1d91131dece52a1ccec1c176215091de77e0b31a3a6ee99842f2295e284d0ce099f2b20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 88c7eb2ed2d7c0ee7bb58eec30ef46f4
SHA1 64351ea6c2daad21cd0882d65051efb8edfdade4
SHA256 534136b52cab5fdabed9861173887877d2cd2142ea739223b0ad21553c33cb01
SHA512 58efaa07718ff2e4123cc0c0fc0c377a669f69f556c3d4d33b4ce11af9c0712de61f7bb17f9e8f742ede3d364ccd16972b4e799e87d536174ce10d599b802742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77055e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e770796714d5dd4567a47e9a111782f
SHA1 b22ecaab705f7dfad00a410f0dbb5f92fcc48870
SHA256 04e5f57df00a093b2560c8521a8db9e642d6b6b63710a232a3a2cbce82b34819
SHA512 e1741004c25fb0b50142a67b51bacb1dbf91b16644b534f4c6003b3f89b1a5314eca9c846882f5ad3a2bba4a5643fe01a1fc5b313f097e6591febdbce77b9c3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\171\{a4515fd3-c1fa-48ef-a644-4678bb0526ab}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{b43bc402-b81b-4bc2-b10f-a9670f235914}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\160\{f18c4e7d-d455-47c1-9ca0-87c40fa4f8a0}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 7bccb43fb2201afb0e223c2db04bc1db
SHA1 c3332ff30e28b521ec24eb0f265abfbe8a0f2dcd
SHA256 5e89f4751d16543c10b9dcca88f886df31c4eaf618206ed2a18006c7493b7211
SHA512 b4dc7b631665d7faf26ae04f17347b2ecb89dccd9c3fcdf091ce19f554d1436d708e1ce20ff88fa0e399bdba2d1c14141abcfa84534027ec630acdff168cbb9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88923100e38acc1815dcfd3ef0811c5a
SHA1 2cf0c35cdbb22d9059741ba3a98c2024709d1064
SHA256 31f07f5b958486c284c3748a9c941c0c1db746083c960c99a5c55850fa401971
SHA512 4130a40783f05740c651a5da3e6c0c54372665b7823817875c5f43db732dcb97600b36b821ff35c7143c2b672d6757387f5c95d9956d5182f3470af85bb4440c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 748f008dfc83f20bfcc1e8d3ef7e0723
SHA1 c11aae733d7704358d076a225ae0372469e47b70
SHA256 289d7191be2d5f5c571f5fa29555a9fdb04d7dba0b23126a037f0ca26a4eb987
SHA512 b49de1821164500c1af53f71a9b27b018d705e4b98c3020b401469729fa82f1b5ed5ed8ed3810baaf1268c2b82095b165d565655f9008ce2d71eb9d6c4a213bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\89e4c9dc-dbac-44dc-83a8-3c8d779adac9.tmp

MD5 782819702346d4dc53dca8450b8b8f73
SHA1 1808698051ebec7f156dcc40be9573d0c6a98944
SHA256 2e78577c4a7fd18c4ec24c322065f5b6a4504c235efee049b08e742ca936d300
SHA512 2b6ad14038fded7b7c8a3cff28388359aeda14cb24bf5b5286bdd63658da739d3a27e2222b86ea80f2515a3ea8208816ac82311e1f4d528f3d49e46cb9fca7d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7526ba70a2757ad7d6ea319ec1464316
SHA1 7fda2cd2f546c85b4b1e690ea6077a07b363b2f9
SHA256 fa400a4f17a70c94938a71418fbe2448b9529e5220b7f42306747dbc46a5a785
SHA512 abdd70fea9d9449d268984e6979212ffc1b80a675f660b0328b5ef3fddbb4f581f09518d1e6e6089bc435a3fdfa57c1c1de1ae780a5b51b58aaffa9751eaac19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 080eed671b0318c4dea468640a35ef7f
SHA1 ee11f435f93ec40d815604eea7b1385c09b79f29
SHA256 6945b7552b08a9e3d8eb64f19885d3d362657db549be51ccdf844a3557cb4a54
SHA512 1b059fa97e2090dd971134778d83645251e835727dadd5bbe0972de4ee2323ac935d760e510ba299b42b98d7abae5341a52a99f13ed01138d2a8f1fb392d997d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd5f1b59efc74c9537b38a82a1a2f8d4
SHA1 b366b9d2661ed6c3183bc8cb91e6afbb1e108911
SHA256 847323315465993180a11f9b1b7e891b3643c94b8e4430d121ac28be2705ac2c
SHA512 a28a1a849ac49c337819f1c02fd27756e1cbe5544eac381a8ed61640bfae9a9154f762526d914db588a69a97ff40b3396b9fa125a8423a0061e5dd489dbc0b5b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcf4b442130b41ef4be7dc367031f9c2
SHA1 ce7512e0989a9b71c411a3206e15fd3e9c15a58a
SHA256 3eb5e2a8b071ecbed849dee818e2e3e8a338a3c089bfebf570c837cd1751910d
SHA512 01f4f3e459d82e3936a2462a039e290a36c843b8bdec036c569deb62ec53db2868f740a672ead210760ce8050dc6c7acfc9155ae35cba4c9fbd15ee26119fc62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 721758f21ae87b06f5e7f9d2d0057683
SHA1 70d709b5f1ad3342a707c409253dbaee54861020
SHA256 249085439b024055d6f822384bc437939241c25e0c43e19b22346ffa40d4e3e6
SHA512 22decfc8c2874b82350302aea018e36b6b5fdace06bf2cf5656020ddd7dd8dacf3ef5780384a2fad89c21d6e27cc7f72213f1ab0d5a138bab142334a6494e38c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f233c73649a707d4eeb10775f89145d
SHA1 a3e0768f5027962c59bfd5d8444d92316496aab5
SHA256 4c6000cc613a3d6264779d5ddc6ea873badecc160e58f70d06d00e45d5a66dcb
SHA512 9359bb8cdba9f81dd1a03aee97eb6f40d592ba594981fe2f68cb12154a4c78f764bf2a758299d9179a148708a669da17ed0801b1e9f6eec9f5280f702dc0bf5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 f84aed463991f826d0d93327b61be469
SHA1 4672995b08ed3638628d11c4387851ab727aa3f3
SHA256 7acfd08d517c8576e7f60968054017eae4166d8359eb2f461d5c6b657ad63cfa
SHA512 2647e44a7f503a1cd278d20b890670c77f6e88f679549f4ac044876d6c178f6c38f5d41dd09b883c87ad577e98807af43fcd9631ee181330a3e17353a05debc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae33d50c736dce38aaf3eb37dc3fa9f8
SHA1 4536656dd14000eab427385abe1c6a9b8ca5b077
SHA256 77a0d4d5dfe5746f276aa58f54ba04c08a383157827b42a6e74611882463c235
SHA512 c976a6584217f5e925352c0cfa4d9645473c4c5932d11218f3a5bb27eeba12bd047d41e0d3dedce8be479ecdd216d2935c273f3d12f8e0d6c441b362c33f4306

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2948f557322a69d82a775a030d00c5b8
SHA1 f876a8d0083a25c9b202b04ed0182edb157281db
SHA256 85297a3569c2e3be8ca69533113ac7212e25561abd41743cde1819ffad9c479f
SHA512 a4f075bb40b4e0d8e44cec0b024fcf3eb941adb5fd25f5c703e5ad0fff10aa1b8b2763de85f0d39a1cc1ef633b9ef264e5ffe6b14c541f1c5b29f5f1248dcb66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ff940bce51f0d30c6e33eeeae3f20f9
SHA1 967c5402fab22cc3997c564df976ba634e11fc02
SHA256 73011ccbe75c25cc8851d9f292b1eedf1f23511ab912356bf441f0cc861958a4
SHA512 792a8b61db0ef36c2381e0cf3135172888048de209ac11f1c6a28e6796730919733b02156c2fd2d680aa6b3e6938f3f498e81e42a44404244a0a6afadfd33667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 946b80895218bddea24f065fc0613f39
SHA1 5a7732736c2043b1b11f3506efefb1a5ae6de7ba
SHA256 eb11be96f8e9feb615f5f057fe1538ed4e1a796901f99b19d876440a0b473fe6
SHA512 7fcbbb7c4c59bd3f4464ae016e69731c4e3e0dbe5591729cd61c072267430eaf1438a920644542a8222fc8dff6a1b9afd517941f5800cd062738a9b46d8d5759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95bc651edf2e1d5237ab7cf85a5c2e56
SHA1 5297c39999e0260813c632a35d17f501023f0e57
SHA256 cfd312032090a06b9fbb636f282e6d4ffafd517d73160947a0d2c7763bfb41f7
SHA512 623cd294a9e70102828984163467f7b9875331b36ecfc000e087b8360a59189496ad8972d512c4f74d2636e3061e3954fd0e2d46e0bef5fa333fdf98b00d3056

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6b9f3e74885fe180f82f22d8c58c7611
SHA1 a4b59b97c491b627c4bd9d57942052307d3a8b7d
SHA256 dcaff61b41ccc5ac0feb1d168e1f54386265c9cf6ba44487953991f04886fb76
SHA512 e09521612c8ceeccaaab3540cb76b8bf0aa0a8c74820c94d79adf2c01d806a6cb6c9a5bf366b88d52ab9f7a3626ed386bd05d825131aeb9f15765fa19f5bfdcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a71f260f79547ff15cac257a8df6456
SHA1 5e4dfb43685b2a808cca0895112355a782e4bd60
SHA256 6dfcc6bb5bebab13e7dd7b7d158071f5a7395e343a149dd7dba62a6c1a06a549
SHA512 f89139f434a73c64bc13cba616b6d494beb0935cf71d90991f70316f33325d0d55e54259874d799a4c44f5b08087bf9155ab393d1de7f09c60d818669c4aec11

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 4717e592db591db8dcd48ace192efe9a
SHA1 3bf3ea0b129fd40df32b4c281c37cafef9c9ee71
SHA256 46e98d82ea7cab73f239238e2b69a62330568b4b50d3e98dc902f2dc55c1798d
SHA512 55b187f912cb9aa438e9504be4e7b06d8584b2d875f452ac3435359cf73432024fba044818cfee4941bb4637dc2bad2839b11020f95e2fdf8ea383b74bb540b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1c167ba984368300e8ee512525f0f40a
SHA1 b10174db52a719456ac6754706d070be5b94fda6
SHA256 5c65d4798816ae62c616cf32e29c29ab1800a043e3b0688839bb8fade6d8e204
SHA512 51da44902c619d7dc647e980b40e897c288e7ff21112fc9848e96a48ab11067bb60d756ef6563bff8f636c96ba5a82e7aa465cf29244f93f6efbf63333ce670b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cef6e5d3fc82f9c5f824a2eb2024515d
SHA1 c86f8a45b6587660531889a0a759c038680e57b2
SHA256 db722c738195d7876e17efff8b4273eb193061b50806769069322b78633d6bd1
SHA512 9ffc4e07bf8c96bb54893df4ae4c2af1898dd9b61a9d882a5a629a753d7d4beea9029c115b74c08a87c3ad6f197f8980222da2d50d76a0ff048b95fbbc5e32d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6137b3ad802b6c5be57335d9d63ec4f0
SHA1 09c5287b85ee71f257abbe0013836247a69d3bf5
SHA256 4d2f54463e2b760f6cb0bfaef52e6fb087e2eac154b4dc566ca18854a06f697e
SHA512 6045197bdc679eecba295c4ba7a702060eaabcadd3c4e8267cf41f250344b4af0a3e1e9b7802f04e24038864a6f6872b96c29243a594bb142befcf6da53529b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bba63d9a6ccf27503a7caa4974bf93e3
SHA1 3d34617b4cef786bacf33aef0acd6f4cd75a7f21
SHA256 2a4171762222f9dabde87ad5d05ca10f223c8e87678bc0c682bce3820146e787
SHA512 7baedaee991037e5af019bdc92098a484dba2652983a174b938f1c00f567c42b26a1c038ba0f55e7f17e29ab3da21f3cdfaea9ba72f4ed2d3601fe3f9e4065e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b1f1fcdca776dbb1ee03f26412e6daa
SHA1 954afecd7716460547bd01e944d395e9a50105cd
SHA256 742c6ff4fc1db648b0d66ab823cc12b769094d0d4c49ae152b23083fe5e21c75
SHA512 2b6c8eb2ed974ff6183e3b35775d17d0d957d83bae343184fc4591aff609595f2a6398479513d8dc22c6c86dab3ee52197e92fa24aa681257b430f5523803541

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e3775688293e749d36c3072cacd234b
SHA1 b3286ecd6b0a9692af198df2f1b035c31b578794
SHA256 ba636d39291dca3505575049744e8964018ce3c8293d8724478083b4553e8d7d
SHA512 accccb4dab92c09bb6844822c8f45706b69355fdda2bcf31dcd99359b8b1a819864c2f7a6b184eb0ff40e89cbaad98ae2bb7a1711ff87b0b78bad39e6a20c31e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc3da981e369e4cb1c718c8d95a3a3aa
SHA1 d1ab9e130c25fb670548142793f6f1674f5d6e47
SHA256 685b8996866bac7be401e8ec4b2cdf8dc0bc6d2cee3af14cd09dc7d93bc081f7
SHA512 73bb1293d46de292596bfdf9d75a8a5781b4788a8870e0aa976eb85c7ebe3b3c94e9f38f1178537e9d8c525f78a6f1a8a0b27cfaa51fc8db68ce92bbe79c0f6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1032904f388d6ea45d5d2bc5b30f2932
SHA1 989fe02989b6f30544cd26ba2b7f1204332f5930
SHA256 7b74ee709fead8877ffecc6be16401e8b922db33c41cf86069806f889e5004f7
SHA512 5dd05ccdb2d2ba1815d7b9b682da66659d8769d7022ccf8449f256f66c62f4dc2757b8669a05d7c9766a9acbadceadc480f3a7417a80750a03b63602b1245b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2ce0572800bf80a6e7f08df02a8bda01
SHA1 fa5a767c49721fda6ba0a6c9e7c0b7e3ffca48d9
SHA256 07322b943f347a77903b6c18a200f01a680ff91451da9730a58704603c8c368e
SHA512 2cc371e7f3215aa0da94b43fcea85dac7acb2f0e14a46167a0733643e7e3a93cd22eb2620cfd40cbe480e334754e1d82deed3a4cce9260083cca1efc62f41ebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fd0d842eb2dfede84f6679e464875584
SHA1 4fbf4721e4c149c1b3a9d00b4bc1a1045b421431
SHA256 acf7a8c746097ccd3d09a21ac4ddcfeb8d4d8a07b9259a842f8b61f524a7cba3
SHA512 8694eb173c82c1bb9c3c1a1436f94d85673f322486d2159d73d6f363fbe0ba6a0cceb80454f678a59e4a2bbc639cec29c7811b0fb3107fa8dc46f0c3f304d35d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc1f304f13da4b44b3f5a27d33e3623a
SHA1 dfb98294095ef3ad5f89c8b416f3a63e7cff39f8
SHA256 3192e5cce99950a4987d1072e9c21684f3a84a09be42e88343c66a7cd22c6ef6
SHA512 7f04a8a7486ce39ef562462cf41caee2f6992d1c0712b5102a0f796bf571798dd8337d3b79219f5393031dd23d4bc55b8e8b40b97f960aca9f79ddf1c8da1ccb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 654c4661f93fbe81bd48e6c90572b4b0
SHA1 a18cee0762697c714a799e38e6f2e9aa6eec7188
SHA256 c28424d747c798934e382ee72a2c73fd1c03678ea7eaf24053f38c0c07d0c4a8
SHA512 19e7e47789bd5ebc79e00b6f75101bc2838afe41ae569fcbfe1ad17b7aba33da29f0a3bb00957376275eab28383d1ec4d112b1afc7f22a55420300b61333545c

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 23:59

Reported

2024-02-09 00:04

Platform

win10-20231220-en

Max time kernel

300s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519105953980364" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413598886" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 96b46fe7ea5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 90ed59fcea5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414274339" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = c557b7eeea5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 1296 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 3568 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 5356 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3572 wrote to memory of 5356 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2084 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5564 wrote to memory of 5668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5564 wrote to memory of 5668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5676 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5676 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5660 wrote to memory of 5696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5660 wrote to memory of 5696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 5720 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 5720 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5676 wrote to memory of 5776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5676 wrote to memory of 5776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5720 wrote to memory of 5780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 5808 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 5808 N/A C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5808 wrote to memory of 5908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5808 wrote to memory of 5908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5808 wrote to memory of 5908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5808 wrote to memory of 5908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5808 wrote to memory of 5908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe

"C:\Users\Admin\AppData\Local\Temp\51de9921be0ea6a7dfbc0806cc85629be6edb6968081bd37cb30db2286930969.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff928289758,0x7ff928289768,0x7ff928289778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff928289758,0x7ff928289768,0x7ff928289778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff928289758,0x7ff928289768,0x7ff928289778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.0.1392800446\336983804" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0591b50-bff7-4b24-96b8-651c3c27efa3} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 1780 21b142d6d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.1.505968186\970298411" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46815626-b462-421b-a77b-82876f64fdc0} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 2144 21b14206e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.2.1830953650\238452040" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b43646e-f774-4118-8639-2c35ffecbdd8} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 2984 21b18b0ea58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2452 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.3.1450433433\354627728" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3032 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {803ac4ec-9f59-4807-aceb-1aa01a2e68b0} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 3108 21b15bb1258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1840,i,18440160698175854822,13450583141534676016,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3676 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3692 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1840,i,18440160698175854822,13450583141534676016,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1856,i,1675148150005431966,3319434500235819462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1856,i,1675148150005431966,3319434500235819462,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2444 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4808 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4748 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.4.702191442\319135563" -childID 3 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27dff2f8-d81a-4042-8536-55002423c304} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 4336 21b1ad5ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.6.724100277\1257907629" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 21986 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02e5b73f-94bb-44c0-8bb2-9980fc48c676} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 4988 21b170be158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.7.600923935\1610756095" -childID 6 -isForBrowser -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 21986 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c2b2da9-1b04-41df-978d-f6f81e57d22d} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 4776 21b1805b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.5.2100947110\1582689148" -childID 4 -isForBrowser -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 21986 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3d5085-e04a-4711-bb5d-90480b59bced} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 4776 21b16de8558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3188 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=2504,i,15762543696568051144,5753124135959707565,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51031 tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
N/A 127.0.0.1:51044 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
GB 92.123.128.133:443 www.bing.com tcp
GB 92.123.128.133:443 www.bing.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp

Files

memory/3252-0-0x00000248B6F20000-0x00000248B6F30000-memory.dmp

memory/3252-16-0x00000248B7800000-0x00000248B7810000-memory.dmp

memory/3252-35-0x00000248B6030000-0x00000248B6032000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SF1FX2HI.cookie

MD5 e2d0d6211cdeb544c0898960693dc1e6
SHA1 cbddab6ca8a91aceb4e3edc39fdfeec19045dfaf
SHA256 191c281e1ce6637ee75855c70f7ad733af43d6702c85138131df637b135c38b6
SHA512 af13d3d2f5da0d6ba1bf214a71aed77bd4ab4d288644a939fa5cbb4d1c1e2d56420547818f9210104b42faad046ae99bcbb38fcb128ac54d56a85a257c15e602

memory/2100-93-0x0000021F7D120000-0x0000021F7D140000-memory.dmp

memory/2100-104-0x0000021F7CDA0000-0x0000021F7CDC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MHCBJT09.cookie

MD5 ff93c6dcd15ce79cec88bcb85437de89
SHA1 ebb30a35135c86072eb6be6ff9a97916f0977343
SHA256 816ccc3badd44dfd102f560d38de34b40989c554882840b13a675a9c95e3404a
SHA512 6553faae2183b0118ff08d6c7d7452d4db1e6ebf661c84e8100ed92eccf9726d596767c766b50da315687477d6e29a8c26f1c6d956eecc469603f9795a23eb25

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BU0EC5S9.cookie

MD5 149c5f7305e76b613f81b1869e3825c5
SHA1 b5a9db8e6223e9b0132d4c332378b7c19c12f6bf
SHA256 438706160fa1daefe87599bbb269291e53cee638554c5b3a6bca523e2ea6834c
SHA512 dbc3f83a4d8e0055ef732364f70d15ff051a2a55b6722a0a9407e4b16dab6f0501c83b2488216f5ae780ed64bd2479f0c2d40aace4df1bfd1e2bbcfd559a11c3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8fdb47cb2da10fcba14cb9744878407a
SHA1 45182c29b89d41529ca9fca22e3ed9046ff688ab
SHA256 a53ee1852a025262184dd9c680366036caaf693eba084224ef68c91b21945847
SHA512 f76e22c3d6b86003fd15feaed9d2368bb2707c916bd59e74a46e434f0c010c9ff2ccc8a7781fd86249d1ad917f32d125c68a71f3849d3216bd1b351ae108ba07

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d52ea81cd17bc8290088f0a314c2c88d
SHA1 c7b3784e40a1582777d6d468014659f274b9377d
SHA256 adf8e6eebff7c5ea4e5f10e53e920191370660b45f0e4bbc534213fbfbd62242
SHA512 961a1780d90add92ade9d535a19fd2fddc364d9b3be57643316762d07c0f70cd9c2c192ca91f9689672843e92f83f02c51942970f7375a3717e271cb6b37cdd6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

memory/4724-219-0x00000292CA310000-0x00000292CA312000-memory.dmp

memory/4724-225-0x00000292CA330000-0x00000292CA332000-memory.dmp

memory/1296-228-0x0000022F20EA0000-0x0000022F20EC0000-memory.dmp

memory/1296-230-0x0000022F21320000-0x0000022F21420000-memory.dmp

memory/3568-235-0x00000237F7500000-0x00000237F7600000-memory.dmp

memory/4724-229-0x00000292CA3F0000-0x00000292CA3F2000-memory.dmp

memory/4724-258-0x00000292CAA80000-0x00000292CAAA0000-memory.dmp

memory/1296-300-0x0000023021FE0000-0x0000023021FE2000-memory.dmp

memory/4724-320-0x00000292CC5E0000-0x00000292CC6E0000-memory.dmp

memory/4724-327-0x00000292CB600000-0x00000292CB700000-memory.dmp

memory/4724-324-0x00000292CCB80000-0x00000292CCB82000-memory.dmp

memory/1296-328-0x0000023022120000-0x0000023022122000-memory.dmp

memory/3568-314-0x00000237F7500000-0x00000237F7600000-memory.dmp

memory/4724-334-0x00000292CB460000-0x00000292CB462000-memory.dmp

memory/4724-342-0x00000292CB480000-0x00000292CB482000-memory.dmp

memory/3568-354-0x00000237F7500000-0x00000237F7600000-memory.dmp

memory/4724-360-0x00000292CEA00000-0x00000292CEA20000-memory.dmp

memory/4724-367-0x00000292CEEA0000-0x00000292CEEC0000-memory.dmp

memory/4724-369-0x00000292CEEC0000-0x00000292CEEC2000-memory.dmp

memory/4724-376-0x00000292CEF30000-0x00000292CEF50000-memory.dmp

memory/1296-380-0x0000023022290000-0x0000023022292000-memory.dmp

memory/1296-370-0x0000022F20F60000-0x0000022F20F62000-memory.dmp

memory/4724-353-0x00000292CB4F0000-0x00000292CB4F2000-memory.dmp

memory/1296-390-0x00000230222A0000-0x00000230222A2000-memory.dmp

memory/3568-391-0x00000237F7500000-0x00000237F7600000-memory.dmp

memory/4724-440-0x00000292CD600000-0x00000292CD700000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PCIU06UF\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3568-412-0x00000237F6DC0000-0x00000237F6DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QGGXLUL3.cookie

MD5 52175a56909226a4a8983407c842efeb
SHA1 c3cba7ed7656dd3914fee7f5cadb1bbc83f1a365
SHA256 a902081b6eea648b75d7b990e4e842613722989fb7dc102a15d6e162c90edc58
SHA512 318674f09c5146adf36bf586e8dee7df7c7eea01a7a6ac65039c02c122c6a728c06a463ad653a8a7e9cc00e1c717652736fc169d4067ff588518b891c295c080

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 789be3804f80e40c4cc21a64c77ef8b1
SHA1 cdbaeae8eecf2b234e1feab28e1ab1dd00a87b5e
SHA256 904a918c71e7008f4fe808ea0d9a24cd00d23e5bc221bff7be86a79a5832c432
SHA512 df8164d611b082c90f317fb9e2e4f52efc15daeddcabb174ffe6daa7b035df30d4bd5e48111abb9588f2b9fab08a13a862ec814b5c0d34844110b55bf67def31

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 942a6537e454513dddfa6d0544304486
SHA1 e488f3ffc8893c8a4de55be8aa070bc3d75b2aab
SHA256 e6907eaf83545d17a9ac4b9b16a153745aa0f72100d9dfb6e76d77e54fd8f70e
SHA512 4208c89899cf05453d9594c9b365b2198c1dc7ed8f6ff6d7f2ecb4196f429b0c7f1a106d2b3b10308d0df0541db5e2467e6712018462ae116faaa9176d916df7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PPAJZ6AZ.cookie

MD5 c8da98e92bf576c60317174498f167fa
SHA1 c30a933d07c3ef571dfea6ef46e510eb45089794
SHA256 04c7702aaa1a99da8e6e7a60083a4b7a3a8bf7d8e613c90887352bae9e569eb2
SHA512 879a0e76d8388f1edac663837accb660fe601bc6b18d23129819592783cdbcb34b9e0a904422d21cbd6e6e206f837731b49feedf5ffc727df32466e76691d0f3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8UR1N0IB\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8UR1N0IB\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\pwxrg55\imagestore.dat

MD5 8c5238ed0f398059ae3f321906508047
SHA1 ce325907404e2014183307ac2805c77e6648ab47
SHA256 5b2cdd7951133a196f36dd8b6ddd30ace58549ef07e74b9eeb19d9e003456749
SHA512 956b90b2a015538630950b92bf0e535c6a676867cd29ecff1a7f63c297fd3955d6b6883dc5bc6b092514cc20d72a2058ab8285a65be9a1a8544faf65e30b4fcb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ade8f66c452692e15fc55ff43a89ef17
SHA1 976fa6f9991077c6e15b899f71a46de139b40708
SHA256 4e6755ab5ef87fa9c1f533f72d5a3b1aa76b1022c216dd171cb10bedaaac6744
SHA512 6a2a25b910bdaa99324e8b1d23858ac94c6324face369720a059c44636f3fd4741be7ef6a7e8e0d6ad78429109497f8fcd270605243376e949297fc690e80589

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4CXU3079\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FJB1MRL1.cookie

MD5 ec7602cb4a4364f59723e99e1671a5b8
SHA1 48aecb6706b9a9c85c978eaeb6684114c7b00d68
SHA256 f728a2ec28d92f94b5c8eb578df63d8151dcdd2c8a34eb41a2175740cea74397
SHA512 bf7e11df0257c38cbce7ebcf51e8208194ba5b72fdec334376d25d15b78cc810b3aedc12df682b93d8afba43381973725d0c9fb539ddc2e90e207069e2426007

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8TN9XRIO\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PAPDMHJS\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BC5NG40T\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8TN9XRIO\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BC5NG40T\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PAPDMHJS\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8TN9XRIO\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8TN9XRIO\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 4c3708c943cee705064dd7ebe0e61c57
SHA1 9488cf0c55d45dfd4e65b752cb13d848817bd09b
SHA256 67dc43b3993c03d29803b3250b1f9a0d576c22a39ae85cb7ce05fdda8d263838
SHA512 76bba0f6e135e069e4cc92800c8a4f8ed787a43f22b36a80b855c80035f06e18ae9dd5b1b4aaa6ddc11995e260196a9474c15765981b62f281945a3585697cb8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BC5NG40T\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\URD7C8ED\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\URD7C8ED\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 249dc99935af173f663a2733cce91b2b
SHA1 85429b868f1984f4a70664fb5f6035f8bdcc3988
SHA256 332a299448459f2c4a4a8c53f970f934f837424083c2e2235d9ac8988be952d9
SHA512 650ba160cd71291ca325e8f769bab4fbc6a0da28187dd342c9f43e8ec850b64baae6ad4cb378f060e27fbc06bb00494fa03c4c06e2055b5b91ad7aab6de9f9f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\URD7C8ED\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PAPDMHJS\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PAPDMHJS\desktop_polymer[1].js

MD5 d2652f485ab2f8253d9d2bf53775312d
SHA1 d100beef533dd5bc20a599f60f7186895895e349
SHA256 3cb5fe9439332e90da8bcc0acab4a5c25035cebd0936eda9a6b689701f11faf4
SHA512 68cbd704add8eb31e83a5940e6f5b93935d9ad63d7163cf6a44c02684cf989ca6dd1c38a240dfd4b5641e7a1f5de16fbfcdd50834e34228fc6c424ddce3562f6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\06NIKNI8.cookie

MD5 e4adc1d96c3f1dafc7cb61f10a142392
SHA1 1789bd4102230fa98a58b4a297e634d8955f8e12
SHA256 c40109420e7a87988be16a4a157dfddcdb78a7b87842d9b06b8f9b2debba56bb
SHA512 550605905eb11bcce8ae443995dfa0c4eff764bfef2aa04d3b72f853c7924bd40e446441e123666d2892c2db7fa6f60087ef1b024ffcf9dff895823c83eea316

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5564_UUCZDULZBPILZRVC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28e1cec9010aedce11182be6bf151968
SHA1 48b9ff5efc36d5e7c055d28fdab554f4f676e7ab
SHA256 57f592be689d4e00a4941433dc63044d52c72b300c5f5257cb5e4a012aa3b9c0
SHA512 4533d0affaf30b1d35175d76c5d3ae813a83a77286d20dd0c7fc07399d18fa957ff953c8861454876b9f332025a645bf1a9cc6bc38de9d1ab25680be64627cf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7eb58397c6bb322c74a7889c541dfdb8
SHA1 182d2ec059fd7225ff1f46f6f0acb8bb5cfa3cfa
SHA256 a780e251ca6b6d6494802c6a9664e9313ddb308231f8b7087cb5144309820cf8
SHA512 105d9bd9926cb37f0737b23032f8ef53429746a1051a0439156b857d6ad28480f73abaa26364b5b2e9e85cf979d20cc9e84857485d6429acea81530a07ccce7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f5734a6effac85f04017486c4226e805
SHA1 d99eb78ac1812ce2dbe5b9b851440d208b512e99
SHA256 3b394ff6d4157aaa733496413eb400ec668d173aece2f6f5a36993feb73b86a7
SHA512 bc9da961de9b15626fe5ffb63ebdbdb6def33292e82062f823026172e64b53112a1056ca9658e358c70268311282608d803cebaf6e57bfe48b72863147864e6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 eae673905be06899c1cd4bad71cb8d63
SHA1 ca3d5155f51de899bdabe2436a81563938b685a4
SHA256 d9514c003f4fb90c3ff02c2ea5a2cac1ec7126208cbedeac654f47e7af697e23
SHA512 721610fa1c0f2a016dceed07a1dd8a503332723ea1b83063790efc16db4a93a0578a99f3e2bf2a3d16c66247ad2d7d2c6fa8b32acef3b1264e371d4b3016584d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 e71aa43c188ce0e06feb987435102518
SHA1 3b0890425df9c98e558bf4958996d95700d697e2
SHA256 04b984cd04e03dd9d489c255a98a46c68ee0715bcbcfbbcdd7192544ede37e50
SHA512 ca3800da80f1c8c8c2d07d7f7c8f7c8f04f58c76d51021013a9bb24390512f207111245e19ff8155b28c5c422707d6bc39e1e9ffcc60c59c3926fcbbeb91ff90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6400a741198f14278aada7fdc32c087d
SHA1 4d54085c974340e85c294f56e9bffd83a2b13574
SHA256 d994cbb382ccb1e55d13514f33443dd355af0170b63d17f4b505fe48cfa30e42
SHA512 1a181e980066a5d2035f93563841a5227e6d9fb9c67b8890c831a775ef9648b7aa2b6fecd28b44c688be46528e53a73f630cfcf15f5caf19fccbfa82b5859b56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 9cad275d2ddda03773a680a1eaca7983
SHA1 8e12005421ac9f403fc3b2e7d8bf2227ba63c410
SHA256 35d6f82f477df35927353b3e96dc81e73c5b269196d724c80772b971558d45d0
SHA512 faf2c570b645ec8cfe9605ee6b93ecf7c45c4faf4e72624d02d0d576d23415ab30c4704aa78bf4f7cbfb4d7742f3e41b763ebc61a7a99f30de5e5df196ff1bc9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 0e2b663e1bd880842c3c2b21a3eb8b16
SHA1 82db7115281ccf5a51cd7b214c11b0fd76c63df9
SHA256 b2908e92a04c2ce197f986c1611e89f0725852a68f28a7abff53b8048ffb80c4
SHA512 b7bf656b10746118dba539e6341da662f27896a82a2c7db1f097d97ed8675d3904413c6595d07f4ea192ee38e8f8f3bcb3dd1154cb435bb5f5d38e45ed99beb1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 7dd243c01d0493e8d0700bdc73d5f122
SHA1 51501acd2eea0fd2cccae0c9d49340003b372706
SHA256 f7923d836fc584b6a2ac5d56fac40f3a0e34115ace779dd812b8c572cd42eca6
SHA512 816e5ec3db2821fb56ce9e7dcd4941e6fe57186472d99faa69b61259ea68d95175b83dcf9e20fa5f24b9dd659c288e80e091b1b6cbb16ae1dbfc90c2dfb456e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ccf2332ed2c8c2c31f5621a61164cfd4
SHA1 f423d1cdb9ed661a5904d2b6b3c2e89cb8349420
SHA256 17d9e9bf56d2ad9177b507f166cc9214a547d97d1600a698ea9a73bd576b41e8
SHA512 ba8cd7c645405c650f8ad5bf68fe26f1e98aba416c0e0834478c230b9accc7323e18145626f2b7daad13751383d4ad1a04461483f0050b2cb91b4ecd2243ff7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 a36fca0f611903c6ee5b4394421b6387
SHA1 e1bc8e2bd6bf56f42d099a70205e49bfee6927cd
SHA256 93cdbceab92c7a3beb887372e6d4feb18b6c45f543eeb3277823cc17da290e6c
SHA512 e6dd20ed8cc371270e852f18b4683615ad855f989d36deba8d4cb2367e9877b7cf1b130f5ee43ae52aa69186d03c0d9f2fbd95af5b7231b659b57b7c141b38ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 363fa6662307e90d284fc1891460adf7
SHA1 8e136fcbed16e0130d03e5add7f69b174e7922b1
SHA256 96881f6c19ef8b1e5f25e3258d9831cfde55e4655c0f2330197e1bab45d91ece
SHA512 1f8ad5bbb04d72433e08b28889867048908f7ec3c94df94040afc53d61813f9f50fc890c09bb8eba8d91b7e7c914e10085e2f4fa8af819496ef070b56c04e811

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bd63ab26ece0ecd146496c5f93c91ec
SHA1 5d8ba7fd88e0dc18d893ebdbac7c2ff82082989c
SHA256 3712a87e3c07e2b020b7b90bdb5f44cab651f8d94ec4e114be1924244f9c0366
SHA512 eb9de4f7a3fdd24fece387d915fff18b2c2dfb7ae67766eacaa88bc47f4c11d0913bfa85eb0fe2aaee0ccb8a59806287f435aa15e2f62f4d77e1e07135bb5d2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 17f5e0dd6832a46d43727235ae08ab3a
SHA1 5f5224591fefb395f3039b6233226806f49276a1
SHA256 ed7395ce585e562dfa344e85f26c4719188bf17d63ed9369844507ab3d71fe5b
SHA512 7f95b9b1a03fd8c81fc83ee8de384a7e9d9137b6acc5f39b6bb06d3c1d33672e7eea03d56d38f9ed0d7f573168835487a7d9bafd53a39b9ef66e0c9e6ab455d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5812c8.TMP

MD5 d0df0823ea7d1d6e8e8ed98c4af32129
SHA1 20f9ba24658576f714227d8cb1360c098f9704d0
SHA256 3307094195b491754783a15581760ad511d5ff0d0922866d4d01c38fa6c58e3e
SHA512 749ff351bdc7649c9502f6821804cb9a387991201ed4390f4528c08762f160d57936d152d8f1e52504880f6e511e0f55718090dd31ccdeab6bd3f29f232ca57c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a7fb0f3dd6eb47fbfa9a41a7536c041d
SHA1 417c9ff4ff5be5b184a3a18aff4fb1d2b7bea0f3
SHA256 d84355a13e28cda81e00a0ce1db4fbfa38c8e11363792caebd7cc10ff4e3eead
SHA512 209a16d3ae038fbb76436deab795cc47bf79d7c09673fd5fb284998f10f577d8e117dbc873a55b894f4631685a7c60829f43057955a6b585157a3c9594639a64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cb07e7222b4d940c4dc4f17a961414e8
SHA1 57c564ebf28c5a62014aeabcda4f381a4851632e
SHA256 a7323c3ac5f20b28ce22805d94d72e8882017f44044948a1f5b2a8ce9bb318fd
SHA512 521f0bc53cbb102e4ea072e3ed255b2508fa62ba88553111509adbf9157edad3dc66e24423d558e2da168abfbf1f66a53e94aa9b386cad8303c9a8b20a684b1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55913b64c69a9b75171c44682c437733
SHA1 cba06c4d415ba90bde083b22d142f11816b701ba
SHA256 fff16f0501bce6967f591c84ad4e7ae919c312638a40a437ee4cfd19ba08ba22
SHA512 2e667a785e66f876f2d4ff46571ffc7d0d3395388cb2c92ef581e5cda9f08e8f10766c4205580009b2792d82a598f303c18af5b124b1df35e14f7c545c868855

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c6cc0b56ba6e451e211684ae461a89c4
SHA1 84f55f3bd9eeee40b500329370bb6c6f2c9b862a
SHA256 2a005e0eb195b124468b3306d6906d1bb8a4bfff79b81a6a30f7850a74eb448b
SHA512 38512b3c4e52dac39a3a8231072569c2b168d4f360cee73310929f5a122a325b2c0203821d7790b487d1b23f028aed4bad709528d628efdf20395e637759e160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586145.TMP

MD5 25d37d50b27c4e565456654122ae81d6
SHA1 82578409a0b845e9e09ab60d07a526142b676850
SHA256 ca2b87c93c035825a0d519162d58624b1fc0570f50892eb29974be6bb5b19cd6
SHA512 a4bcba042a4048d0b5161cd155833e62b67515b2515d36943ab012350c6cddf869802f1f2e58b77d092f729419d80f02c96787fbf99e9d9cafb7642a548d13bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 927d9588a7736c525af7586a60f0a4ae
SHA1 893b7287fa9960d9e3ded82184608a5f36ee2b9c
SHA256 1092b58da623337b9c87c9adc4d76e8974829673d6e1d64c8e11a51e53a7af09
SHA512 14534495264bce78c72eb935345da7b3d0e9d047401cefd5a02bd4ca588c3c0f8cba630b38393136ff60d3a68c2cb900d8051adddafefc8bdfb64a277c360fe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a94d783e38ecc17d19e251effa10e2c
SHA1 d1e9145b69d4744d21080fc9497d9c0ebac08ed5
SHA256 95f8c2092c1b451f1b6c3f90ea50608428a37d97385f4ae265868ed8cb215d08
SHA512 b4d3e62bc80c26b6008c45415d2287331a925d5f3a3599154eedbc4086124eae8d21f328d08a965cf8df0548aa2f67257d5246fa607926ebfcf9eabffdbefe50

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WM2E80CM\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27913ffa99172949ead0b686a302f8fd
SHA1 89fd7384ec0f08cbdbc63abb270a78015ac1386d
SHA256 a36a8c262d2f05c230293c375a7801d6377ee3c2a87c2935fd0a522379ce286a
SHA512 1bace45d9363d85b7ae255c63cd68642a1525121a30b5b54588bd5106f171032ee3c9b07302ead1912d0545a6dce5cf59a5071cade94674ccb54204dc884a10b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 318782af3f3a3677b29e4f3f51b3dc2f
SHA1 5a55356ceb22f78b997c213db1285c1083a18bb7
SHA256 102893b1080d9e36c0737c45c6d1417094b770ab40a3999a76f420667ebc3315
SHA512 adc81ba818b7a80858e6300179fc96ea5f2161fd748151acf9a1302f22140f9c06f9bc0aac905080e82760bace82ec1e9f9a545e928527f98d4be49b9e852434

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4bfc59fa18d6a79656504cedcc8bcf14
SHA1 9e56f8339862a3f081a6f23591793bda0b5847b7
SHA256 56acffaf9e9e71022c65444cc6403deb3abe5d9ad00dd496315a518e79c88a16
SHA512 5ab49ca68d300a5e9b5166a5c08e774643abcf80addc0321e31c5d3b721ab0ec57522098d286192d2a1bed0fa5c95a7b1f73522f0018583fa0cbaa15fe07ef2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51587844a5675eed893bfae50091877c
SHA1 5cd135fa5037453ddc6aeea75e363833f90b8246
SHA256 64aefad8e0ad20762c3a4263b298df48432dcf3d32997fa09355d51fd8e1dae4
SHA512 897aa5117ddbe7231b52a3d0e1e71ad5d4b4be4bf39b936161bf608f854c5db0ad8d8f2753c5b4a8a82312f49bd8620adddcd60407e88fd11abd1178f4826dca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8e7b8ded9bd0b1927e67dc0c1ee5865f
SHA1 31c6cde68c815841778ae86ae952600694c04334
SHA256 6766a1c9e8ae4117af13363de405561a72e7de06e53cbcfcbc39384374dfc4b7
SHA512 5fcff15d352fcd89b5def1541a4d01437e6a3a2ce2ccafd9d386d361d9245f7c297c66a69e74085271aedac55debe40931b33566455b92acf0655852aee56945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f133a4dc8380a4d00d29711d3cdfc287
SHA1 90993b3ffb329783f5b4c1a119fa7a2b5f14fb1d
SHA256 14db0b70838cf5038f3189c295e5c868fbd63c7587cafc984246db17aabbfed9
SHA512 4a6273d176dd7d96cea14bcab6bd4a9844bd1e507ebf342536fd354d4bcbf350ecc2c70d100b52ec4a23e8eec98e19e25aa60b00355555a409603479e63a2c95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cbfad854aa8105570bc43f310c18601e
SHA1 f3450fc4f49af3046fbb5ca804fb67fc70af72ff
SHA256 1f22a9338c032aea5aab592f304ba287bf4ebce4c45dd863c542cf6e87312608
SHA512 8d54b92c57ec75de0a2a48f636ae6463a91de4a6555da663b1e7beffac303e2f2141fa4a9fe017cee369c6f218b1c5eddd7f3e92e6f50ee2d889842d7475bbbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fc32c2abf4d78928e76d8797979f6195
SHA1 df1f120805835de6d403fb2109775e12792db70e
SHA256 6a4e15f67a2c6d09fbe061ee201d028977c57aad9a2612f8a5af5c6e68dc1420
SHA512 d65df69a15ec1fef6795ce17a29a571324c3cc651b10505228e87fb983626fdf3470124a32e6f7d4d9a551244cd9438f51aee187528ead4993b5b8529975594a