Malware Analysis Report

2024-11-16 15:54

Sample ID 240208-3zhl6sch8z
Target 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
SHA256 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965

Threat Level: Known bad

The file 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 23:56

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 23:56

Reported

2024-02-09 00:02

Platform

win7-20231215-en

Max time kernel

100s

Max time network

290s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80708496ea5ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C04A1A51-C6DD-11EE-84BB-DECE4B73D784} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000c7e6067b938e8266b8a3abbf08a84929b12c6edd8844a41cbd1bbe11ea37dd8e000000000e80000000020000200000001ad2c10d7f3e4a0e41c17d90b55aab733783c06b8c12880413b08a24a6622f1d900000002763fa6db55268a10349c56d9cd9410092eee8b1cdb40d81a85ea0b29fefa6fb841dc80b017bdc6dd5912e3b1c1877f46f1ff2abda56c7570a31944c2b75fe41d155e9b63a0b5a989f682d869ce101f73d8aef6e07c3449372920bbfd6211c0cffd6a2e36bcc1479c8ee24f7882923cdf854e659f12d6009fdf57537b7b60234f2dd462fb5264bd3a5f723866cab633740000000b27fb6e1bbbccba6b841530915767831691d8d6b81bf4d017b222ec0514524e6455c0b921cf581a8e250b024fa06f408e1559029b7259e8a5994e2f355b223c0 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2536 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2480 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2480 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2480 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2480 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2684 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2684 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2684 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2684 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2964 wrote to memory of 1756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2964 wrote to memory of 1756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2964 wrote to memory of 1756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2964 wrote to memory of 1756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2536 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 1400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 1400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 1400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 684 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 684 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 684 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.0.865923258\755310232" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1056 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a280326-df14-4a33-b8ea-61b29cfca6a0} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1300 101d7e58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.1.24840200\940901937" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2214c267-b355-4b01-8217-53dcae19d508} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1520 f3ed958 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1292,i,4638704308453658299,4942516819202718124,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1228,i,12154130985419117985,14394447730456456450,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1228,i,12154130985419117985,14394447730456456450,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1292,i,4638704308453658299,4942516819202718124,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2796 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2820 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.2.1640797600\314114367" -childID 1 -isForBrowser -prefsHandle 1080 -prefMapHandle 1036 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d3e4bf0-831a-4271-a522-bc15032250da} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2260 19b89c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3160 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3140 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1452 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.3.147402164\808321424" -childID 2 -isForBrowser -prefsHandle 2740 -prefMapHandle 2736 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abf06de5-c12c-46b9-9dcc-81a211a48659} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2752 d69b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.5.1112829619\638139844" -childID 4 -isForBrowser -prefsHandle 3368 -prefMapHandle 3572 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f901c1a8-4e2b-455f-94b9-9a2221eee60a} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3664 1d5c7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.4.1725666783\1805446311" -childID 3 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54f0bf27-e554-4eb8-9966-72ef03e78e21} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3504 1d5c4b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.6.1226311272\1806873191" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe8faa8-2864-494c-896f-41515fa95499} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3808 1e418f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.7.733079070\452414919" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4128 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2459a68-aa64-41e8-a183-7d261ffe8d06} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4144 1f959f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.8.1720873589\2009202417" -childID 7 -isForBrowser -prefsHandle 4232 -prefMapHandle 4236 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9462a4d-0002-4e50-9f91-e847bc80b926} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4336 21733458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.9.1828749400\1580431022" -childID 8 -isForBrowser -prefsHandle 4444 -prefMapHandle 4448 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5fa555-0f05-46ef-9d32-a3a5a0fd20af} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4432 21735e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2548 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.10.283171981\494243832" -parentBuildID 20221007134813 -prefsHandle 4280 -prefMapHandle 4284 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c9a874-19b5-4830-9ba6-89126ccde58c} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4288 136d6458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.11.1078438743\1186498466" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f71d79-cf25-4d7b-811a-2c4666ea71aa} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4820 1f8eab58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.12.837916297\1155065343" -childID 9 -isForBrowser -prefsHandle 2488 -prefMapHandle 2484 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 624 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ecbb842-02ee-4a84-aa0c-0d3c13e1c606} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2164 10057a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1296,i,6057238765019840967,14027695401636539886,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.214.35:443 www.facebook.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
N/A 127.0.0.1:50201 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50247 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.16.228:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 172.217.12.99:443 beacons2.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 172.217.12.99:443 beacons2.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp

Files

memory/2536-0-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C04A4161-C6DD-11EE-84BB-DECE4B73D784}.dat

MD5 5a91e76f01d2624a3b4dc3908f9e1c04
SHA1 6e9c02e815c9066e36cbf983a8e8c9b89371f4fb
SHA256 89ae47b69c8b93e6b002a1b49f0204addb4c9aee331eb79efac0e61c15cc7167
SHA512 dd7300d88b285fc682b8c9e6effcab7032783e2c844f33c7eb9b0f02884b17ee72303c5370606058250147a5c00c5878896667029084455ff8b0b981b6867548

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C04EDD11-C6DD-11EE-84BB-DECE4B73D784}.dat

MD5 0051d214590d5bdef59f0945ca2a739e
SHA1 062ab1dbb7d7d81cf7d10e2eb959ee52cbf6c3b2
SHA256 58cd3e7fa2311569ed06be1a71d15edc23f4e90aeb09f3a3584f846543f01d79
SHA512 a828d6e00d0d0388913dc888564735cd439c90637bb03479277a139536829469e912f69ff8c057c4ac205b91de6ae192317ccc6e80f0b7692e7c2edbb98c22c9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C047B8F1-C6DD-11EE-84BB-DECE4B73D784}.dat

MD5 9ef57751d5610aed28924ebfdd02a0eb
SHA1 6813f474e828666ea3fd0871a48a339335fef142
SHA256 55287115dae57addf4358d445afa7d2aaa4427f37a0cc0829d694c220758acc4
SHA512 be3245a1bbb63f30e0102810d05d04fd01a9c1c79fb42fa88f31a4a2779ae9b1edce9488e862ac55a7392a94aa52365cf12ae81af4e6f5d4903cf1f5b0bbe998

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C04EDD11-C6DD-11EE-84BB-DECE4B73D784}.dat

MD5 01ca8dde2a5779f5c7320c864aa434d3
SHA1 b3bc212d96b94518ee15c31a291c0c2a2d76f90f
SHA256 23bbf85e039454962abaa039e76b5c24a03739cf75c0848de478161dc8bb38a7
SHA512 c87068c30174da4396d7054b3c8872ad6dd7cb295b89f054c397076267dc8fbef91ec0c9f459c567e1ccb31c6819b5665443e995be32f264c451f0c53d4a26ac

C:\Users\Admin\AppData\Local\Temp\Tar62DB.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab62C8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b788c6f4726f02e1ea7af8d747419c5
SHA1 856b265124d34ac2376f1c4b8c99184606f35df8
SHA256 e8a2a257fda693e628123d08bdb27303d44a5030a442da40abdd32737d803838
SHA512 23e7d3a880708bfa20c08c6806e82d9a35bc1f7ff5072609d4021861b82190b52b32098f2a48d4af2410d26f01da0418d36c3f2f9bfc662d2e01812cd9ab5e6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 72dc5d49ba61611dbca5b75dcc810293
SHA1 acb08bf1e306289f3db4bc2d01e210bafaebb6ee
SHA256 4f9ec262bad3883af897389525a840cdf479acf59fee9fca5fe9ac7c270ed3f2
SHA512 e58588f797626ecde32d9d09a78cd4714dd9f22cce68b4482566760bd21984f95f099158358a30dc14a888e9aca2c7174cb344e6a2aff9a6fd0bd31446d1c7f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 eb3caa7c0f002dd263609576ce24904c
SHA1 dc5e565d74fa30dfc06d05bad188b5a9e66f46c1
SHA256 5084b9418a607086ce21ccf240aa545c75b5963144c54a71b1a3cc39dfee581d
SHA512 1060ec80e1c6b064c8b17b3051d5c97c4a4cf0293a1c9d4ea562bd32370bfe15b618a581ca146b0e9f17be182d9f3a1521383ed07ab8940afbd59cf0c5ba56c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f114a067dd79bd07a5b21b6d2233a2d6
SHA1 fe2bb2ae5cd22de93ec94aa297596a5291bdf58e
SHA256 66b8e73e24317d370719a63a7b0c4e533078baa3c750b1cabafca83e5db35ff0
SHA512 d52d835d017194095a6fe3efeab43681042f889c5809017eddaf8534baf4879065dffd939ac1618dd44e21abd200cc1ccef0fa71b352d409080004b854bd3c35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db3181840757b557275b1547b31eb3b5
SHA1 40fec051f195487ffedd583a9cc13a9aaca5b5eb
SHA256 6d56c9a1cfafdb9df9381274eb0a91816398286e2b0346cbbe906a117ba600d3
SHA512 9e4e34a9cce8efb11ee7c38dca1616e60716c651c441beffd310d1671921ada7789708072b2028590c313dfb9493221a91afc15027f6658b9ebf234adda950f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee716d0d49a1f6116b4bd41ef28674f3
SHA1 ba1181992ad3f1094ab2fd9ae453cbdc2b22a2f2
SHA256 3d9b9745fc5b537d1a03d9a0033ad0e350aadef9b2fa8ad116d06bb59fd7d03d
SHA512 fa9c1b69e93a0d80f53522f471afb3b210e8d73e90cbd7b23c2f2f5ab2d92f387f781f18e6a011c7e8e50632834ef076672d04e697d74ab4ad523f075954e1ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09700f65c7f5d64335d3e115d022115a
SHA1 6ade6aff88f7985f1c29836d3e514325b436e109
SHA256 e25fa7a1c312b2d31b830ef8f887a9717891aab9141f1a260822a75319a2e428
SHA512 63ba85d3bfd1367054985f2032e1afd6fb7a49b1081385fc0344c3f5e3d097c5465eb0495badfd493e41425b586a2ce2de62a283b4d7afbeb10ea5c828795ab2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 0c7e56f33b473188f591ae8412012f35
SHA1 77d0b33656be9d893ede7df1e73cc2f021162fed
SHA256 a8987b1457e32df7a2ec0bf4ea9eddaa41f4096708fac3efc1d68943d67f6793
SHA512 e15b07c986799b93067941aafa9d5aed76fdd26c9df1f2cb4b28717712eda53203d9b3cc11c073611f3002eb2c51a500421f89207a9eec86626b72757b15f26d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 1694d8839701d9c2fd7e94073694d31b
SHA1 2b52cdb782469fe31d5a6ab7dfd41b73a3bbf7f5
SHA256 ccc13dc7a237b8bbcbe7bc2f348733f7741cb4778528150ebc5684a8d0014aa8
SHA512 ae12836b61f0732ff021485e966ee552eaa5f5da48a4ef186f0a10201d3eb94228a3f90c92aba440fa53501c93cac484c5244bf0cca22c20d343c5d6d63df027

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 7ee9f952ba2a7f45370d07b5cc859d38
SHA1 c12831b797d51317932379007df200c534d2fbe6
SHA256 fcc12245b6ba737f47af707b632adb782a059cd7c10381bb7d1f4ed467edd746
SHA512 a3e4e1982b5d84b1959493a9de31fd13f391ec4f06612a160a6f7ddeca374d6ec8d92f6b4c5892d66a65990061c8674bb1e50f418a537a150c2db75980c030a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 560149879900d11709907ff2bf30f900
SHA1 ba0fdabf560ea7357722d673771ce6eb49d7124a
SHA256 ec96a752ccfd5cf8bbb0d1aa566a1fef573ceb431cc3f75ab713a9532763cdb8
SHA512 aae84f17d2a30f492f120c511b6a337a986c401be2459f422c38eff270854769d19a534774f80f1cd47f0eb16c45489807961588314e47284bce7c5d48f0aac7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 4c6d560acbcd00d29edc098ef4530991
SHA1 0537d0ae80f18ba5e3e02a44fc96cb6fce988045
SHA256 fe251e7cbec5f39fac2c7020493971b2ddc287abb1556bb7805ff0c96ebd1130
SHA512 09bfe3f77bb12918b97021ba33d38e91ae0ace09eea8df39d1cc4e6ce5a39328d30a3c4fed0f1a15f89642c6a2911127385b26b0dff0eefd01065be2de4539e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NCUSZX45\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SX9LPKWW.txt

MD5 abde6cf31c1ea47d59fdb30b6f1f3458
SHA1 1f4e03757ff5c610eea3ed4622e133ebed775c78
SHA256 f937a73bd21936587c37e7c94594c654d5bc3debe841329d557cc38f65588274
SHA512 e0c57c856f395a2e95beb11cbddcd07e50399ea19439dad79956b8099c8fe60794974b8b901dda4e32e9b3c66032ed75726bafb805b74fc834337c539596422c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 93e97367f54f15a4f8ff5e08850d73c2
SHA1 f30954e2330c537e7a0286148952174b3a865566
SHA256 68a80c6738fadd51c8319ce4944000c8790b491c3d97630d4c78aa6a5d78368c
SHA512 62378c8deee6cb31b0085fb1ffb796340807efe1210267a4ae077af18df08d7183413ed3ee80e863b6f33ad323792949862212c8ad8a185a05c93273a462d197

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

MD5 9cddf598e6409bac7960771d8a9156ea
SHA1 32db1a6b83fec1e0f00461a5a8b54126e1599b1f
SHA256 d3b3aa38f8365a69b10d95f8ae00f1cb89bd40d89e745714f4499764ba804e12
SHA512 5ef6f528f76d4b283dd65be89bce6603bc70d71c7d19e558b1bea80a45b440722018d6c3261822d05abceac96b196ab58913063c93606f217965b481a374cd54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 443f4660b4a18bba495cebe8b6aeacd1
SHA1 55971fb662cda1ec370946c58c5d3cf31b0659ca
SHA256 ab65c2fc36c1b205eeedabfddc3bba83b4a27b5f7403c9d428d39e249d8c3d45
SHA512 59db1d2a9b94612f61d95ffed44928c75114b45600dcb2b5637e73be0dd3c8717e41cd8b606d25a4fc414054dcc3d467ef183bb0e740b7016535beb0f4bb84be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f61026cd260e65d13666ad4fc87ff4c
SHA1 8d786352897b879e41a8c37df44410873c50495e
SHA256 c5a128e28ff6487cdf4255459c50a35e3db9e646a5dac45cd60ebc55e3b4b5ca
SHA512 05650c5c66cf9dd99f76aade77aed5aa9600f1a23afd0cebb343e91456dafe5af5d09d9dc66b4e25237ddaf6b50317549fc1822f7b0b7f02611bcc0a12c07770

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c74de4e221b818073c88d66b8dd58176
SHA1 10f87ba7cb1dd88e08c3d22fe9c81e70dea059bc
SHA256 a04374a341aaac06491d4d6c24c1517a3825a5d0d009e7430e77dfe39575c4ef
SHA512 70fb0d1a770edccc96829c787d1a3748e5fb3190be36b187ee5820d574ef3d296821bfdbb84164b3569e1826cf72cb465001fef8ed40c9d1ef12dbfa26ffaac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 023a97dfeb4dc8d178c7ac539c93a706
SHA1 d37b9ea0396965af09fd26e4bd8d97f70d74b8a7
SHA256 545fa04d8bd9854eca420a6be3f413cf7082c8783bae04277fe27476a0fa0e65
SHA512 8504777b12dbfd258d2ef39d54c33636c6e1d2adb010054c45be764e0a478f51e8eb44ca2612c161c412b1e7c5e8e9bd44d074f7aee0d37ec8814e65ff07a4c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd8ce4a8823526e8138c3447f4e09fd4
SHA1 fbc302d5c4fa1b031ae3731b98d24e8e83ffe3e5
SHA256 a840174a753b2f4b6214bdb5d49052e781bb3a8126fbc2b06701301e3f3702f1
SHA512 b7299fb237d39059917d23ca4727f9e3dc8353ad2abd55de1e0f8240e8aa912519f234ab2b521e7ccafe5cc1a77e3448ec98485209887ce3c0b0167ef9102675

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0b82333ff69b5e3af6a64edb3f7c440
SHA1 223587cf997ebec50c17846bec56148a26d61d7c
SHA256 a50a9839d5507db0e8eec166c0115178b454098f92dd1d8d5168719f3b53d69e
SHA512 3ca99ae6599b0e3b1d8c49c268fbcf10018b9a7c9e8bff54a10a2669cf96320d915ff9cd620d52ae8eefe4cfe3e9ed632fde53376b37cbb7f12e8b453dcb97d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7aa424cbb2638bb6cef12cb86a01cc8
SHA1 6e4908618298d77f565b4844e463771dd65ac21d
SHA256 26d524dc2881156868940131ace048d4713a2d1487aa731827dde28d8be5d0ba
SHA512 36af068317c91619ff87c7ba6b63ef28dd27b5333f4bcbeb9556a94fc4c0042edc844d642edbba1fccd5c0af3d788a27a6797c7302d0a02338bbc6f0fcbd3184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 327d340a8ab832daa5b6db2ed695457b
SHA1 09029e90940881cb00773367d83f6f9261547a49
SHA256 b8349defb14d96e8eaaaaa447ca4621edcb9c9e966387f2c4486989e6eb196bb
SHA512 a7fc25c543e56a8ba17103d28a1b5a32e5bffea25f5ba3b994e522c60eaf172eaa100ae2d7c9a6fe30d570db6d1977429c29ff360809d2ab819a4cf72fc0579a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc39a2ce5227d1d39773bc63f1df4043
SHA1 d99e7a0e909f60c8b93d1b09fdd247b7033dc686
SHA256 78266751eb85941227530bc8a9641a487c14476a49ebda3d497525890e416e19
SHA512 6c46134e2388ec03b7a8ab305e22d458e38ab85e90ec4f30fb6e654815cf575d8f70a16d42c0f80817c0a942ba86e283c39609281ab18cdd1c9f88cac8f2e47a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c2c97f67a3a5f92d3a9c84a6f283629
SHA1 396d37cc0a90038a77cec9aadbee47703046ad14
SHA256 ed74310297d5d9f0741046b48b2b4203519893cdb980013f2c70465530c735c9
SHA512 d57fb4ca6940e57356385bd987be708e0d538758d69031818c59b4c0e2a43bdbee89d55fda9ee7378d6638e4c8275c0ceb39420ae17512e8be01a0b39ff266f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bcfaac884316bb18ad7ddbdd43dc6a1
SHA1 e75b52147c91b093bc009b5cd080b526648b53cd
SHA256 af1409f0811be4d3b4457b8aa636e945496a558cde8d4ae379f12f3157a6a2a9
SHA512 700c198d77559d2033ec1249c607eaec36963488421d39e1a913c146244ee3ab03d8a839f4cccd1bd9577ddcd1f6776005fc4750dad909723f3239df19396343

memory/2536-902-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 11b9ef326a4851ce75c5768187b8d574
SHA1 ebec9cc2871219a70441db5dbab6d6c1e73b70fe
SHA256 92e236809af52434ee84e9dd0494b4748b40d3b6729a76c9f5d456dee9e6c7bc
SHA512 0e8f39bcb557a7ab92db8e26c3d913f722ca84d2e7ba6bee706eb3aa21ae86a924e6abf529a62b6f7dd7104bcfdade25fe7b364d138fb2da60e71399eb79304c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_684_VBGCVVDDRZCPGIDZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d77f4ff1-b7b7-471d-ac4e-8575b6dbdc82.tmp

MD5 8ac575ef163ea398938b37ec152087c7
SHA1 81da2d1a3999807277b944ce715248cde75bd3d9
SHA256 d7bd360f98740917e9a44d3a762a22e86feb05319977ff9335f04e9cefc638df
SHA512 68c78457e0f6b4b4cc9ffcf950754102e07c26c13e85aeda774239a2f80b9ecbb336297e2059fc18d685b2750e520d25e171acceb2daf1782f75f4cf7fb19d2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e9eb6407-b5a0-4e7f-b6df-1fdb4fe985ef.tmp

MD5 a870bed709050b55ae69ad87a5fd5f39
SHA1 edcfed7b31f0c95d1c4c12da25f6a2e61fa2ed36
SHA256 15857726dfbbf8bfaae9cd918fd859330719be8c55f7bf0e6fb36b82e3ccd004
SHA512 04c5807bdde347339c3b0db307e671156c7797fc0e4de85b90f90d2b4b82683891970b01536b5230982f65d0c63e4a4ca95c7584698f7909a24913f313f15f0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 3e7b3d2054427ef2a966ac6af9b6e611
SHA1 5145ebc9c820e65603401e6bc928f3152cb33da6
SHA256 c8abb1773a3587509a3fbb123e786385a4b6ea7851968758570bf8e2da61928c
SHA512 3a5a5769628483b49d2195f57ae65b7ce0ece1a51805efab237f553f449778a60e23a2dcfd411a74680ccfe35e3816009e47794e2d8aba8d593bdb77eadc6729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 4fe528b43e2d27f36bc50ded690f5b2e
SHA1 59155bb5c6c577fb2f27b13a95cb20b9ffcaab99
SHA256 7e53950ab4514aa82fcb32737106f0d865a12ac1dc39fd5fcd721df9652d76cc
SHA512 ab5ad6db3f1c91ee584cfb65aada4528076702baa79a6d88290240d5e46849fc847097be869d26ea71e5a5ae452eb757c0dd9ad74f44388557b050e9ba165a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 401b26033d643e6a82d094df6b449c0a
SHA1 ccd9defb2ba41a5d88bd6271089480758c84d3f9
SHA256 93766c5aeec337f8a8c910974a7c6a3ad39bb7bdee7eb6c40d840968037cd9bc
SHA512 39857c58109e7846f0798b1dfeeedd229805226aaf736b3ce1ff4c85e6f51e96871de5dd30a0a0ef4487a48975e10ea1420e8fa19eff61a1e32abf65f3046ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 597a9ccdd19cc59d5bd207c69bc32837
SHA1 ff52bd5a09cf0734d917c9ae959cd3bbba876db2
SHA256 024f7511225f0f94c3f4eb54dd5518befdfacf2ad1be7d8ccb791b6153dd2e0b
SHA512 7177e98a0e5e6320770db2a9c7a621f4079dd8dcd1fe7e9914a8ad8189420560ba9be68faa40cc68046f2930fae6e782051b0b0c277aee4383bd23bb8fc33870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1eeb46d7378b08473f6c5c1a9701fa2f
SHA1 f61424645c5324df9e352c9f39655fb81ece4ed7
SHA256 8167bdbfe66ef9da5c44191efdf78ac9217e8811c970253d6d0197fcd91626e2
SHA512 24ea1170bc926248c871fd4bd6ce81b9f9419e7d111ed21135a91a22cf70dc814df32e0cc45497ac1d55ac9d217e5dd86c9cb2fff75abcf3af5aee63511fc592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 aaa210cdb3c76bd9d8a324f22fe55d7d
SHA1 3c1827bb42719c0e7d98ae32cf1ca0c48cb6f8c4
SHA256 cf3d15b868001eec073720c83ae20cb12fa71177a10fe3493a07b7bdfb19e1d3
SHA512 c93eb43e97c7c069c52915bfeb46888962919c4fd78e6d859ec7a6d912a9107876626d2245d27ead1f9c81db0fc0d6b7ec52276fe86b11b0ba451176bc26201c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 73c7a90aedc2293a5f9b7352e0081314
SHA1 3e492ae626188ce0a05b8be6a46732a1727042af
SHA256 90bf709f815f1a18c10234bc72930fb8b06cbe9cb34c3c100c06456630315221
SHA512 0a66cda0a709d9b988e37d190f25276073649b326f272ef127f84e7121c223f6b69038e497989b458b47a8ab0afa3abad898930392decfb5e1ee8afdc3d246e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\db\data.safe.bin

MD5 f96a13d16fbd75f8e4ce725d2437c413
SHA1 7376d23538b93ed6b0fd1e163831e6150edbc833
SHA256 6084fd6ac3236d73010221b0f5b58d4602cb25f83848c8bc75efd8acd1cd0bc5
SHA512 742b66362b01521a6b93969d0891fc003a15bc202f684d072f96df7806c282289393bba0fd5e5dd6986d63cda56cd97c7464d55d6c4aa5a1b4d10912f19fa2a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\b7200994-347d-41f9-a89c-b55aadde4cd8

MD5 cc8266611cc18e98f3d948b81cb03882
SHA1 62e1a72353d1935fad912592401a3ef7a85804ab
SHA256 c9f26e3ef0ac050ddd11d2914c7cc9f2fe362310a4750774bf13eb1abe22582f
SHA512 1355aa3a7ddc3414736fec981415fabe3ea2df36d759c467919d1eeed70570f51b010d15df7db4a4e6b7305136cc00a8ce92edfb82dc9460006c0f3c360184c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\b67f2ff8-f109-4997-b962-fdf9aefdec35

MD5 3fb63e78e58eb12aed5c9dd4636cca90
SHA1 bcb4a7d168eeb7b17747923a317cb68a9e5aacf5
SHA256 31fe4bac6ad39f33c523f1925be52c04bcdd40a9da19524f537c33277429cb92
SHA512 7821ddb5ccf9ff85ee81ebc7a5bfc17e9a74872495e0427c8b503192a45c6526ab9f29ff514bc6fee6bea8156a2ccdcac9e50cd20e767d70d70767157e94f988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f4e971eefa65132f3c5e14e57e4a929a
SHA1 7b683a48f5c63f7fa1ff6796546ed265908a6e2d
SHA256 7ebbc876d230fc035dfd5cd2337e68d8a7a99dadc527d27a3ac2d1bb7e83f95f
SHA512 59e12089ee6d422d74588db881d4a0b7e83216f799ab5753068e2ccab036322555e014082f2bae858cd6efd2fb3329bce5d3012288d5a98c36803c3611ff4568

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f93c547fcb5780b4e8f6f62f59b34052
SHA1 fc9add3370ec8171c163067bf7767f8bab89fbbe
SHA256 43f391cdcc7f4fbd14ea83c593caa033dd240bab3dce2e3dc605bbf95544e260
SHA512 d1f6f824e11b2491243b76424913cab53dcd61ee4fabc56f81df8426cecd629e628ac766b363530049cf74080c7a13d021a330f92db4a7b758e531feed1f0290

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 d7f8e56533f37f3c405bdadb4fff5c96
SHA1 f62267ea88d859964026d169fc7ea807a8130314
SHA256 14a4481c933e502b41b8adbfb1f82ff2fe52137e9888bafda265fda39e7a98a5
SHA512 d454e392de003fde92d036d6da172e344d9e5cd5f2e967d80602eac9e071187bfb31850e51e8dc80bc72e95011723b3e7f5e5ea37f07d71265d207d625421292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\36\{6da2b0e7-51f6-43f8-9a0a-6d20a83bc424}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\idb\1884051443yCt7-%iCt7-%rcees7pbo.sqlite

MD5 9379597b79eb24f6cd4497e12d9f31ab
SHA1 cb6e5a4de3893240ca8db1d5036737f08ed318f0
SHA256 a8103b66007ef9524178487dd934a33f76627f634af81373d9fe8c677f002dea
SHA512 54d2746387d8242838a0b67fce4a3ed74674e2c295f1b701e2e5a4a0e0bdef8379fb69d982332ab87432524e54252b5c83d1699696ee8c1356e11565890d7d49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76f48c.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ecc327662fd905e409cd1c8800bbcb83
SHA1 f2955effcd99d57f383fdf2cb1a023809538833b
SHA256 58d8430fbaca1ab8171f54e9774a4331430af877420d26288b8f5919177a9d43
SHA512 8b260c011ab9983eadaa939ea47b07b4e4dbb7e3b0807e7bca5c273e24e004e833bd5c001fe861d605b5427732ae62cdddab943853969c4cbdd27a13f658ddb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1e7b7f6151f7fb1a62b7e5d5b4ea4fa5
SHA1 989cd5190507238df0d60a79a0cccc5de5ee8fe4
SHA256 4a8ed26c6355a939b2b3014f1ca2bc9d716db94633f643c73c046af6daaaa75f
SHA512 fe544c79263ba8fa86fdde659de5e30cdb3303dd83d0be4b650ce49a46b7e8b34c7cccbc58fb4650b8fc4af95d6c7232b9b9f3ad0aa2cd0f820283a27e4d66a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3604db40138f89f8a0b5a1ea5ae9da51
SHA1 3bd2e117ebe584e2c39f402ffa6d8563a984a5e9
SHA256 4e2a20eb0e3619c4de3197722d2fc5489cf6487ce60a9c844589dc80fd7a3140
SHA512 e45b381b48c7482a13ee347204dd4dd866c63cdd652eadf8c9a9bdc1a3a4267d053562c305cfd1c0524a3bef4f5500a1fcf26b710598f4fa7c794b3b1d45e3b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 0c0bdf248932dfd62285a90cd7d2898c
SHA1 488a81c6059b1167e956d466455d3063a4b203f4
SHA256 6e9bbca94e6115d881b32edd34f2c80c8e543481aa73f9fe1b703671948e4316
SHA512 8f00f5b22e2d2bca351a67067115f8b99d8e51d5146495e6a9084f18af7c2af6fbe04c83001a5bc63fb04451c9cde0a070b5778b08f79fd7508e30e874feb8df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\184\{e901d4d9-2aa6-4173-a042-ae17bc2c92b8}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\227\{bdef4fab-401c-4424-b20f-8d0c53c5cae3}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\default\https+++www.youtube.com\cache\morgue\52\{59dcdc8f-9e71-445d-9e34-f496eff60934}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\684807cb-4708-4360-90f3-fea458d5a2bc.tmp

MD5 6df628e486c7387a958ff8a4503f0e04
SHA1 e11082c50eeaee7ffa640fba546ca49d65912e2d
SHA256 2acb9564c9c6635bde23326b1e1a216c71fda8a651dc6ed2be2601ad87105a27
SHA512 a3ae8721500cf28065618c90cd987b24dc80e48e5882e02425fb2fb540d02d45f8cbb60ccacda964a6df36796cb132b13668154817aab9ebfd47d57e67897eb2

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\prefs-1.js

MD5 906ebcda9b2cf1bd4bb6532df30995d4
SHA1 6d51fa5235c15fd06773be6656d39954e04f4a3c
SHA256 0ab8be320baf1b8ae7a497978cf6118caa17e81f26498a5eb7e27d702b851c26
SHA512 ec7b4d997781026582e83e715ddb686cf21d38977eb917ac103ad36f8d3d619df368f630d4fc763aaa5d4a6fe4c5e1f533d755e1e5466a9d73a0bbd5bda6ce78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 b3a5fdc968d9887708c5915155946063
SHA1 3b5e7bad610f803eee193d30ece5fa933a97f96b
SHA256 f8adf2a3fdd9250ecd36146c4c19b706ea6ae6e73fa47a1bff83f16b157105ef
SHA512 3f7a8bc2daa6fe58ff02a16691d304bed9f5adbabd070f1c925de3fd2937a3cdc05d9d8bc63912f85467f4e3165abf2e12cdd1c9c88c8f5be25979b64e5351e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 b566d3a0eda240b98f01adb781f92020
SHA1 142a0bbbf4e1699930640b9332fcdcd9840d0126
SHA256 9b8139c209f53692861d38a92bdaed93e7ddd560b0500bbc9ad1188afb7c883f
SHA512 4d23fdd0e6b9b4f53a94cc700028f17d110e466152d175892056688db243c0f5ca82183918ead5989a479748d014d9f460ca182af56949f5cfafa8d03dbaa6ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e9d3db63b01200515a3b7413f17db80c
SHA1 8e298e9533061cc08831c9ee586f536e5d174f6e
SHA256 4957a0e9699f68a2ec0c31d102cda34c08e42b5cc2e953bbef0e674f5c7a01b9
SHA512 f36041cbdbee073b5d871554333ca86bc794626c00f126ec861c41a36e3ea3e4ffcafbf77539e9c5b3bf5ef367a26c0b87a53abfe78145dfd91fc5cccc221eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 632fe7c39243d2d4b81f4e7907a643f3
SHA1 69703758b8903dee5e45aed88970b7bd6de1961e
SHA256 22b8781e57ee9ea43c6dd78ec6ccf4708e6ceeb435045bc7e275fc43d32c7fc6
SHA512 6d3847b8f4b9e8dcc73d5333e5154b2d92c51a999c5f8e42a99fdefdc5c5c55739c8bfbd2514f0c0f80b4e3b5b7c6b4ce4249bc6a3a6ed2a0cc8e6d9dff7840d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 aa29a2a01b0174d8a1e8143cb34f9cfa
SHA1 203cf415a7f84c4e4bf1f1393b148c942ed70f5d
SHA256 f94f6edc3381f48bccd3cf7d4363a96956829953953ad3e9820d1b6e80507a15
SHA512 806d0d63a0a9cdde564159f680e7f92038221ce3a715d42d2d2b1030ac2d65d4e2a6eff470904d5bdca0760289c13a2b700e51d2e941ec8334618525fdf511ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b0fd1c95dc731c15a1e72373b18e4cc
SHA1 08e5c4f19d3952e99651bd2459f26e98fbcfe0c3
SHA256 42290e66ab39a0985e6e1c823052a2eb4de9cb6120cb8776a8d7a7096c8d3d49
SHA512 522d431b66408f9386a5bcd30e3124769a15a64e63e28e9c49e3883b8ac9b64be1dd33eca34da021a8f46026a7721c54e920bc9f22442498ea1664909d1098ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13b0cc968fdb93cbcd42f4ed2425545d
SHA1 a9832baf2e3da817926503f38f6e385eac956fb0
SHA256 05a97dd887e245b957f8c89c36bd4b2349e72fae27220e37bc5b752117306635
SHA512 d86961904d6354045feb86a2377a11b7944db39f1446a23aeaaea5731e92ca1b4d07e2a685edff31e6d58b6485cda54eff2b5d246824734f9175f0eba8fc5246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 591af7a5aa94e82a75bb13bd4b5f2413
SHA1 89590c152e8602590582f88169e3425638a94ac8
SHA256 f9654acedecb52c026a34f789c07cd7a9774b793a411bc73b030c32cf5202b67
SHA512 7e5983bd3a7771b444afe1e779c32693be6d41833a3b1d5d5752d7bb975eab1de74db8e50b02d19f7be5dee9e6371ced3ca897c4c71bc1e213cc37129e75b6b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c65e19771b7fdb69bcdbadd03f539b5
SHA1 d885d68e8e35f6bb800c433bcff4632c28ab4b5d
SHA256 7bb577a6d2304675b2389e74545d4166caa02129521ff3fb84ffe3d06dd41b4a
SHA512 df67b337c600eb11bf2d549029afa41e44b12d41f29f943618e30f0cb00b017862588919e487e1564abe9faea76879b0d5a39f959f069eeb0f4725e4430c9c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31390d4da8bace208d03ef04bff06ac1
SHA1 e6c3ac7342a3a552b4fc088ba412248319fee521
SHA256 a5447486d6e53fa974a35777c1bbb99181c870d0008963bc9197612f107c906e
SHA512 e8141d20c5fa058bb7c81f28d341fcee586712b9993aaece7376a388e33f59cfa98610451ca7c27435e9270243e60762da241305c83724f7a70fe5ddd377b991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f84b8312048bb6aef6beacc458e19b8
SHA1 fc77e6ebceb08c53bfff40fc2dab3b0923c005b8
SHA256 e76c09e392bcfe65535c34ebd641edeba0db03ff3c711e2adffa8f3d3aa871e3
SHA512 545cc2ae080cd51d5998291fe26e3c241c2d2870d2749b13e3e09bfbbebba97977fa2f3cf45e004aafd3dff3d5ae821fd8e603cff7f5f2fe3e183e9f64224479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 69cf41077f20745566f32626b3cb9ab1
SHA1 41e8a9333b0942b8ed045ba597165e627dedcba5
SHA256 ad6dfcf626f1011f489abde1f6550ad79a191e5de48f3323b13687d5ff8187ce
SHA512 4a82a1c5e2dbe9cc3d2b1aa10174485e41db3854020fdf996367286163a2da43730bd2537bae7f399418bf2e69ef524c9d2227b65faf305707c0b3f881fd3a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1f8148f86dc53dc9ba8481caec5b3f5
SHA1 ea55811ba249fca4a0ef0c7c71e0946a3e884202
SHA256 265eaa6fa170491a298acff882730cc57807cb633af9da139a9c56196e3ce41d
SHA512 98c3653e38f8930097089d91652534c37ba72a7665004628faafed220bc18f77c05507b59eb523e55612a7e5f06f1e701ac504df7ed5ec7d6334bf76ab866b01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74377f9b089a19ec5c5f31ec5b9555b0
SHA1 b45d717e337e3016bd59378f2ef1a40ea11ed4c8
SHA256 8b810d2293557ea8028974595ebf3b5d175f3ebe0b5e9c1fe2e59559d6156e85
SHA512 470c425d679cd8ba5c7d5e9c8fb0609adf90e2e60b7ca0bade6a5b4d4824e9cf1f8c505093774c99c07c180b296fd0e22d64a9d62e666523b5d12834f58a103c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba2ec0375a5872b7b5ce49c54b80b30
SHA1 8f2d4ecc990981500e1897bcc41a9ba116af4e0d
SHA256 d2d7d98c8187d5269d77bb1e042e52181e099a383982eb40a08f5d211fe6c9c9
SHA512 468449d2501109a4abdbc8156b6c9af129585400e71ce659eb1a5b987f7df79baf3a266b4c0e81392a836c36fe89fba3954dde1ad8890a1e1794b3b56416e23d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f4f3bca06c05fe15c0d0a0353f6db82
SHA1 eba01fe0629adaf24f6ac9544d9702c4c1304562
SHA256 713c3bd420c705d60d2e264fa31ace23ebff6e6079231009b1463779b435cea0
SHA512 dc8de1a927050986f02f46330b20d984d628ef05425dc8455485e48acdb557ffd6ebd96d699a8536d5f4f008e158a7eee5c28f936f4ac3db71066c682cc4da0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e9041d3a1f5fe1b54a1088ed2117d171
SHA1 d935a661dde63142091492212925e3a16e5908b8
SHA256 bf1a3795bfccdf3d5a4cf314701321bc31d5b4e1a096454862c5b1e935dae941
SHA512 fc29b8b2ca26b23699bd6e14365f4fbbde95009ddb91642db0afbca1507ae91b19adaedbbdac195c767afff9bcfb6861bdcba8a4c4e647ba2fa261ef1b05bd55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 994c50a8a5d9689c644f69224c522d91
SHA1 455abdf74225c359935cb756b488cdd3e15b105f
SHA256 c9a0915b2394fba7d437c2e748c9265459a1b6ec0991a354fb854828bc407723
SHA512 26d0ce83ededbb5c1061fa2e4b6f3ea640257b2e04bfe6f89e8433b56dbfba531a3e8c1aea204c7c94473c97dc9769f70ca997886337c9c0dd733b57bfed750e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7fda45f1f4805bee0ab2db53029e697b
SHA1 691b9a823138ab9f27e2126a52ee600a854d6ade
SHA256 16113131c5912cc4c512f30de1aac5de3736fb736fbc38a235ec9e12bd310645
SHA512 0a7928fa78180eaee571833b584f345b97e9a58577e47b827e1995c7d1d7cbc2c4e70db8a6cf2e4aff434adfbefb18c48694218a80c719a98e82e6c9157d34fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3013ddfcdd04f3aac2de5728e8e53b05
SHA1 50dca46e62818c1a52349f573289f455479d8f7f
SHA256 03c7e9018eea4db294e181ae72bf5a0043b48444153806a3fa190ce1fe8426a3
SHA512 0b401ce663a1b0365cf72cedab5c327ff4368b44f6e40e1a0d9a20c04942ca0d14131d7b07c4e3d2e7393a11c9c71e210cf8e0c6bbbfeb896d86e7b3738da05b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a2db16575408d0e2f946cd2c88a5057
SHA1 a2ab47aae278a480b2483d193a806944061bf63b
SHA256 1b4ba5c975e6adbc8f0b3b9fdd5531a3f5cfae8d65698ae4c921b6e5c2a3c27a
SHA512 a3b2db788fb55ae28d78c73414318ad58ca7f611dbc30ba3144d643e7993e3ae30a975c73aee5ab457fa41505c9bb6cc58dcaf3bae1c5a621e0cb87472e082ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9c2d23080a982bf813da9dd607b54cf5
SHA1 7d4e94d87f888d9a90aa7748824482333668c4fb
SHA256 af3de7e96b59afe88ec48f5324d227550c12d1ce5ccbe5f7c67844926f9a7e91
SHA512 80ec51b639e3e812159ab3189b1f9593aebdb48347ccb454f33d204019376d1674f7487fcb712015ac9765b2b7ea08c11de648bc0e33eb9ebe21b5b1f28f3a21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3811a685187dd664cfd2f68aa89803f4
SHA1 578c10602f51cb2e00b3b931304a20491e918795
SHA256 b5f861c54ddc25070ed8f74da112500a01ac11c5790673addfc1ba3e4684007e
SHA512 424299634e75d2182541d6172869d14bf611d47aebaed92b3ba20a08e19e9df270402707a33ed8a446a4c66ccb72d3b03a8262fdda8484f72332a3a0a81b2df9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 90ed9a87065c769f9e1dd60deff8f741
SHA1 dbe8a16b56e8b4233198d9636bb4a1254984ae04
SHA256 d89d859682e237ef8c936ec449fa3cccf7e8bc4a831e02ffa8ef02f3887c378f
SHA512 524c33a6259277a6ff406e24dc889d1e3360d144c0cae20ee833b092661f341f83f44d13b5b8e866dbd3798aa86949f155fcb64333c37d0db7c709a971384ae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab96e72019dd388e76b3c87a57c395a2
SHA1 59dd12b4f9821090f581f01ea5794e65b8d5083f
SHA256 6c4b54b64e2025e22ffef17f94ae816cbe2fd3f690d58477d7f092913b2408f1
SHA512 3c3f55bff0874b7c5aa578ee4d92220580eecdd5ad9d63a34d1db525066cac533841c0219224382bde9274f2dfeca771b4fe78dc983f11368b6104648b9adb55

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9615ebf695f8b707423c5bb2aec4faf9
SHA1 435fb8088fae10037edde6b1a061866cacf3afe2
SHA256 8a3179b1dd8b3f03b820fd8e82866918b0b8d52adcde7977c26a9f299ef5be78
SHA512 b9733ec1e01618ab339ed7091afab358e08d40ba4ac87928bf10375ad7b78f5c9ba224274fcc78c6adf26f3090eb9c62a3921987f6505105b1261947a9efedad

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 23:56

Reported

2024-02-09 00:02

Platform

win10-20231215-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519104300094946" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414231107" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e444e78fea5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2668 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 800 wrote to memory of 5464 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5464 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5560 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5560 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5464 wrote to memory of 5612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5464 wrote to memory of 5612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5560 wrote to memory of 5576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5560 wrote to memory of 5576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5592 wrote to memory of 5636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5592 wrote to memory of 5636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 800 wrote to memory of 5664 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 800 wrote to memory of 5664 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5664 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 800 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 800 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 800 wrote to memory of 5804 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 800 wrote to memory of 5804 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5804 wrote to memory of 2180 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5804 wrote to memory of 2180 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5804 wrote to memory of 2180 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5804 wrote to memory of 2180 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5804 wrote to memory of 2180 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffe49319758,0x7ffe49319768,0x7ffe49319778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffe49319758,0x7ffe49319768,0x7ffe49319778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe49319758,0x7ffe49319768,0x7ffe49319778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.0.1057906173\15015881" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f87db2d5-48dc-41b9-a87e-309f18d8c9c1} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 1796 1b2d6cd8658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.1.2082264259\1820657320" -parentBuildID 20221007134813 -prefsHandle 2204 -prefMapHandle 2200 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452e5ff3-0213-49e9-b63f-2487589a9f42} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 2216 1b2d643a458 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.2.1343355854\2008597708" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2884 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b86d780b-7539-4897-8f9c-e8797eb1e290} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 2912 1b2da6ec758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,5527801031898991239,9445112476822630657,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,5527801031898991239,9445112476822630657,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2448 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1844,i,12440847251658377687,1751267255947017992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1844,i,12440847251658377687,1751267255947017992,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3588 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3560 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.3.1263237624\712673531" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc8f6d91-d002-4446-be84-e071f62c3524} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 3572 1b2dbbf7d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4592 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4764 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.4.1615643537\2002530230" -childID 3 -isForBrowser -prefsHandle 4652 -prefMapHandle 4660 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {185b8011-9669-4dea-9c74-b0fd7e1027b3} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 4552 1b2cb96b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.5.306096399\668952850" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01fd1e10-dc42-4679-91d7-cd5fb1d12370} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 4796 1b2dd339558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.6.1203028156\1464402299" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 4056 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae348e00-ac7f-4608-8ff6-303c7758df99} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 3512 1b2de185258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.8.1835890558\851135035" -childID 7 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e15b924-9af7-4449-86b9-e16844318470} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 5460 1b2de187658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.7.1334611527\295992828" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5276 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe194425-93a7-421b-a14d-fc8a3ba98170} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 4380 1b2de185558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.9.1232428703\1922029954" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 5760 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1dd41ed-af1c-40c5-bc27-a68f90cb1ce7} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 1476 1b2dce40858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.10.1244454354\1624229415" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5912 -prefMapHandle 5756 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e2976e-6fc8-4877-9101-b310ddaa8e07} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 5900 1b2dce41a58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5736.11.1968378434\1720286793" -childID 8 -isForBrowser -prefsHandle 6160 -prefMapHandle 6168 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f2fd1a-c120-48b5-8184-db406c92dece} 5736 "\\.\pipe\gecko-crash-server-pipe.5736" 6152 1b2dd04a858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5768 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1868,i,10244278060553828479,6767652926025965387,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr2---sn-q4flrney.googlevideo.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
US 8.8.8.8:53 39.131.217.172.in-addr.arpa udp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
US 172.217.131.39:443 rr2---sn-q4flrney.googlevideo.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
N/A 127.0.0.1:50959 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50971 tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp

Files

memory/4804-0-0x0000027FF3B20000-0x0000027FF3B30000-memory.dmp

memory/4804-16-0x0000027FF4000000-0x0000027FF4010000-memory.dmp

memory/4804-35-0x0000027FF4400000-0x0000027FF4402000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0614DEWM.cookie

MD5 ddaeceb74921e076a7b77efc7ec06a81
SHA1 1d7f6aa66d50b33134660450fc4c11b4b278e455
SHA256 3424e79620ba100382b2293c3f59cbb14359967d34ccb94baf041978fb8164f1
SHA512 19034cea0f39d5ff30b74b6e81582cd338097af60e9167a47419a0eb0f19c41aa500dd1c35b0258f1fb76a7a7582b1026e76b17959d986ae36ac52a6d12c51b2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d539f0c624c6dec1fc6097a0fbdeb3fb
SHA1 baa9e0219f5bfd50e052a04fcc89791a2bbce080
SHA256 89482c0f42bd3bae9b5ecae7635f35e416a81403cad31663a5f0cd8167e5cca0
SHA512 7b7ddc7cc30ae5a82aab227df46c3026490417a4869d0f25609dc827370822b05d6c9e17ee2dc48486a4a27b9f2ca6033b83ea1a3aed15b4ce4002da5efa0abe

memory/1428-96-0x000001E9C8DA0000-0x000001E9C8DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 007094d3eebbe532465097234ee83e9a
SHA1 116c0b64f24629b6fa0da06795211bc23408f6d3
SHA256 ecc71b3a5fd2e14b38eb2a503e73a09ddfea0955bb4f23d37b14aaeebe810a8d
SHA512 39dc9c1d540e602414833c57cfaadfd0c62c50462a89b326a1f206f73131405df42d54f9e0697cf00088afe634872de2c041f4b409fe2fae2ba8a8ca86278133

memory/1428-121-0x000001E9C8900000-0x000001E9C8920000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NB2FSPWL.cookie

MD5 cd7cb063e8019e77b6beaf26618e473a
SHA1 6595ce6505a9889b9b8950830e7fe7f9dfcddf56
SHA256 5340b9aaa76b72df9550ebfe05d9b22b28cc996f26ca332cd7d75081857e4e82
SHA512 742a5069d66bab6b0a32e1090e59f620df781d2de98d6462c9690f25ee7f9819012533164d2ef34743af8e34d87054f42328aefcaa50db761d26fe34a8e71f13

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VMXNZSPI.cookie

MD5 06c46357ad191297d4dcfcecf06e7af8
SHA1 615f76c60ed6b08e80a918d57bc9857d6f9bb109
SHA256 915085555dfcc2e26ffa87aae62a1d0669682039bacc51a938ddc49b811f62f2
SHA512 4c2647c0399f82818e40dfaa54397a45920834518576d86b986275057c817b15dbc72cd6aedd98d521cdddb0eb7222c891ca57f537fc25ff450ee0e5c6e58355

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

memory/1428-87-0x000001E1B63E0000-0x000001E1B64E0000-memory.dmp

memory/4040-222-0x00000237A47B0000-0x00000237A47B2000-memory.dmp

memory/4040-227-0x00000237A47D0000-0x00000237A47D2000-memory.dmp

memory/4040-234-0x00000237A4890000-0x00000237A4892000-memory.dmp

memory/4436-249-0x0000015C72040000-0x0000015C72060000-memory.dmp

memory/4436-255-0x0000015C71E80000-0x0000015C71F80000-memory.dmp

memory/4040-254-0x00000237A48F0000-0x00000237A4910000-memory.dmp

memory/2668-295-0x000002C0FC800000-0x000002C0FC820000-memory.dmp

memory/2668-306-0x000002C0FCDE0000-0x000002C0FCEE0000-memory.dmp

memory/4040-313-0x00000237A4AF0000-0x00000237A4AF2000-memory.dmp

memory/4040-326-0x00000237A64C0000-0x00000237A65C0000-memory.dmp

memory/2668-337-0x000002C0FBF20000-0x000002C0FBF40000-memory.dmp

memory/4040-339-0x00000237A4910000-0x00000237A4912000-memory.dmp

memory/4436-345-0x0000015D72DD0000-0x0000015D72DF0000-memory.dmp

memory/4040-350-0x00000237A5410000-0x00000237A5412000-memory.dmp

memory/4040-344-0x00000237A5310000-0x00000237A5410000-memory.dmp

memory/4040-373-0x00000237A5570000-0x00000237A5572000-memory.dmp

memory/4040-381-0x00000237A8B00000-0x00000237A8B20000-memory.dmp

memory/4436-386-0x0000015D72FA0000-0x0000015D72FA2000-memory.dmp

memory/4040-396-0x00000237A8FE0000-0x00000237A8FE2000-memory.dmp

memory/4040-385-0x00000237A8FA0000-0x00000237A8FC0000-memory.dmp

memory/4436-430-0x0000015D73590000-0x0000015D73592000-memory.dmp

memory/4040-428-0x00000237A4190000-0x00000237A4192000-memory.dmp

memory/4436-436-0x0000015D735B0000-0x0000015D735B2000-memory.dmp

memory/4436-443-0x0000015D735C0000-0x0000015D735C2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SUT9P25Y\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4040-463-0x00000237A98A0000-0x00000237A99A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HMVHFN5V\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UO2BTENZ\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\e8r7asz\imagestore.dat

MD5 814d3a6b651d9706659dd121f8f959da
SHA1 6659ce601f5695e30baf2d001a4b2c0bf780ba17
SHA256 d7709d0aea12c08cbaa69ee76a05c438a0e79dd65c37693d8159f8ba104c9454
SHA512 4b87449a187108aad5b57d6b774d75be0f93b9d031e21893b7b1223b4203ec791f307e9dcae87edece9b2e5c30ea0e985c4b8a5fdc2f65e1ad5f67410db3d7d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 50583454ef2c2dbd21364b72f06574c3
SHA1 5746737cfa4e116888003c8480e9e3d494e6c011
SHA256 d1dd0985974ee3ea2cd1739b6902a1624e56fc04e133c06153b21e6dafa4f9d2
SHA512 10ae3b0cc914cd06d49ebdc91ffd5baeafcd2ced33c2a8e6602c76aedae03a9656912c9898b80afab57a2792e2d1d4f8552e35d52fa422386d85b2bc3291bb6b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D10DJTLT.cookie

MD5 0737d5658bcbdb15bccfe079a8c95041
SHA1 4bea809f723a4d033e85eac6f1fc57787d7f21a2
SHA256 18cfc29a2404a535ef685e8a6902ec9c5937ce9b144b32dcf25de0d03131459a
SHA512 1535c536225a99d940f6b9eb17f8d44afa444282cfdcdd02fe8c8e1d42b0da9f5c87e52da932ba4121d66f984475f26ebaa7decb0b9acefb5f80b432b08d1656

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 f148047bcad9f680c625b01407478f85
SHA1 5e2062eede73a1fe70e61760e1ce113c395105f1
SHA256 979d3671d115d29bc56d053f12f962c30e359999dcb9301ce15c021b8598b492
SHA512 64be13a565d9771244030689b04268a4a05fc408d99d6e8f26871df84eec7e301a4a30c28eba728af46c38a7b568d86fa4088facd741b2a2a2a188070d33d483

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NFTKJD0C\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WKFCSMZ9.cookie

MD5 205fe0de7c08c3283cce8e3370597a17
SHA1 c522eb89c5a0ac46305ac1e20abf5c59298ac748
SHA256 6af4816e014c9677ff2561644c7a6155d992c36e83e2a1d5d8727c412f5038ca
SHA512 ccc4c8a846b3bbd34a612a96ca3a7184a06e6ffcc9b3e4e40196d89eb471d8e4cd290b69fca221de8238b25b8834d697d3eb86cdc560817f274ad6e19036e85b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB6CWN6\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BTZ5GHRS\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DPIHOUIY\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NPGT7UZL\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BTZ5GHRS\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BTZ5GHRS\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB6CWN6\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DPIHOUIY\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DPIHOUIY\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NPGT7UZL\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB6CWN6\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BTZ5GHRS\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 4c3708c943cee705064dd7ebe0e61c57
SHA1 9488cf0c55d45dfd4e65b752cb13d848817bd09b
SHA256 67dc43b3993c03d29803b3250b1f9a0d576c22a39ae85cb7ce05fdda8d263838
SHA512 76bba0f6e135e069e4cc92800c8a4f8ed787a43f22b36a80b855c80035f06e18ae9dd5b1b4aaa6ddc11995e260196a9474c15765981b62f281945a3585697cb8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BTZ5GHRS\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 7a727b94792bbbdf81ca43aa012ce4f2
SHA1 72949b2069b998f48a9fc0b67bdad76976da69ac
SHA256 628a7ae94d17fa7b68cfecac63f9a3520cbd01ac68f50085a1c8254838343d32
SHA512 97cde7d312a4ffa7679f7361004db786e1c97ec43b04657844db5ddb4328c4ab417e70bf4cad120e7c6a731acb591075c4956e02eba429018de10cdc06189eb3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB6CWN6\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bdcee9e93d2bf010f78325957317455f
SHA1 1075d79d0d7aedc8419abafc7f0a374dee639788
SHA256 b73cdbbd8ec9fb2cbca03301af585e78e3a53ab5ef3f2ece8934d01b70d5749c
SHA512 86e1211141b5ea675d298791b8fa0e0420c53f7b74b287463156d0271d00ce657e028b9556aafbe345dcf4acafad3e6b518a776501ec75c3e337a4272b735c01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5464_EZFCSNWWBZOYQKUT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78ca1cb81f0ab9b4d0f0a4c2ffce102f
SHA1 40f7e35117fd576da2f99fd47bbfaa365f774de5
SHA256 0ad791b5d70108fd4c8a2282272e57f7e869198b36f08b64445afd2a2bc86a05
SHA512 b5b10b08ad5a2026e0112f33024324bc769bdfbc0862d53d73638f1ea1d8ab88de499691a5aa229c06d19b52cc0fe1c2eb7e6c11cc0b80cdafde383588e49061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a3c5a9bef0eeebf7b8ccef261a14d20
SHA1 109f0c7945f6767c22d8139727bbe9351991d3d7
SHA256 5ef27fed57283cd69a2380acbe1492f3a4de8335cd7eeb94c1c293bb91a472f1
SHA512 045982c607dfcebc927a39bec8acd5120b2d6636d99a552e1f3ea3862f8cdfe82e7c19cf90a57af718d21586443ddc4883ed13c88f4d53006fad7f38c47ff4b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\pending_pings\b597ffd1-341f-4c25-b846-64555a1e43ec

MD5 e3736c5fa2f93930797460cb9af9f265
SHA1 14baa1ba92e56cfd5ae943053809a95aa08cd15d
SHA256 b593851dc4c1326c07cdc6b0c001074ade79a93c6e2ba413c9598e018d15e596
SHA512 4b72afe9b491bf222fcc133fa44a8fe9793cf32d872a84020731162df0cd715b0fa1a60052c3601c8ac6f2426cbd3e12a7a09bf321ab129ce911f13a69f2fd76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\pending_pings\2c881204-1767-4efb-86ba-3eea0b806101

MD5 b43c37cb44b22efddfc76868b32648f4
SHA1 27cd4bd78d1c60c7da2c05b018c6edec586bdafb
SHA256 859660f3613d2476a832dbb6da3991d58940a54524d2fc28f8630c49758be925
SHA512 c4f3352c79ab66be8729857f60923d14b7359ff65a4d0c5f854eb0be8da860faa77791238f74b044256927431f31f8b3fd931e90f12fe1bee5c3e55cdca55c4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\db\data.safe.bin

MD5 26e5d7263baf0485530daf0683638f41
SHA1 a493dbdb28f6759a9fc38d5a692de1ca8f18d2e5
SHA256 694514ad574093faf53526fa6a295c3e1177ed4eecb1b31d7d3bdfb150f1185b
SHA512 664e26789104e13114c30b3bd0a6188eb866cb9e8c8cfb08fb79c8b6981d728e01dfb777cd2389ca9ee7da73fd6239f0fc8f92d28ca4f9c737db4b00ef8fe443

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3aace563f6131c6dd8ee9d48bb4b6940
SHA1 e453e303dba0325c505258be89c8e5bf3df457dc
SHA256 18942e4c00a65303bd927fe380b8597c4abf8b1562527a1d8ebfb19240524483
SHA512 9736fb44958402bafe609d1615a656ce13d82469238eb713937b6a7f0dfdb1ba85c881dc102bc5cc714c1b0d3bb0eed23c4058f0b7e5027a62a79ae15f8c4774

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WONREN0V.cookie

MD5 1fcd16517db940b716630a63eca5127b
SHA1 a93e6509edde2ef53b75064fad05d75b3737b1b2
SHA256 537330b702951ebd0d5bfd20ba900fbd50f8ad648fe71b09ed02bd82a0e6c825
SHA512 6e75df8c41e68b1b1e6fb3587794e8c3e2ba8855db38bda1f12f094c52a507c933bb423a2e9a0d32a7870dd9b0a3744d0d3200c794e4cf8f016678a03f9cceda

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7087b2abfb88fe4d4ee6bb893f16ba54
SHA1 66ce550be4d62666f2bbc44ba7a917cdefc66513
SHA256 a82b20d782d58f831f1a676e0a6db93ea1f9a75a2167da91a2af98b8d1cd90cc
SHA512 93a9d0bac4efede5126c768f348290ed4a01f41c3d4b62ff4a5e1ba6457105db73be6209484b60a3c87945d3f595fb3f4df550367e6ed3f193e9ce306208f0a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 4268f9594fce941493d7033888d7877f
SHA1 92684bf921080d0ae1449f2e2f181b94b7ec67d7
SHA256 edee34d318f8809ae4ee20a14c9008a6fb2d6fdb8955bd461c660d32edb600bd
SHA512 a531ed95f75f1e5278387ec72ede890ad2213e4eafc9c2477961d56bdc5f467dcdaedc747b58e7e148240e4f39d929ff8e8d9d0bd12c2335d98ea2c4ff79e486

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b88984fdc8202cddb1986857448de9a1
SHA1 0c12bf476656bcdf6243d9ba9dcbccc4353b94ee
SHA256 8081ac37512a7efb53a6732e4e1f564fb6d7b269ce6da2c52462b40ab2292c5d
SHA512 586b655f3ecf3e112401a07a14c6a1f56192096b168fc325845b829924487754182f5d0a27425c6b064f1ffd6e4cf8429704356cebc01557674cc442b02574c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e95cb30e50c18cc083ef2763dbfa2870
SHA1 781606e777b73baa41beeaa936aa4d332e0143ca
SHA256 2299c516a21ad73b56c1cb817c98c4536a141f6c240b2627cf52444a93d5a41f
SHA512 31c075712a6ae27ae8af2b6876f51a59f32f375800e850d8556639ba79957f5ae99cbdca99be8fb3e8d7629f6953c468624d9fabe7fa8aa9e6d7303ca138f274

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 d56d017047325eab25943c2ad369aba1
SHA1 cf2df821063657a2f49af238c4f05b500ca2f9a1
SHA256 4888701a9f830ebdf27ac0f21efe11fc16374dc0657098f2f2db71054c0f1d86
SHA512 27d0e2096ffe66acb972ef6241b58bcc06b2c5c6f613c0eada8c68b58e68201a0728fcd9a9f5d3cc7903eca4ed45dbcc7bb33b53f8388fd6ca4c5e73d0a8ea78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 5f4ae4e80a22c9afe84553cca8d223f5
SHA1 4b1809b9542a03225dce97234c88619c59901071
SHA256 060627ac03b82ebd980596fce687b53b74b9133c8082ff3938b3f8cf69208e22
SHA512 cf1745e49021670445c8c145265aef7b3d4f3c5cfa0031d1f104fa9c4766b1e1b8acf5dab25566a901b5115a63366174507ddeaf73f405f97364b02c6b1f1287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4391da48f5b275053f1857b1818293e7
SHA1 16e85b5e4ddbc06b3d071bf812d280c681022f06
SHA256 f88099865d317c4ebe55c532539aecbebf41f628f886f7d192adbbe800606ee3
SHA512 6abb46a1dc2d95c544eadc2fdbb881b9868140ab2221379b4a95abe43dad7ea7e643b672be3665cc5cbbec5785280de56e3a3401f20f1ce66e995a5b74baf71e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d253cbca5ac52a51ddda149578e11c7f
SHA1 26260d2fa4df4705f73b0b8eac381d8e4c8e9a5d
SHA256 918e1f7b67cf3bb75075e2349a68189a3cc7d836e006e40f6f9b16570bbd4928
SHA512 13f8c541cff82ee25465e8edd27732f20debe53ce2df3602e1ee49a7ff3ee0837a6bc7ec9e780b4d7657e6f0355bab819df0f92519ff1afb79e51270c8f8a489

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5832b3.TMP

MD5 a338e7672d9a0e61e60dbfe2ba7bb456
SHA1 2cc51aacdc937eeaeb330a00cd19dd81d6a6390b
SHA256 aa4feecbbd72551433334acefd8cb03da6c75f587106fc36e82cf23e627a3fe9
SHA512 321b1137df59a75d9e9f0b454291b758ebd31972f222b371588a27b2df3206a3ddbaf16c86967edfa3baa89223088d1ce3814292eb799537e201395d07991c69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a71afd13e39f21a75d012e68fa664eae
SHA1 9dc55f0a0f861137b0a676554a740b470b5b8062
SHA256 75559a5f8cab90b8866dfa25362b1389a62f9997d17c0a97b12a2386c8495204
SHA512 5132a8a9cdb350c94d3d569e17e9769f27e15a003a0a00c7f314257bac728ae9458d5f918aec24cfc8112c84534ab637e86398f169bf23a5e3b4af03d0d62a3d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W91E2TXQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 91245495ed40b8df48070aee4836cdd3
SHA1 7b40f44964ed975c14258a9bc37a8af04059fdc1
SHA256 a429d91daed253463f17e0e5fd9de0b818fce2399d4a43a94c4338846815b170
SHA512 b4b2cdcf32673cf6212487aad6040f86aa8da995e556bef9b760573c7f60242c8063d03d920eb9258fefaa2312287dc927cd3d178e4f89c4294df97d8880f54b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 598d018d64b523a183266ec0bfe899be
SHA1 79313e98fe09ffa9f52ba5f46825d964ccd5a5d7
SHA256 1bc96707d2e7c7c72ed3be7af85103060a989f7bb1de4108acc8a8e5b356bcc4
SHA512 64386974d25267cd74cd35162e331e8de3790ccfc7e14866e027203cf85ca7c000d322135b00cb5c1a0b83bdffb7712cbf1842bec1a87395c52fb37865be2a7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 e2ab3f8018d2f3b978d6ccc51df91584
SHA1 cdd55ff57b5b576bc6bbd455b0f426d2b463c11c
SHA256 bb6252e2c77868da79bb9bec452f5ef38705d4557b237d0a0a7f94f10d095e25
SHA512 f01822936e1b38e45f4b0c165f71d8279945dc237cfe756d90a321c4f88a87e3a01028a0523f3245cde0800a7fa02691eb673ea7d6b5467aa29918b351292c7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 88520100dc67b9037f6f0c9e3252a027
SHA1 f8acaa98437d2dcea60ad910d88ecebddb1499cc
SHA256 99b0aae667c040a320046104c1b6260c724446c661569f56804cf030312640b7
SHA512 fe7ec65a2a1d9595433b9a25b53fe4dfa5c620e315c4f48af4e7fd014df730ddd51891a25cee40aa530a270c44285b91fd10c3cf713885220740725c52d49701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 0bd9c95cb4cc68347348be40a3894b95
SHA1 b2e76ae9211d4336e12dc5e1c18a93d9f15a2c54
SHA256 b787326d199bbb8413d40d4ce4ecfd8711430a8ed37a74d460418925c9b89008
SHA512 b3a4148fd817d38e335db55d3d4c6364f57fbd9fc409991d7df8dbfef0962bc60d852fa925022058d0bfd2d8ea994f99b2a1d96c0ec13c941749a2a889b8e98d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 93db61fcef0c2bf6ebf5e53a6b2b6b30
SHA1 bd3afc8906b324f9d8f7baa6468cf0c1bfda099d
SHA256 578280cf1bee403eef7f954b32f541336db94042dbc31de11307107bb6901fa6
SHA512 1f265e9bb6d0a121f7a7611970d367e70ca7d7bd9c675ad0d01ba878505254627dccc5187ab18d36d99ddac2772f0af7fa7d1eb52670247f9cc4c6bffe5650d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10e79a02ab96e8a23478f804a8a22947
SHA1 9a25157a8759f73d3068f0c52f87982fe38c1fc7
SHA256 4ba142a968e18d43287189b813b059f42c82840be490f962cbf5bfefe10539ee
SHA512 fc5daa49f2602d3cc543fcbb6963531220d6d24e87f3aa963a0249378f367104d32fa8493c20ab7cef4d3659e65c193f053128e2be77299c9b3c69053bf77a20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\cache\morgue\178\{2a92e21c-29db-4e28-bc4e-d751afe906b2}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 29d8e1f944f2e0ea68a7416b7c9508fe
SHA1 cd2f4dd9380c76e3b8be13523dfdd1d53b6b2b25
SHA256 41780c014a1d851ccbee9cd6037c20b1496001376b4d0ebb69183bb2d7f01179
SHA512 67648b22f2ba8583e59a0ee97c4187039bbd3922473f9829940b029ccee364fc75931cf22e74ad2f960262e0975c9009aeccb7791c3f6e6e42304184314d3b21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\idb\4064618660yCt7-%iCt7-%r5e4s5p7o.sqlite

MD5 3174dd51257be1fc363376190f4c5ec2
SHA1 d11aff2bc73acd266f4ae89083cad7c227e01690
SHA256 75adf5cc9c5f0af876eee0e7a68de3f7f5dc75d47a3ab979c75d46e7c634eef8
SHA512 e8e13d24cb9dee0af65f84109ae02bb403c935e8ca5b22d5571b02df6d220e1f3a9f64b056ae9418d9d518e237580a75f309d8980ebe0dff20cc9b9c2a0c3a53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d8881abb59470debd5040146ce249715
SHA1 226d55430dd6798b62ba14b7ac293427d460a0b4
SHA256 3ce7d3009b13f046c9492783a73f29c267aed153ed24ae642d3bb124aa8c1bcd
SHA512 3245bdad1364031a3621cd2f7b779eeee9416c83a0662b6d38047d02a914bf4a04b7b5034ce2ca48004dbaf2dffaa9129a7566ab47d3fe65a142f4f253d2dd6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588940.TMP

MD5 c8f937cf0456dbef4637df1704f0f290
SHA1 3a9ab0e1287896930c7d3f3c7a5cb04a2de5dfd0
SHA256 4c152fdc786bb1d21e15c1a4eabb8cbefb7dc934fb4e7232f3a47bc05921e847
SHA512 aa68bf5cd7a1e7c35ab103d879917279a44b992271bbead4c4c31cc7241bd9b41c53fa376ee5d331e00f5b868c6f1d56449219378fb183c7d479c0b07ecaee42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d67264bf3c22d1f58f773691c9389c85
SHA1 9b4e0b7083759ba4f921623e51bd7698e4a27a71
SHA256 f28e3e46b1cd4be0ace8a6319d62dbeec471fe970c8ef7b43cc46f2b671a811a
SHA512 4cd06470a3572c28089c54dff11db7c7b51ba5aeea6da689ae0c054eaa355eb0d6ce6260bfd4851457ed7e6f74a6827710eca94009acbd1f83443c9c812e1116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d2557c0e781955738387dc5d44da9536
SHA1 1de5bf0c684d6dcbbd14e2509a8172524a5604dd
SHA256 2c087f9733e73928a6a839a959ea7c9c5cb7b261413469ce48db31c707007e23
SHA512 e91a086104245b25e55aeaf74aa523effae5d44f0d6a49a89f7307b3bc0baa90cdae16372bf44c7c20d61b00a5d34b64ee51d32122a713cf83f941020d137e5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7784be2c-58e0-4c3f-854a-61e9235d0648\index-dir\the-real-index

MD5 49ec7688a0ed7eba0b35274ff19e71db
SHA1 9b7c712bca98fad6ad33c17fe299c9eb67f8325d
SHA256 d50eefe27c0587c0301e304e433c9b7bd410ab7406476f05d2e7a946587d2a28
SHA512 3143d6235412bd9b8435ce63e14ea901af4df4b46b8842923770ede500f9a2cd26d0e8b4546ea020bbff75f63e4e41dfa4823ff615f4ded139d10634e04ee82e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7784be2c-58e0-4c3f-854a-61e9235d0648\index-dir\the-real-index~RFe58a023.TMP

MD5 58133d93904fbc57e8a142b3380740a4
SHA1 800475314b280d796125bd9c9d4accc975f8a60e
SHA256 70b3e60af88ad686b0e6b9d8fc40ce67b7759fc6b20f3da434012ff96b0ab753
SHA512 76246c36a0f104e39ce256d3f3158d612a02eed96462aff9567825023a30cccac5ed8e63eefde5a08e4a88cdc16418315e7d73bc0edec7dc41ecb16d243fa121

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1083b898f1957bf7fa873c8605d5e8b2
SHA1 25fd140be48beeed4d5474bc660e800408b7a972
SHA256 9c1a1a45f35240bba03d2f1ceec41920c253a573cfb9659f38c3e25a29fb7475
SHA512 12c61ed0debc384e477a803231a0d81faff4296cd02e7e1a944c313505c8b561b274ee744b8425901238010e271ab4447cfa3988d203d2ec429c6a611de41ebc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DDW3FITR\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a83493622bb72a1c14bfe093e2f8b83d
SHA1 5115921d62e9c021c4da6fc5e59d8f818c29d946
SHA256 3b5f261b2aa2cd0f1790e4d8cc969047a9b7b4598d3e1cc8a6bd598e90354cd5
SHA512 1ce24606ff91d4dec10391a1fc3fff94c6bbb5dfb33d386a53534d4c8c2cc96b5a44967510373bfcbcb79de2bb04ae2ba5001b6546b8277e9cd6b7a217802c94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 0544eecd629dcc2358306e90db3e461a
SHA1 fdb331d381b1bbfb0706c8e8f255b183bf926cc5
SHA256 8f30a9caf349e5f40e21089bb21b795fcc86cde03a871073e9da2c6a38daee0a
SHA512 f5adea76b7a34e86a7e7539a63d438efe3c9ccfe2684be7529fdefb8d8bc2e1cdc1c21fde20eb2234222ca7930393b05398ae91f2123b954d3552d7600309425

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 bd09dc6f6321365f18293ae0aba85d50
SHA1 9dfe111af818548d522f53da70cee3e6b2ca73f3
SHA256 26cae4f37e7a12bbdfe173be7c95f5898d3b9ee51de325f1066fdf60af43bac7
SHA512 608a2c27334fad6c808e20674d014e55d4fff6dd0b1d2f5bc26a501b66fd50e4805e92a772f7b073bda9e8a43487afbbe40ff99d2ba62e42ff2c35895eba43de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 a84b33af5e6b0e81704b4a291a2de13c
SHA1 3f40b1797a62f840b226d49b81cb7030b87f1b32
SHA256 fb97ac5585f23e9cffb74e4695b143147217e29b3f100c877e4ac3f8b2c2d5ab
SHA512 cb28aab9e81549d5a20121acc9dac991df90ed9b83b7a3c1d5c2158191239049eff944e48885be7abd63256267ef90ae4af7348f162f216d2168abaa1fd73c47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\cache\morgue\168\{9ae21ed3-ba07-4e06-8a80-97f3828ab6a8}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{cf19c9d7-8c06-48c5-9e3b-fbdc06f9d3ac}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\cache\morgue\153\{dcd9b5a0-1dff-42ce-b930-525f5bc68199}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\storage\default\https+++www.youtube.com\cache\morgue\31\{a90e7fe1-45cc-407a-8472-83ed3746f31f}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e0472d54da8caf7768f1913a13931223
SHA1 e0e3f573430c1bc51b9d584ffd74a604335c1bed
SHA256 8c9c57ef5e33742e5728f6dcb25e59f4cedbc61717a0285bf626700013acba86
SHA512 1d9e9fa8f88996d3b21a0da92e1d250d8265274ad8f1934bfcdc9697b13c7cf27b8b890255c00e15ce39c708fe00f2345c966fde1ec33703af071bbc8a87c47c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1be6620cdc332d3d5a1cee727d7f60ed
SHA1 f721a279b35e996267795b808d5b278d2ec6db18
SHA256 93dbdc14719035ef4053be1cdadf7b1d327f78c7931971740bc6385a88b1b45b
SHA512 fc938ad410f9d718d69227edcc1cc84514b9e408e641faf7f74b1784c1c372c230135d071a6939a70ff7b7a403073ca66e92991f6f9fd3f059cae8946a22a571

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 78e48c94ee9b21240e89c4c799ceb5d3
SHA1 c144953ec48f65aa89566237e66f250c9bc700fe
SHA256 f39f6c6c7f54dc1d85a6965ce561f8052bc7049e596195996cf5db205f73a2a8
SHA512 d27a1514bd00df71236c1058a298fb58ac389bbba451c2c4bca88515082a8bf8df72ac6c37aec544e20c2349edea4e003aac4a9878b3a8c877d01d713988408e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5b7ed19c6282e0146dd7b22d2245487
SHA1 df2e604402f85a03ac7e21c767280ffbc2332cf8
SHA256 bb7619e05ba7aba97f70e36d4ebdb115fc2d23fbf00239d878327fd9af1575f1
SHA512 ee96f039ceee29d83d2540e503c7197792567974a54132e5694d229b3972002eceac226b2fbfbf8c3efffd0774cd27d5388eb631c87a55626b03267906426d39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7bbc008f96a1e5768d7330835b1ea513
SHA1 4d07ae2e5d613f8176493fd1e404cbf94e257f22
SHA256 6d0e18062260c4a448f0bcd7cba79f044f4cfd66ef6f51311edcaf817d302bbb
SHA512 a361ee3c9565243120c44285051c508d88703db2509ab4ce520398b318db47e2953d479e179bbd0d95be9f4f362ba7bdf69939f6e4b2da5e2ba73a30bcfd1db4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4358bb3ba8e69e9cdb128193b92a4801
SHA1 0886571911188e5bc7f802d3d8e9a8f8832e481f
SHA256 62185a2f62a75fe401a3ef6c8a919055604acc297b84a209af6b1dae8c9e9950
SHA512 aec27e3a9a1cb3c7ba389aad3598a57b6d77f6f9a5de54e76fe1b47aeb22f2ddf8a6233820853b49f208843e7ce40413369165978800fa2e9c57c6eff7a821a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e3840e7d342d04148b6350d23cb2e512
SHA1 4698a80e8fe6d5acd6723b4be99da66632f7bd94
SHA256 3f0402dace7c4f053f7c6b16fcd4b32bbfd149e48136a5f41894ec7dbbd411e9
SHA512 4379288d99f233c60b54f462f5d84ab1695efa1feb395b6867db363e03a15ac868a6acbaae1810f1d2c47062c7abdf2ef49ec3aeb5e689233d24cea486e3261f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 494ac2ed5e99bdcd2bfb26f2078b69b8
SHA1 2ac6240303867ba93e43fc20df8306de5eacb1ea
SHA256 c7c00250260e79be8892bda4b6124254a4fc95a669a60b9f811e209664193264
SHA512 ed6182ddbc10b0ab041bacfd38c058628a400279b365076644aef21e6594af288c512203f1071ff5d5128e5f8ec50c31f3742b8ca747529d354580e861159d42