Malware Analysis Report

2024-11-16 15:53

Sample ID 240208-ferb9acg34
Target 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
SHA256 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965

Threat Level: Known bad

The file 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 04:47

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 04:47

Reported

2024-02-08 04:52

Platform

win7-20231215-en

Max time kernel

68s

Max time network

283s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000024292b365a1f0a9888cc4d97695413dcff5d74eb3f9d8a2225b9dcdfb467d52c000000000e800000000200002000000088f4169be3eaa61b563604fee4eb6d471caa10aefa2e37a533d5e91945db0cb99000000010f74e3d758f06d5b98a849dd19eceef826b73fa5aa87b10e2f20a8bfb133d54791445c8e006314de8bcfa22f7fed44b41e069e7267c38bef4e61532fe973f6304b2e03d69f76f7edb485a7eea8ea67e359f58439cac41086c437a83d65a0673bba7a91e70c7721ed9aee2892c0cf7df58e98e02e53e6bde7969a2e07906935c666edcbe33777f18d4a89d5fe06fbde540000000a61ad29c459dae84b10e74d9c49f8882a5c624c59c9862a769eade62df8b45cb1c9c593ef49dbaa6e758e3b2e721deb89c0045ee8bf5d52049125751c240c6cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803011ff495ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{296195F1-C63D-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{295F5BA1-C63D-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000061e3bc48e6e08112c246266136ffa539b5ce7192887db720e82b1f9b218f16da000000000e8000000002000020000000ab035501462c2c418d6e9ee414ff8dd52d68f8521304ce595bcafcd14f72501820000000a6063f6fe8d49d8a357160276bf2326281dc93a6e0d0ef72d2460e53381abd77400000002b84491a12bdee9803e1346554ce1a9aea0ae6728c30fa5011e34c5ea2d226d71964a6efed29ccbd0a4b13e168d0ba44bc09783103d88462962e61ab42b3dd3c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{295CD331-C63D-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2496 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2496 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2976 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2024 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2024 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2024 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2024 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 2760 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 2760 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 2760 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2700 wrote to memory of 2760 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2968 wrote to memory of 2980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2968 wrote to memory of 2980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2968 wrote to memory of 2980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 1800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 1800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 1800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2496 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.0.1033441971\685579505" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4365856-9819-4644-82bc-8f75c183b4c0} 384 "\\.\pipe\gecko-crash-server-pipe.384" 1308 fcd6e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.1.1677108549\259159314" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca3aebc-dea4-4788-998f-fd2653dc9a74} 384 "\\.\pipe\gecko-crash-server-pipe.384" 1540 3e3fe58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.2.1891625768\2039731623" -childID 1 -isForBrowser -prefsHandle 1884 -prefMapHandle 2040 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2fb8ae1-38a2-4d92-a612-12de0b849243} 384 "\\.\pipe\gecko-crash-server-pipe.384" 2016 fc58f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2128 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1292,i,14965828519204322233,1484905985745822892,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1292,i,14965828519204322233,1484905985745822892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2696 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1328,i,11128651287947895629,6057372373602095684,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1328,i,11128651287947895629,6057372373602095684,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2844 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.3.2108338139\439600545" -childID 2 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e4c3016-f80e-4ddd-9400-6ed77fde8dc0} 384 "\\.\pipe\gecko-crash-server-pipe.384" 2756 1bdb9e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3184 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.4.181958680\459387190" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3684 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6d255ff-399a-4cfb-ad32-c159d617caa1} 384 "\\.\pipe\gecko-crash-server-pipe.384" 3688 2026dd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.5.880161992\1570067326" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c42f74c-9eb2-4107-839b-ca1774e60165} 384 "\\.\pipe\gecko-crash-server-pipe.384" 3824 2026e358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.6.351483489\1519538014" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 4024 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34fe473-a102-471d-9b5c-852e0f58e21a} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4016 207fb258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.7.780546606\1321296753" -childID 6 -isForBrowser -prefsHandle 4256 -prefMapHandle 3936 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6af4f534-bc9d-43cf-b77f-80ef50a8ea0c} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4264 215b3d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.8.2022325131\730766340" -childID 7 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cfa0c9-16ee-4d23-993d-358bf867ba10} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4300 208f0858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.9.1101772173\932386149" -parentBuildID 20221007134813 -prefsHandle 4624 -prefMapHandle 4620 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c58056-96be-4851-8be8-9b711bff22df} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4636 1eb16a58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.10.164689880\1550191057" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbb38752-e24f-4302-affa-09f76be03623} 384 "\\.\pipe\gecko-crash-server-pipe.384" 4788 21d68358 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="384.11.1827219388\1816159444" -childID 8 -isForBrowser -prefsHandle 4980 -prefMapHandle 4988 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 616 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05268c68-be9d-47af-8435-741ecb5c3746} 384 "\\.\pipe\gecko-crash-server-pipe.384" 5052 1b4d7258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4296 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4316 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1372,i,7845563823729489983,17906490744758605271,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
N/A 127.0.0.1:50191 tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-ntq7yned.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-ntq7yned.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com udp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
AU 173.194.28.41:443 rr4---sn-ntq7yned.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-ntq7yned.googlevideo.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
N/A 127.0.0.1:50200 tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2496-0-0x0000000000500000-0x0000000000501000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{295F5BA1-C63D-11EE-9439-EAAD54D9E991}.dat

MD5 be6f5123fef0fad8155e0fcffb821f62
SHA1 918b121c57d148d475c68036faf143bb149f1180
SHA256 249c5f8f6eb86705af8254f835bcb64af4938cc4441155b67b7e920fcc4539a5
SHA512 ed421c53af9554d12e2f54fc73addcb2b763491165619561bd5891edbff2852b99beac07ff890116e525a4debaeb5dfe87ae49303287ddbe08dd1855a0c48874

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{295CD331-C63D-11EE-9439-EAAD54D9E991}.dat

MD5 6a4b90f414ad8c5099b0ea39c5136a0e
SHA1 b40c70fcfcac7958e362391b42cb04d0acb369bf
SHA256 7f95df752f3da269fd515e6bfa3e0824eb5cb61ad42b7089c6cd01e5c545f814
SHA512 ce50a6eac164c2ef784e21b726e2f53870ce8da4cd72d9ba73ee41f26a5a786c2376360a6e93e2a66e71caa7a30cd941773d82939dc763ea22ad2168c556db95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a6115d6e96db36ff52e35c90417d5dcd
SHA1 6d3c329e384618a2dbf002270fa6a37c1f9b7103
SHA256 180d835c0d58125da981c8887c541847cb9eb9e00dcf4e020e76e6104f4c81d5
SHA512 746a018596f1886ccb3518b5cd74ab936fb6a8d6dda632a56d6cab76a88f12a9baba4a1e0ced63716236e91c5d30f0f6f446935dbeddc886e08fcccc8112dbcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 55ae277e1b406f13b8e2e1724086856e
SHA1 080482bfbaccfdbd347dc31adc0dfee628bc4691
SHA256 94681a9b7462dc41a40052a41cab1a5ac8648142bdbe9286c8fa5e7b891dd637
SHA512 1fa075d33634e4d2da1a64e6f7297202607d88ec9d298d660f0ec4d5a3354992f60ba423b8aa19b5192060204c0113aea4162689aa777c1495f4034409d48d7b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{295CD331-C63D-11EE-9439-EAAD54D9E991}.dat

MD5 5a5f0247924ca045f11f78fa70a9b7ef
SHA1 0c61b35405105c9803fedfab92e9ef797b93deb8
SHA256 45ee4e8b7f9d5616a4794f94b39479ec6aeb07d9c9441888aa1be8a67957b006
SHA512 dbef095ef054a94de2ecd851a575b59e0ea2fc579d24056008096aee40f5c9f54d82ec2ae9071054184f516b0227ecba62d1f44a269cfd147c9de00025f0611c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23cea89f74149e2aeccb21098b3cb1a1
SHA1 ef79a3701a6b09a8ba7ad12bb1679fadec076c91
SHA256 7808b9e57dfe22d15c2e882a01eb595755b26af90f503b083022a70c549ba15e
SHA512 d6879fc5ecec355c55d88bc476efec8ac2104d35b51d192eb312deced27ffbe634c293e21eb5efe00b6283194043d6ca3d770366354a3a7ecd54a069165924e7

C:\Users\Admin\AppData\Local\Temp\CabFF8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{296195F1-C63D-11EE-9439-EAAD54D9E991}.dat

MD5 7b795b2870fd0b1cb1a17201cb276411
SHA1 fb1cb135d1d5f523174ef32b88e61ea1d73eb3d2
SHA256 9d1825fd5ad8a08107ffe5cac0a25ad3f44087d386b09a565b1296b31e8fbad7
SHA512 48a1eb254fcbdb990135364749ae0b57801d8e7a7799dec094bc49832c598f50ffbe8b7a62a665921f36e5b607851d0852a5f34862d5fd80c1d4347058371ec3

C:\Users\Admin\AppData\Local\Temp\Tar10F3.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d302cf82c35d9ba4baa858de4c3a8797
SHA1 862599309de85535b8b2d8470309611fa12babd2
SHA256 9aad1f36b6d37a6dd89a7fc708626fe314c1504f15422f9c9c38b5ade31986ed
SHA512 d500a9be1ef17b3ab6666419b741104b978dc753c6865cb8d525d54ae31c5ed846931edf66c2cbe08d8e287aa1bae1493bb8f39f4201d8ded760a217fbaa1267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a57769a0dd776667df0ee3ca937c2ec
SHA1 31b228132d95202f878149f9ead51a0ed3e700e5
SHA256 a789983e5043a61bb23d0f5eb7bfc49f47b5ff19b1d79bf56c57cd3393d1a44c
SHA512 07ec288b3daaaf4afa2747bae7cd8fc47c26cf820ef18a5ad539b74b7919a52ccee8b6001d17b29a9e6fb98c63a9a7fecb7bbc13eefeff5d6d6d7d0ad47d89f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 bbf847ee0f03965c56f1a1b36f3f10ec
SHA1 1ff5898e5a88e4929f8299f0f9d822ba11b04860
SHA256 c5a493694d11dc137f613e3eeef95e1d4f7b4d75e035bddd128f499a9850f83b
SHA512 1e1799a719a89c4544640e94b7bedfd005f8ccf8729b380258a50c1862fd1fa7594af15a42120021d541cfab78a96f4191da8c89a4a966570ac8c58c0f84b59d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 1b4b72519773d4bf5c3b61c89042ef16
SHA1 d6b5d0645e8a292f1de2d51edec6d352a9843c5f
SHA256 ec217569723d550ff3f36ac0eaa09560327cae092e919d34abebaac059fae804
SHA512 739ad8d46c168a2992f6bdb71ed9e0fe3e853552a2bac942746dce66ee780985a79ff3feedb99779b46c1318d05a26e39c86715e5ad881e5984f8d47b9c837f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3f8ef9b6521ec281242e525cdcb048f2
SHA1 f93217670d40f1d37b09dabd325ae850324cc691
SHA256 678c5788faaecbc2e545f24410f5f4862b15ddcc4ee48db34a831fd13402444b
SHA512 ae5ab7d23f6610765024d1caeb45f206e5783de328b212f6b9a109c692a3850a4067f6443aac24e627e697e6a9ee1ed0351498f469674eeb295932f188e5d392

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 913ed6be9942e2790b0e3c28d00a3a99
SHA1 3139c4b56cd2304e754b254ed15142e06590bdff
SHA256 c1580bffaeb72ecfffeffcd5c2ccea16f0c0244b2f7074c3530895ab0c36038e
SHA512 b5248e5b96729a9ba90524106ce3c23d6517e587c2f38796fcd69b9787c84e96e2f2e7ac7eebd34c884a4de5a962c7b9ae7465aa61dc9bdf801a9be0c790628b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 370649af2ceccf86a91adf3da7a97bf9
SHA1 214021b911afb7f4d1b62d289b8ffc8331928ff2
SHA256 f84a59acca16f7523bc78fb863dfe9329dc0c914f639f19b322e869409b7777d
SHA512 71c1966975a6fdced107b8c959ec3d8b9085b55df611cc6e8cae88df5ac531f624982ccfbbe2e766a31046f96a0943df36ddcaf5777451088d02c35b4e6122bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 956519604251a3afba93859980acc181
SHA1 e079810ac167292ce6c5fbbbf8de418987b4139a
SHA256 50a7b56477a65822348bf440d40d477ece48adfc69a4eb54a3b4b06d19e13235
SHA512 4720f3efee3df2d92d4a3012f0d9aa134101b1c69e950911ac12880c5ec24e522442ba7446cf9cfed652744e874c31630eb9d54a79255c93e1f7066adf75b04b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 3d54514ebc7db9a414fe71b6d4674b0d
SHA1 6f40e9b8aad4221dee8b7a3ddc22edc45aaa8d58
SHA256 3c62bb85e461ea8f5c30c18071708499e3fe47d720d4244101853dca68fda20c
SHA512 5daa04f5186a660f1b2c95e3746f117183cc7fd4b5928aaffbd2da7a85c99ff891e8fc2a92dc808a4b5ae5912245a68b1423a6ef4cb717df4b19e46d2957a014

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8NE4E42W\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A97EEDPR.txt

MD5 3cfecf58772d86322fa9f58b45f73e08
SHA1 a6be921b2cbfc19809760453b10abac567131adb
SHA256 9159cfa09dfae8772833e5965b95e99e6c7b4e348be6aef7319d4c3ac561b943
SHA512 c418a895e222e2931f887fa284c0c16f9d54426a72f4eabf753eac0eca0c0403541d9b9522aae6da10ef634a31d3c42a0cda55f539a8ab4ba6e3b7bc138bc300

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 6779e4d35a9a2b539670d4eb1dc3846f
SHA1 25aabc761566b82c1384a87540398a985e2c96c9
SHA256 8dabad2e9d61b87a1bbd034644b6e9e9c13c5171fa1ce6c889e9d2a34946af3f
SHA512 6468de2c726ff21ffc796fa2bf217aa9a181f2844ea347a035dad4cb9a66fd4d2456a2f5d31a8896f2da7dbc4234a5127434be76f494c0c28faf2dca711be9aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 7de9d3c062d8d0b7dc4f5f21366ef674
SHA1 55e508021fbb8eaab2c4493503c630d4a9f26ffd
SHA256 dc6c0ed7efa9a7962fcea05b1189e4330618919707d1abd73d38f90c7dacb4c0
SHA512 51e182fa16864bc3db0feb1c0cab4818b08c6e3697ea8a462ef0cfa6b4924a3053cf304c4879e74bd66aabba89baf05e69062ca191d98e7fd6db795272562e5d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 002ccacb8de6bc06ff4471f04177c71b
SHA1 61525bc66a5fa02c1c22d73310adc29dcbaebdf5
SHA256 98ad1711a50b69d225be761349229e7a3ee1c9e995d687f399f8de014915234a
SHA512 e67c7cadfd5491c763a7e9c9f9f9bbfb313d6198c2181ed6ecadd4acc4a65d7548549d4e244ec045afdf5d270ed04969d12fdbf9244ec8051dae03ed1ac69421

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 eaff5e50a518148dd459d8579e214d23
SHA1 3eac2ea25ba371d0430d4c6667183cc38dc0e9f9
SHA256 d7e1e82b721d99e0cb78b869892307c65e03f611c19db85d0c5f9fc069eebe72
SHA512 3bfa5cf14fd96ea9a118c6fb570e75a295c000e653a7dec8754c7ac889ff8722c34258d294520b1a1b32e06cfdf14ef50709d2c2af28d7c46041ce03eee22bca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6efe6614326e697774165f2fbfe4325d
SHA1 cf9bbdf29b3430935cfa465fcc69808be1d39931
SHA256 fccdcb02490c6c1d1ba526eaa31722f019ac037835911da6d6757b8762f4c11d
SHA512 5d57fbed8de8201dc4ffb59126eca34b7b60a9087426fc3f9777cbaab93a872dad49e6a709b3998f507db8cda55747893a49f6b95f6e6fb7783d11efa083be2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeacce460908abfb0a2b0814a062870f
SHA1 7acd80fed34cd95c76326a6965b161ebdeb4eedf
SHA256 690eb86a6e8ffddba0b12e347ab29298bc2a3d1be5c8942cbe29d81a153041ba
SHA512 b06fe3d0bc6824947a8e644c58350124d5fe3b265700f1663788949503470465edbba82334585ec2865191c264ca9b2f16628b543111acfd4822365fe199532a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0d19aeb8a2157d57cf7e5640c02af8
SHA1 e36fc119f19f7469e28ee660a871195cdc0a42e7
SHA256 92e6fa0ab1ead3252cb1d16f7cf6ca8f3c771cd5d80a882e8d9015b2a0cccb1a
SHA512 8c89aae71953d00d10c6502e1aa74eac3921546bdc2b545ed46d70cdf3d6d9b5d15e133ca4474a1f2dc13b3bcdb4fb36cdfe0b8eb0d6020c200a39d3fbe54dce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a793e60812ca34e64908856e4d120f0f
SHA1 d131c5408897fc33cd84cb75e6db100d66b00ed4
SHA256 930d32c4296e5f08c6dca66cf5e22c9a6561171831c21b1803a9c6dd0c0d1ec1
SHA512 00997c19ea82e9e548fc207ae403b02edccedbc7632b4a46429d95c1816ba86a1deadf7aa49631bd57f7403911ebec6c08ff09828885d39274582e89c25bfea4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434efcb4f10400f4c3a387049996cc59
SHA1 76894447ae177d48e487e579b7d738fcd7c1e00a
SHA256 a9ab56b72f5efddd9004a8c96753d8b1cae6e790f5e85b00f1542d2625042a49
SHA512 63501bb3b83dbe3cfd6de7b236c48ebe3973a500254556008be0b17372b0bf3252edfc8f112171d5135c3df5951f9d172880b912eae89d87f0ef1f83c0aba71d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa9fcf2611af0fd55c861239da061a73
SHA1 04818f1863bf3fd520b8cc3cbbcdf8efb50651a8
SHA256 54bba5c2cd5ec8c1dfcb3abf25bfe3b942b738a782538f919a2122cb3451344f
SHA512 cc5eb0d069233838025fa9ae3da19ee0bbac3a92ee82a93f5588e0b0e9052148e3a343d25633f9afb87bc8cc0719222c51c7b44133ba58096a55c461a5b78f4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0800868d6c79cf03b05512f009e3e925
SHA1 fab9589afc2fbda49d6322ab02ea10a5a912e3fe
SHA256 25d5dd7f05a1e347093dcac26e857ccf9e3f6b9b8a45a5afc2b4a19066389d42
SHA512 e05050aa02d3179a398697b622d24bbcaff50a16422b8bcdc0daa902065ce1f02b518d11bdda3d2f0fadc15536fc81381c63579fff8bd38a2a5bdd6c0f6ef8bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62236e6287a925f5023f42b4f736a558
SHA1 0d5d92f21365c2613f980524880bb22c12b32b01
SHA256 9defa918a5bd2cf092e26d1124fb15461556cb5cb8ec3a41f34926b59332d791
SHA512 d4a9398cfc52f4844a55c08f5558c7c0b4a06a93bcae9cb5da6aba12dabe84140e59231b14dc932f9706fcbe0334b9be4693483e9dc1283c5613175561c215a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23f9fedb2ebc860f17813eda6d520d4f
SHA1 8c7490166a2052c51b382f080c5c49c2c3385c89
SHA256 30242794363b920597e766f35ca33228d92b37bab07b6e9f5a47eb0bcfd71cd1
SHA512 2891a9623b1fe79d326a156ae6b950e4899ef16d4e17bb9f0c4ad05daeed5d870ca5cb72a435c6ace98a180ddfb27da16e96e4367074ff9c8f5ded9e783ae7c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 091486ce67586f61d6d7f379f51411c8
SHA1 3ab3b47aec7865528c4ec2752867fc7ec8ec4a78
SHA256 cef2836ad6e89361b04c72d576a5559337dccb26b038afba3ddfba5288264bc0
SHA512 1916323360448b69e6ad176dec9de64d746879b14ebc523ad7459efd80423dbc8c718220e99c7eb7759401f8c21fcfbc684e48d033e7c404a613bdb110df64cf

memory/2496-913-0x0000000000500000-0x0000000000501000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f47e890b4447a4ffaef3ea52bdcd0bd7
SHA1 9ee3172de76a6579b4392c1d8e2162ce1f6d12b0
SHA256 993cb26ddcb4f560d0192a962cd11edc0298dbc861b5944961acfc587a991565
SHA512 b827ea7d27d114112ea927bafd81f2c2b5b35c17ba1872091c1f0d8f5e46d245dcb45e436b9bcea42a7f8e8ebc5dcdaa56a2620ee51b36d189cbe028a85da9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2968_VELCRBVBVXSVFADK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1db62898-9e76-4253-b375-a661502dda46.tmp

MD5 fa7d2d92982f15c634ad9b3df64fa780
SHA1 c0f40c364f999af5951514da0703bd62af1fcc7a
SHA256 a24b8c3103433c7a33a896f6b6b3b0a98738dea1300ddc4971e89fca722b8927
SHA512 c3c239d59815054d47d6b5e4c3b49b99b9e181872fa56e867dfd05b1ca5b9c383f3bda0fd0ea8329bbf152893ced0f4e58a5566df9685703c830bf533a711fcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fbfa5d60-17d3-489f-bf6a-c8c88ba5e24c.tmp

MD5 95757a0a6d944ba8ffa5e232126fbb89
SHA1 80745c6314307f6e0593e45d767d34a08fbcc101
SHA256 078638ed2adc1933424abf8de5a758526322d349fb19ffb9f38df9573a8fc868
SHA512 b4fcccec1bc6cc3b39bf6394008fd962c33972d4dd731dfb7a02c07ae995a25121b7b1d44a9a150cef13fb6942ba9c02a9d05ee9fc4b1dadd68c511398bbd69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6adc5f22436ac1e80482b8b3327d4099
SHA1 7978fcb52879ee3ffbd083c0b2668a3342118b5d
SHA256 43f6df58c1e97c5dd083d810972586dddc2b511b35818092fdd4a09d554424b3
SHA512 5063f398d0256dc55e88fda9ab5ee1c3c6bc1808d96506ca6b086120b48e598416565e2506c9558ccf6daff5e39d41aef9c50e30bc6e9723c011d3af1f0ff00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 3f6e97cf3879e1ae14e50641aebca96c
SHA1 61fe8dcc2ac42818f7ec93c107fe1d71517862f2
SHA256 32357ea532ed6d3fa16512d48eea55604ec3088db9918b67bd85ffa81ec4168b
SHA512 d25493bf91386232a9510bf79fe3b63242473786697f452e8347e44afae6132dcfa71a8058f37f75815a43ef114f070235369dc9714937dcbf7f827f95e87f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 8833ace222b15bd8ee8fa0d859c1c0b0
SHA1 94b53265a53df41029efb5d640f8c3bcd9468329
SHA256 f4af621f1529425ef7f196c3bd180b269b7884290d2c6501f9937890519f5fd6
SHA512 41494718f904b8d0f844d0f6a0b7ce190e3e5d2a9c26f2e4068b530401d996f8c9c30cc59fccc950eb2d8b222a889bbb36bab20583905d83b281aea6d8531c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 b2d63f8a1e1935560c833ac63092b65b
SHA1 8a40998d940548dab8cc206be0449efb3d9f6136
SHA256 dba2a87dbddca7eeae6735b71bb4719d8b199d247dbe5d405858dfe180d308b5
SHA512 be0073b65c5977797f87eb1577285eac8b91882e6f88d371aade11b2680a087c05066e1c7bbf069a570c78984422023892f556479078bbc4ca7001814e77604b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 d91d903167a856670537361539ac047d
SHA1 a71126d80e663238b4b4eb03d38b9273e529796e
SHA256 d7c9d8c7a8c7ab643bd394abad9559e2a86d95832d770388af927740d3e5a4bd
SHA512 7f77be3e47c6079f2264efaba70cced5b2075936752a4d074d67b4e56ed0450ff6f68ff7956a64df8c29984e1748c1ddd7d1ef7006a894fed762a651c180af4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 dce377664ef83d5d81247b5acdb3146d
SHA1 28ff9f75b59a3c8d47a3c9c6ef755215ff1ad82a
SHA256 797cf114f363f1269b2f6e81cbda9716da88c9c83b2d146e00faa910ed189796
SHA512 f820cf0d8f6292069a1c72bc4e46b2aa6bc34c40cb568ab3215f4183c91e7b11416f3032bf712c0071fd9a4899566d2ec179cef748c07bc2a8a9e82897e1d1be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 50a9ef75e91579ecf3ee79db9b989862
SHA1 cc34ea942d7ed19977e5e9b446fe5392c65d8fad
SHA256 38d36af39d17b117226c69af43890f9fcc97f01b38167c38fead164db75f27a6
SHA512 7730c542d2c8f2585621e8ffcc9fc227c47246855a2ac27151a3e413712c465b62d21f546fbc79efc3f937115c3522defa7345700952bb8580c6622240b70ab6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

MD5 0ec666f98824b1803ece171db4bf2003
SHA1 612c3c6fb93c8e76ede3dcebd01b6bca643f6967
SHA256 aee2f1b7454b90fdaf189f119c21ceaa8c0daec537471d2af02525ddbe6cad2e
SHA512 ed0e76f2eadcf52611d20b54a6ffb5bec9216e162508daee919316833d081b010d16f9b6a7954196ee88053e1f2b00dc28766c9304222c33781470cfa6f4410f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\5c5beb18-be5a-4309-923b-d9ed09e55ba3

MD5 3edd36b4679d061333b7fe77ee631ec0
SHA1 bb0ef6291eb81f5f43acaa65ee3aba1369304911
SHA256 ff7273485a30740e965e201d20095f0b8572d49976b450ea92a9f381f47f901e
SHA512 fd62a7c2eaa442b0a2f5a52bd92b7229a56df7f518f302eb403dd77a7e2a6b1c517eb147b64662b2f62075511860c0180afec3b24459e59df6e149a51b8d151a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\ebe28fff-c8b2-4001-8363-727bcf549884

MD5 7a00094e07078f0f0aa4b0fd70073db1
SHA1 ce17f1ab558aa0a885b0dda06d247c924ef409f4
SHA256 8f38dc236b093075c9b9d5df4843096835508be879972061b08298a7122d5c4d
SHA512 3533f367811228dfc08eb80e5c745ade3976f0a797fb29967e1896403fadf09cd08806ed06f3a0e7fae6dad88e671801d33783444df769f872e82e3c42828571

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 adfa7fb8a948b304549c837a0fdc6a92
SHA1 2b5864a73fb1eef1312d6b78d711b59b7a0052bd
SHA256 db42c95e7542b99fac32cc2ceac96aab99e2dfc6d4aa2d696aab3d60e3c94dcd
SHA512 0dabd837dcfc0fa0b9b87fb5c2d3c8656701858dae28266830553561717835c36d35f0543b4c6086a1537e26b4ded60dedb52411c241e997e592e17e4823df1c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\169\{31602c26-94ef-4f84-bd9a-b896a0d2b6a9}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\idb\2561213064yCt7-%iCt7-%rbedsap4o.sqlite

MD5 a54cce0742ce8324826229756c5a8bb0
SHA1 fab7dcf91f3059b849c4e9b44151c1be979c3b15
SHA256 8dbf357f742d25bb6957ffd27261c881b58215be8085726b6386fe7aeb5dc7a5
SHA512 f2fd818bd58f938cd6677809408c9d2a75b8cc40ec733ee361ca87f99d8b1bb06a3a3d2f6b55a83369ab3905782d88c51f32d42a69dcca73f956489ec8b3a544

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 f5da2367d8c4630ddff386ccef37497b
SHA1 482573d81d48b56885c73ff3f7e00f5f3c08d8b3
SHA256 dbff099a7404f19ee4b5ed3d5a04f42156d8bd359e13963a89553526598d0021
SHA512 5f06ab994e687c75be113edf15393a99208ab4b1432abd1421bda268ea3424d8845e27faadbf07b98f848ecbfde2aa9a59ea0b23f6aa35561aa187252548ba9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76c0ef.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e4eba3b8acf71c785bf010b4b50c33a6
SHA1 6f9daf51d9803b0af67a0bef6cbc5c48e6217ec4
SHA256 1a04ae7d93e4a4704f246f855ae9153eb9f995c214d79d4b33c48d5bff167dbc
SHA512 3c85565dc07c0e8c269f0fc8642bbcac0b7f6c1d92085993ff9b2f5dd1d2f20e29cbc74e3f32784b1ccc1d02705a3f509889d2b504db57c8f2c20bdae3b50952

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2968_1692803956\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b0015dab84326e0fec477d766a389036
SHA1 1f1c494e4d32054cbc630a7c70d2ea11aa98b6b0
SHA256 55ad06a109e778ee1c71f89b4b55ce3da5ac537f6f92e077d171ce626b480188
SHA512 1d7f908b90addcdb5e2fea2bd04e5e16c52687da1f7fcd387d1812c266640d0b1f1f24174492a1440bcd7d4cd00d977c8cd8b54a4f6a525947049209c158df76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6a6ea5ee459a6d9e21ca83f7b8598aa0
SHA1 1a0c967637198cb966fee1fe868ed79ed05da158
SHA256 e0d55702f055131912a7edbdc869e470382fbb3d1324fd3ccdef0a2a4cfac51b
SHA512 0e98182d3aed3a9c450d8bb38a96da6d32689b1cda6896cffc9d0d3c8185ed813e7d7786512fb70de3aac188a2c3de0e81f142452c2934101374666ae437efe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 a61241f9fac0513610ce8b842f48b254
SHA1 5b48e8e8d715fe241f9351b774119d59c19ffed1
SHA256 9cb381064d6dc2ce9cbf5a09bc48723acea1722f1a6e4809e645fe0b28e564e2
SHA512 6e1f8a97cf24faff8ccc9788c5e6e5b7ca5a709307efeaf7a9bcb3107c60b8a83b31eeb2e7ca1b21c970aec29e18e425cb4dd8d73183beaeea2a9f9fc7c345ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e2dc3f0949407e1429db5c7e091ac8f
SHA1 be55afb089a963d7a436c31c0b1033d5aded6ce3
SHA256 85b72c377f8328718da8cac4fa4007425a0f81072777f788d9e36e3f93528888
SHA512 13ad92452d89f362c950ec3beb160efabb02b9e8d2843739511688b3bac7ce2fcefba686ed2a020ffc4f3165ca8196376ee82c54c0958ff165adb8cc6a477a0f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e60bc758b8eaf5d6f7dca99c6727b74
SHA1 1cd9e5c33054ceca19ff873652b04eb6f99f798b
SHA256 8f4170003840f2952e9b3c748ea9241029cf60693f975b71533082399700c4e0
SHA512 133a27272f1f01bd37de6c6ec554cef0c1601974d2d3d83830b1f786dbc80e624186e0e81b6f2fe8b73b4c7bc60d28e786b32d7933f2ba14cd77af386c244a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c31a6e783dbb381f7b820c868a7f84aa
SHA1 24185e332429afd094e0c96dcb7268df5b5b0235
SHA256 193bc8c041f06ecff0104533c686b9f6f4f5861d6e0fe2e02a6d316d50bd88cb
SHA512 501b8c1ceeabb53e9274ec46ed62cd9e4ee7dce8899fc45482f89bba7eee5c8ee9c9c83bac704840021632bb58845475eed4e6e4f2430a52872fb3464bb51e01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a03d515cc204dd7083e686a7c01dc06
SHA1 066df929bf995e9e53dd090aa90e20b5c9262faa
SHA256 44a561414e7ba4d3c01a00542575f27101035c8f5d303a5e302749d283a23594
SHA512 d3d3e0c962571806da741a852aa38de84cabb0001d822ff12b01f90abd75adfef574db6d279415fca5c1a3c1c7b60efb1b2aa07681db3bb0b8cbb035ed9bf2b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7abb4f2193c174436fa5ce725e62ae6
SHA1 0a8fc2250382aa6c7caaa4f9f3262c5427f5dee1
SHA256 ff0e8e889c8200c57733296aa4d25545db21b498ea5a405d28b009ede66cb9d1
SHA512 07a695f1a9d519e111585998fc69615dafcd92e638f07112dc5667b3becf00dc29ccf483d57cc983004c3e890628c92f6c3366c88b6e25ca7088f65d25e5a642

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b6a29d4ae8284cf3688ace9facf6cef
SHA1 065f85b3d704044f111c6379cf6f64aa383cff1a
SHA256 b4c538b9355b7949fa3cd7b02997a0e855e27bfeb666038dd118bcf00aeeef2d
SHA512 de1e0df12b2b8d50281f76c8f7986ba9ea7fe3d98072faddc01ec89824a7e85cdc1cf4a56ad1c2cf809210176d5ff04ec625c6a3ec8cb9589132a3aefc6f46cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 e076af610acfd866cffeffb15565d2ec
SHA1 78cdec4b07ffff27781aeaad01eb48c88062d89b
SHA256 bd2a58eb3380376dba0d614bbb6a1ece8be1c21cd15981d29df68b141d2b16ec
SHA512 359edfe846dc92833e40abf7f0017ff80b7d0eb6118a6fc6700e1943c81d10470592dfbff1601836e12d7aab6a818fe8a1a60219887e81e96da10fed16fee014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7bee9597784aaa193652d8e9d1c1705
SHA1 65c62bf3283c8ceaf76d344d823a1f4123fe74e3
SHA256 9a64e0f5d68c9003d0edccb6fde4a972506f8eacd4bd7a0081b19acf70cf6bd3
SHA512 17563ba1dcb68b2713afbb08e8ae7c1f05363deed0ec594977c4fdd4ccd895c46730913cbf9040710012d34f332e2528c36d2cb8c72175010ed8f35062e86120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9784f904-83da-4730-9d45-9d04c5d151e8.tmp

MD5 6fed2464f97812a88a3021b334edf2a6
SHA1 349d00777ff80330a2f0448059edd38c7665bef5
SHA256 dd90c46dc3817d61a7dc127d3bbad34d33d539a614c44f416800a497cbc5848c
SHA512 d2fd96835209f22dbd2f8297bc6993fa5b2262030c6c3e75c4967ed5fdc7d86666cd1438b8d1f56be751f83ce945a5dbf455b2d1d59a56806d4b9fee3ee76ece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c724afafff87d58316c7801f37d2ed6
SHA1 e5e66b234d911e4d1f0ca95c5c5168bedb0a1e7e
SHA256 5be4852af15d4b4be7d4b84af8e806f4b0e891c13ea0449fb349fc42ac2133fe
SHA512 85c46a6a155945c35893b3e2bd1d98c0351c238f2d25ab00cf6075492d87c3d41fa2bf6b3732d7932d6fd1cf442f6596b8ee3f0586875b09c885a4f405609a1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e80c58187efd4a0bff1d12279b79d834
SHA1 15b03afa4aeeb9884c170887b7bb95adeed6bea5
SHA256 d334b22deeca28af2613cdf23b5543a8b080765544d318f15a9a6e7fc0a5e46a
SHA512 cad2d1ce02bbd698221cad5eb64826a9add47b069f9a298c6cf52dcc5d4b17d3c0424480b41de0b7c83684c216b256898f31946e08a25e087592c31363e091cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ec5f591b52306e00665655ae01fed9ef
SHA1 7718c4579b7931453c0f0ca35e4f479c4484dc88
SHA256 4a98615b7e322ff6474e97a654863c0711fb0cc79214b417966ed936f47e95f0
SHA512 83a1fe8512e885181aa5a2f7a929b11f11ca49f6747d029afa5050bb2f874578c24b204e53ef6fb515700fc5817741911a80c19a561334d5689533342e78052a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a427a99ec80dd237dde58a2ed59257e
SHA1 67b2009461c26e85979458511af098e25337b9b9
SHA256 3f2b8cbbe65ef1cb9a8d08480b48349f9555daece33cba8f4913eddb96f7c0d6
SHA512 210a37186ed55e88c26af51a3477abb6bbb5aca62e5b4acbcb8f94b39ab4ceec5b0cdd1bf21cec1b334d9b123c8f574acc3cee95bd93a938b53bbd6a6531bea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cc85670bb775c42ca9e5c9ba849cd0c
SHA1 1ba94b3a309338e26a2edbee2c68230a28fe7afe
SHA256 09d0f2228c3374c49a7c57c5db3a0df11493594f55580ce62d50b97adc817fff
SHA512 58ce2e95fc5deb7ffe6f1f985b96a152277172f0d88b882a5cb5056e9947f8b2cc6a52a2e17e916885122aa17a2fb35c8558dd66d4701a9a702c2c30997d59f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30b95ea8253690e3e572b6c81a1cf032
SHA1 2925f82bd9dca66b6bb2b2fdf6017f4916f17a48
SHA256 0b7bbd4fb5538c3b3bcfdcca0dfe97b4933197a7ff2c52070a2b2c701d94ead9
SHA512 6e1322ad2dab9d30826ffa4e54775cee6a18fe752fbfbf091b9ff1269af1b8ea4e1f4ce96bf0b3f6991147eb69a687344c9644c19a6157fe43d44ceb3d8788a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0fceb280fcdc63a400b9581bf3fa0b11
SHA1 819b42688b3b94a695fda0febb086ef87a318745
SHA256 36cf3b0f70002a0777bebda8e9271d182dc758f4381bc3e68259a7b72e8805fc
SHA512 9581e29f695fcd351e4bd29fe7888f4176feea21e05f0b3a856073b5bc751b66ad183f88eeec9d453c79ff4d89b3843eaab9b3b36cc4281da86da526589bce4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32fc652ce53f394410899a3e2df77a5c
SHA1 f2519f967279a7c5c06d742f5bebb987902d4aef
SHA256 10847401b7aeb3798a451d02d57abe645db51dbd6657f3d79f777b14a2a68570
SHA512 0f8b7ea3e33ece94361a9349f8d0c59d8c4a7bff9018e1430c531c34fe609d890fe1802f2e2df039d746699983fd3b881a98e40ea1195c25f7b34c4921caa370

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0855e9a29b40f4fb57da58c7f1280a4b
SHA1 c76ff51f051201e80b93c48363539042e099e229
SHA256 db4fe6aaf2a960ac0cf2b2c0bfb618013293be94299282963a4f267f7e390ade
SHA512 f54da630568ec9e6be38ef220247e1e7af704c4650564825403f12406d1fa77a8b9cd175352aab2177d1db533425926ed796f956eceafa1dd292680da891c3f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fb0ac365b3c85524cab3b4c728e50aef
SHA1 7018b8ac98bb86aeee07d1dde71d3db15fedeb3d
SHA256 32bb3d9c9358acdfc20d599565dabd35adf1b56d62357b16952d819b8d0d71e9
SHA512 478f80f9813e2c32f2c468ba1f7952ef727edaeef23fbadb42c944a886fd7b7549c18988c5ffd3fad73fb9716444070537a451993ce6f06d0cf6b0a0ce9c5e6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 31291b188e9662e1f2adabadab29c738
SHA1 cdd833c82a262aa3166168b6f51d6a42b3944639
SHA256 29a96a8a579a5bc1935f64c8f8d5bf83e956a261a00cde541a8ab7a1ecbe754c
SHA512 ae4a1afdafe1f192a3dd680f464f08b297a6078c321eddc8811bfaf923473e6c15ad6848607b7b93c53b2c78587a49e8e823f9d7ab1e10de57263318ca624657

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 98f0ae0a6f6a49c6af0b5888acc24354
SHA1 ef188480886d23002efc3b47501833b7494f2d4f
SHA256 1c2f2fecaddc1ab9665dbc6213064b596a5f49048011464dec09ff58f5cda082
SHA512 e0a3594f26a0bb1e2469df43cd1537a3b9d6fafa9562b1f8a727e7ccc4158bacbefa6d87a6edd73d9e76f51d330f47eca6593b1d167d16009d2d6e3a06bf0ffd

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 04:47

Reported

2024-02-08 04:52

Platform

win10-20231220-en

Max time kernel

299s

Max time network

292s

Command Line

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518414567476751" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414194004" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413529613" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{169751D7-5753-428B-BED5-F76425E75B4C} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b9c9ff3495ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a19173084a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 4276 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 2440 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 400 wrote to memory of 5780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 96 wrote to memory of 6020 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 6020 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 6080 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 6080 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6020 wrote to memory of 6012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6020 wrote to memory of 6012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6080 wrote to memory of 6100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6080 wrote to memory of 6100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6124 wrote to memory of 5228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6124 wrote to memory of 5228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 96 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5180 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5300 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5300 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5300 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5300 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe

"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.0.1343141614\1978526893" -parentBuildID 20221007134813 -prefsHandle 1640 -prefMapHandle 1628 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {182774f6-a3cb-4fe2-9ee3-f4afedc67de1} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 1732 22c93fed158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.1.1363348394\883338381" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e2efd27-1b08-4701-a73e-db4f42cd912d} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 2152 22c93ef9258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.2.744467591\1241028760" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1921fc6-bccc-4e8a-a8b5-bdae4a8ed49f} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 2920 22c981de258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1728,i,3786061775035018364,6357427421644701085,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1848,i,1821288868154012468,17744623305132332991,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.3.1390615045\1501068672" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b09a37f0-e60a-4487-b254-59b7181ab31a} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 3520 22c99518258 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1848,i,1821288868154012468,17744623305132332991,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1728,i,3786061775035018364,6357427421644701085,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3816 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3676 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4764 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4732 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.5.1065435765\241448856" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4800 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b10ede0-7465-4c19-919f-7737a58e744f} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 4636 22c9a40e758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.4.1216734357\1216003246" -childID 3 -isForBrowser -prefsHandle 4684 -prefMapHandle 4680 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c1e427-9e24-4340-a9f1-cdbf4b3e86e7} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 4696 22c81c63b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.6.1436634819\457931622" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5380 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30849265-3806-437a-890c-7acd78fc7eda} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5344 22c96dbbd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.7.1829052485\957656645" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48de9595-1ed5-404c-8258-e9e895ad3462} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5436 22c981cd958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.8.1447511135\1939455280" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8e0751-0459-401d-8a91-bed858f47cce} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5632 22c9a0b6058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.9.1964176118\233401402" -parentBuildID 20221007134813 -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {392a63f3-ddbe-477f-871d-88d0c2d76eb5} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 3488 22c93fefb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.10.1160844676\875202426" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f97b336b-cf55-4ad0-a6e9-b69e65c4c8a0} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5928 22c94253c58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.11.1535612768\725604294" -childID 8 -isForBrowser -prefsHandle 6280 -prefMapHandle 6276 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffe2e797-1d20-43ca-b493-f6743fc2a731} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 6288 22c981cbe58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 232.100.125.74.in-addr.arpa udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
N/A 127.0.0.1:51155 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51161 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c33.gcp.gvt2.com udp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 172.217.169.67:443 beacons5.gvt3.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 143.86.213.35.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp

Files

memory/3668-0-0x00000194F3220000-0x00000194F3230000-memory.dmp

memory/3668-16-0x00000194F3700000-0x00000194F3710000-memory.dmp

memory/3668-35-0x00000194F23B0000-0x00000194F23B2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c22db0f1f3e7c5556c647265f11755a0
SHA1 616b1eed99f1f1c851f44ca834d5d3ceb800d4fe
SHA256 84d6c995bc2e3bea2e6aa8f09dd2c240620e85dbec896ad435401548f7eac999
SHA512 ad118ee7d3ef23f8a1403d39be45eeae108d752d24266b407e31f4a3ad7323d6c35bc385bc34c3ea6ebb28c5a48be49d23206205b97fd76dfa186928280abd2b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b9f2ecb4d58798a54376c5409c32a09
SHA1 02dca1b82304de898a909b048eccc06defd7990a
SHA256 c32fbefecf1546569b5dae9b5c9aed73944cf4055c2a476241c0c098e36f47cc
SHA512 c03f0256717514ce2d65488ab23aa2ac943fcc89f1d9d5916111d79304759160bc62d4c2b340cb7de01a83da38b472d2ee5f48cb332740b31a52061fd0539c52

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YIIWY7B1.cookie

MD5 7d0a8df8db22e6e5fb53fbb52ad97eb5
SHA1 86d3b4112d6d86c479ac7036b5cfe6e81f0fb820
SHA256 036a28111a03291620ad4eedd3e5cbac8ff8e8f38f33d2df774ebc8e07372612
SHA512 46cdbb4947a96039f5e7dc5356d28dfd86d9041b26617ea0aec05f0fa4a3e71dad8ea4ea15d904443f76e735b288be7a674e68e3249528520baf26eb4f671b4a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NA1KX3PW.cookie

MD5 873b105a4852c830053ae8c97f6e99e8
SHA1 abec660376ff1f5a89fa81560081ba757eb8ae12
SHA256 6b6126e3c0d0773c59d9799c655f8328e4cbd906d74a3a961403a81d6d5efa61
SHA512 32bd7a82e8c9abda9eebe230928f89748e413323ceb15073dec7b3b2ea0becdc46ae16f7e9f57b2171f2b593657a0e381ed634f175313964c166f18c536244d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CZE7PS9D.cookie

MD5 85486be0270ed74a468af22d9ac8f6c7
SHA1 707fe4e264a2683045a069b221719409502eeedd
SHA256 0a65dbf0c729f2f897a6804ee186419e034d96a4e024d61700bee7c3daf3c55e
SHA512 5787fbecdebc713510fbaeef07bc7a0074a43c303d43f1e5a94186ba5cb872b1dd3a6452a4b99767bbbef94fd9ae8af455d7d41716236de7283f45411e246741

memory/2900-127-0x000001C7BEAA0000-0x000001C7BEAC0000-memory.dmp

memory/2900-156-0x000001C7BE720000-0x000001C7BE740000-memory.dmp

memory/4276-168-0x0000026A6FDC0000-0x0000026A6FDE0000-memory.dmp

memory/4276-186-0x0000026A70690000-0x0000026A70692000-memory.dmp

memory/4276-201-0x0000026A706F0000-0x0000026A706F2000-memory.dmp

memory/4276-207-0x0000026A70B30000-0x0000026A70B32000-memory.dmp

memory/4276-205-0x0000026A70B10000-0x0000026A70B12000-memory.dmp

memory/4276-210-0x0000026A70B50000-0x0000026A70B52000-memory.dmp

memory/4276-216-0x0000026A70C70000-0x0000026A70C72000-memory.dmp

memory/4276-221-0x0000026A6FF10000-0x0000026A6FF12000-memory.dmp

memory/4276-231-0x0000026A70C20000-0x0000026A70C22000-memory.dmp

memory/4276-227-0x0000026A70C10000-0x0000026A70C12000-memory.dmp

memory/5056-242-0x000001C2F9910000-0x000001C2F9930000-memory.dmp

memory/5056-243-0x000001C2F97F0000-0x000001C2F98F0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f80a1fa2de1ad819d926ede1c83a1d50
SHA1 3615691d50bd175bdc6e6e8d50bd5ee4338f8b0d
SHA256 7423d830dc701431e4327e3b305d9f1df96c320fac0b281b98b87fb86bd46226
SHA512 67ef2ca5f933b3a96aff44e43b936bbf3e59a59962c2c54960af3a03d690f4de3f0bee5ac4afdd9ad15e797fd9e3aefd03bd6b0a0b339602940139b6e4a8984e

memory/4276-360-0x0000026A74A80000-0x0000026A74AA0000-memory.dmp

memory/4276-362-0x0000026A74E20000-0x0000026A74E40000-memory.dmp

memory/4276-363-0x0000026A74E20000-0x0000026A74E40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0SXCWG0I.cookie

MD5 09b2f258a52753ea147da4d0cd0e4858
SHA1 ca733b0d20467d455badc0c26b00ed62862a6286
SHA256 6c3f771d66f6092c81612e31ea4b09306511d96e7d96877c2676421448a386d2
SHA512 79dc1c6c26468ce53acaad679ea18446df97c0fb5aa9d9c5342c7b0457f610557a3b5bef6ed4fbf98c7fad016d85ce6fc2ae9e42d8b2a442a7be2175de3dcf55

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 97956eb1c814d593280bca87ab2cbd71
SHA1 7621747c7ed422c1212d460a745c48f95ec2a9ef
SHA256 5e6a5a0b40e1a846f29745f6d403015fee65d8f9965a4ee951dbb87644fd27b6
SHA512 fe3fb3eb12bd177d0ee34ae31bf782c0ca77b46a9deedba141d9f9830c7fba5a7d5f6091325f072cd1959f094af4988ac1f5c8bc9eb225da3f8e4d08cf9affc3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

memory/3668-496-0x00000194FA630000-0x00000194FA631000-memory.dmp

memory/3668-492-0x00000194FA620000-0x00000194FA621000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UM50CO7Y\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/2440-541-0x0000019075000000-0x0000019075100000-memory.dmp

memory/4276-575-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-576-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-580-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-583-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-585-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-586-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-589-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-591-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-593-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-594-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

memory/4276-595-0x0000026A5EC50000-0x0000026A5EC60000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SM5WF5P6\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 46a5c2fe6c07b0f5bc68b91d16005dff
SHA1 ba6b7a0866b44259dd08c26f24fd7cdb0dc30d24
SHA256 82249aabd3059034898d6f9a9f179b9eaeaf26e9cec40d79f2e10520fede1a8d
SHA512 c77b64254ef17e80725f9f28f295f67a192c74a95bc63e4be49850cedbb98a5dcfa7b73cbcca720aa706d3353a3b80f3ed18b084149a1efa702fc4015fd01ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wr34dpo\imagestore.dat

MD5 925013edf3d00dfd9ca0e9c437c20bdc
SHA1 37b104a9e019b66c0fd6caa3992f5a529193baf1
SHA256 8efd050cb962d2a5f37bf25e84dfd920de373240dabddbcb737a4e66af5fe794
SHA512 b9b18647a2a4fc5f71b1e1dc689a19edc9c8ac039902ff093f7174b1c2f0bfe0cf02ab89bcb405acb97217a5417f027e9a8951e02db3a667b15ff9d434728e0f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z4XNOTR7\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QHNQER8U\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UPLJH2NV.cookie

MD5 d07f52935aec2f67838047758701976b
SHA1 6c07b3bc402c14875e835a20feb17e8bea442156
SHA256 6a8e417f80f563e4aa04d1dbd4fcf89ff5793d5c059d09677719fc00860455aa
SHA512 2ca612299eb269528fa5a26776f44b80848f24123f8012a0e708efcc75d673eb5ebc9d0ecad3b0182e2cf33c53d68f5ad631480849c2239e72828dd50f8f161b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UMQIWV35\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-tampering[1].js

MD5 e2b71f92d13ffb96c2387e583ecf4f53
SHA1 08d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA256 41f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA512 2720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\desktop_polymer[1].js

MD5 76e69c295f1223d67cc1abe176ee7da3
SHA1 0ecd6cea1cd9ba2502d6f935f35835aec7c75341
SHA256 d071195f19ec8b8f5810b31c8eb34a95038e0880fb9d351e8abdf1f25759b343
SHA512 3fe2427438f1272e0a31cd85e59107b70b8811120738fcf6eee4ff005f1f54f5869463e6e39b35a5b8c1548d3ff57f8dccef3b2a172111e114d87a67666cc7dd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 ffbb0836709f77fe01dd7b0d01dd2f76
SHA1 8e737ec46d21aee1b031d4d228960d4835d5bd31
SHA256 204e10064d400db8fde93e883a96472ceff283fe9c9f8211a4ef91719e8b7529
SHA512 f19718088f702fdd51df0c5a1daed5b7c883dfd08a2d337f552421572157f41d86d0f3680c2dc9bc48f449c3829493007e099aa0a24f9dc9268363640a6486b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 f873c7b128123869dc8edebe886796c0
SHA1 976f3d7f9d80a5d2ef3a4514c68b4c429619d6bb
SHA256 ecc3b3a0cc5b4dd7cde4bcfd4808222b37dc0243f9485c898426fde31258d43d
SHA512 53f98bcce3e82414dbf9f81b9fb950702433afb816536131c4c0296943123750f294421ad91c74ff359e1d4a5a2e5258d1d4e248af92c32ef7343e272eea3215

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\rs=AGKMywGeiBUuq5vqE4SKSRdxHIEuINw48A[1].css

MD5 d9a08749fec08ab760d54e41f553bb4a
SHA1 0076985a68f45ed9e99e9bfafc49de4207f65d4a
SHA256 a4bb91f252030cb86f73a3fbfbd05244dbf231629c4433359048c60c4b746dee
SHA512 58a49918b18aabe9fe99bad13010c97ed8b19809e416147a87a791191bd90c64fbc06fc54fecaaf82116043d576c24d278e729f3429d3901228877e8c1d71187

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\KFOlCnqEu92Fr1MmEU9vBg[1].woff2

MD5 08c655068d5dd3674b4f2eaacb470c03
SHA1 9430880adc2841ca12c163de1c1b3bf9f18c4375
SHA256 4fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e
SHA512 b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1JQ0KTTN.cookie

MD5 a57fbf8d8fa1c870fa96a83c9d0a58c1
SHA1 b980657e96612b4a8b8496b1e1d0f6389148b9b9
SHA256 f2a8b108e7ea6026aace8f419056b7fef2409bc2dcb86b5c061240928462a89a
SHA512 765513237c81555838c895b07c71f9678eebcfb00e68a9603f94312038b43d9a6ee2d3901ffe993fe4f1a618e5474c8f2384778adbcb55d300c0ba9219a0dabf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8a018f5df0c818f74ddca85878733868
SHA1 c449236141dfcb55f3b4033c79732710bd97298c
SHA256 e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512 ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_6020_GVTWDVIENCCUNUNJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd999f0f5596f9fb358af4a4c2e641cb
SHA1 8e2539a36b20ed352bdabf92b33ba4ef3d96a400
SHA256 2f7eb74a1b68deb6101e30285a3a0d83f5c3a1f7ec35ac5c0f0bb15158dce440
SHA512 ef7ad04965be94a6ec03c071a80d42c098386d18e5ed03ef0e4e7341d3795eb22696a292205ee912ae58d0a33e3830c4d5e7dd6b25cf5d9aab63af3c4a497981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f79dba1f1f3b583e2199884fc125e9ea
SHA1 b85101a3df7321852c1a614e9b15088caa115555
SHA256 d6512e9880fdf56c7a2b327bb84c8bc8e65a5686b2fbd02955866642642f0b91
SHA512 c7ecad1370278a64f9cdbf38740ca254b9b78e4b71dc8cc5836e49dbbda116c0ddfd99ca57283f53a698d80e26a18be672efb0853f881511e53acc6c72a54dae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\586b7e07-7b4a-41ba-9b4b-95c43374cf2c

MD5 2cc228a0bc53c07d0aafbe295437eca0
SHA1 0bb44a70a1a5c34ad4bb2c4b08fd6e92d1629931
SHA256 7fda25371ea6b9fc59e357b6b999567721af9752a523c2844a5fab75582778d2
SHA512 6b6bc21b2a19fcb16b59b884394ee73dbac71479b14b996bcdd2075222950cb012116644217b45d41bda1521f2c0f305106d8500b35d938bcf4315b2a93739f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\136edb35-b2f8-4a9f-beee-26bd2e37c3c1

MD5 8b99bf687fa40d6087da4cc1cb3dffca
SHA1 4428ea1b6a07d8c23ed0148e2ea36b1d62942ef8
SHA256 e12d87f44b478f32e8873c4141b58c9916db2118cef2296b8cdd1a516e851524
SHA512 0b30f2cd4219792c0694b5245dc37f957f14504a6d796f3b1420523cf93777e4ddc6a15c263623af5dc495a5578549d84fbd16160fba13e4b9040456678cee71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 7ac2b2d3ae59972031d43440ad7b761e
SHA1 bfdfd0e5771739d8bb179e53866985ab55f17e18
SHA256 687353b3b96fdaa913f250d99ede0d9b9defba9807685eb76c0af88d6196bdad
SHA512 c3f86e0ec7538c845223ef25eaf879136851eb01fe792994f0b6c7ba2e9359ae216de288771422513166478141d1d6bba38954500f5b3811f2a3783ecc6f3e61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 898e6ef32c15794796a778c26b4506b1
SHA1 eb3cc3cfbb7b6a66d4a87f576ce64a818f1ae210
SHA256 f5d66f84e75f2c35a54365d8bc724f4d8fe325acb6d9dae0a56f9cf913500cdf
SHA512 5d8980bc75138093d097413957de0fae8e48869da218e63640555a0ad23d6ac9b664cad2c65a53100549c05a36431af305940e90b1163007b065350ec8ff9bf3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 a4943d19a83ded22da601d7b03ea0e0f
SHA1 92be6543e5648e31ada7b906e466607c1bb5f8d9
SHA256 32d6e012417e5ae1d9a7f5edbcd0f7822d9e62a69c9c7a77a5a0eadba0c41fd8
SHA512 d97649e2a20d2c1addf014a2fc1bd3c8956ed610f4852bee0e31497b6a191169f819f6790ff3153aa95fc3f7e0f4047a1307d2fcc9882b231732080433368949

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9dc40ec752b87de53a8bcb5fbad4bd6d
SHA1 3f212906251cd09dff6eb47681b407b2cb0660b7
SHA256 7234edabfb9d1dee40637ddcc710290badb707487efd08d773b89df957f321d3
SHA512 ee08ae9d46060ace41c059fd895fcc916c09a2c3bfdb897245e61e510def0d28872896c4d060eab25f0eb3eff81bb056b7acfe990e3a7649d4b9d1c895a32bce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 bce5641adadeb6453045e6292150de56
SHA1 4398f872347e32b04fe23cf34f3865827d4ab1fd
SHA256 9b9b12145824179425fe3a7dbbf2b2f2a067fbabff7951fa0706fd3a9a49e404
SHA512 875023012c18f4fdcb8ff4759569cd6f9c76c3f35be4ebec69807712ec759ee7bb075258ea675f4885d2904338740a28cf19ec12c632754f4e7282f23392b65a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 f062fb89b658a9a64e3bce84bc7bbf69
SHA1 527e5949c31acbf55f69faacf39e447ac0b30fa2
SHA256 50061392c5291950cd657253fae33793e66543cc47bfa6393593765ecb08997f
SHA512 c751018885ad9a610ace5787df62716a97107e2124be37d0e760d4541e3b72f93d4d0536ad05ec6c61a9b096556e90ee92f542672aca91630214a631de0aa532

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 8a5185434f01f0787e83bbbbf8679c03
SHA1 86d58ca5afcb539ef8ea067dcc22be1b94aad5d6
SHA256 47134ca1f60097c290b268a7646e6e5616d3abc3cf0cabad425ec1e8522327fb
SHA512 884d80e98f2f5361e3fcfb73f623f180024d3e2c916a7d15c7efde61342c7ca9069b5d437cd72eee4f1f9764f2901e06804508b47a933f6c0527e799851a9e6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f5ccf1652f3df5820ef0f081f981bcc0
SHA1 525f2345fab9b7602b744f19274b8284cb1b9f4a
SHA256 ea68dd3e47bf076d80851316b4231f9f7c7cff4dadc6b2fde3146764626b1eab
SHA512 c15c23ef7eb98d52924d8f90a10700334891c3484db4b63cc06117aee4b627a5071d4580859b043a354ab1ab4243593de5be763727b28f12f2c9e6828e792d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5e6e1abd9f7c7584e2a81fd8b96b54e
SHA1 7a2ce81073713a6c14114c43607c2d3596deb489
SHA256 b1057bb8c43b23bdda7761a44bd9a4b567e8d811948603432880ac3892420abe
SHA512 f182b54d88d9cbdf382c86cad627bef57b386a9f657601bf2feae67c3b1b37a0726f4547242185055ae4534eb1d8493743397d1d6d78ee402e87c106189f9f79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6d5128f82332d9a211af25381b0bbaa
SHA1 313f7efd686ce3619b83af2fa3c7c831e3f41299
SHA256 10d598bbe6923623570b6844575d07c5eefacd47d134c9ed619b6b14c141e110
SHA512 3bb4ef9f25622b48027684432147b07d98ebaaf023ade924143452b36a6afb4c45c02bc394456f1666a8d968b2273b39e6f9e282129b74b9b2ad29dab1aaf982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7676dadb1752629fdf0b72301eb843af
SHA1 af07ed2915874ef002716d919d9705aa99f448b9
SHA256 ad7a6b344a9044e17f3c6dc1ffb9def17f3e865cc0f7167da84c6e2e223e44f8
SHA512 34af8e156416f27b509a000a909bcc3351d0ef7a5293c953a8b127c7dc7290c8d2dad91fc8ec2aaf1103a7870e255e9e3fbb283cd9b45c693a6f8a8845af5049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ff4f.TMP

MD5 b1fdadf799e20a64b067ad0508a9ed89
SHA1 ec2719d141d88cfdbe3cdfe20c109f06080b621b
SHA256 455dea11e4211d32d708fd0cb78ec65624697414819c147a9eab3866fd47f499
SHA512 fa6592d7e89110e58e52948570da2af9660d335e2f894c708acb0dee3c7b4c772d359e780719b4ac7fa332b2c040965202eac5b40e22bc9a779eacef3b1ecf02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 88344acaa2cbee1ccce47593fb77c9a4
SHA1 42bb49166db69ddc3d39349f7e4caeeb5acca4a5
SHA256 d9a197c49302e72786739bc94b2d89b978805e6f7835e62249814e9baa482e11
SHA512 a2fe903ac11cd40817dd87fa2b1eb5b3fb396129766b773b39b740c773ce653b916cf36833cf09e0367bb0f359b13fcf36de7755605553805993e69a7f25c26a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\238\{fe4185a2-2bb9-4f06-a585-d5a688d5eeee}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\3488426338yCt7-%iCt7-%rceesdp1o.sqlite

MD5 9f56f16522ed521b04f62ece2aa09065
SHA1 7ef56d2bfdae97fd28f94fe6ce50130eaa68ed3b
SHA256 706e51d1b86cffabe5749c3fc2dbbbeb9c9de89d73bfa44f1b9b6cba6b8f1cde
SHA512 ab86b0ebc60425e5ecedb8f278d07feb1bac5c92f83c0a6ed437175a17a424da99d944b88a71e1142833ad7d5f53acbc1b1aae453dba2c459b6fca09951ef41b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c1863c69524c6ab386a59139ac9eaa1
SHA1 fd7ad5cc2bac94babfd21b9a0b346ae34c079924
SHA256 e473168b86fe8ffcbc312e7274bb3095855129e476ce9b9d908f6f127170e2eb
SHA512 c0f507292ff85b0a8ce0597ea41b0e02f5cb17cc15080d6555045a35f59a425751ca5bb32a6721cb75678d09bc9f716d736d2e1d089966e978050e4b97c93781

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2295e9cde82fbf16f3deab0258f18148
SHA1 2707b1fcd0fe179f57cee6660464b438fd13104b
SHA256 75d6e16ba61653f226bc2c9fd00d59c3d1fa4f6ed355fa093a8a513c20489c6a
SHA512 9ffb884159fe8551c92b5ae7dbedfcae5112eb4f88986ff5eadd9d1e14e58014b73f4cea66a0b708e4a03e7fa715364a6028b9f25d2d3b8cfbee139a85bde394

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 f100c8bf97ee2568d8fe2ce2fe353622
SHA1 d2032b464f4d82c38167e036ab5e8c7c074fc3fa
SHA256 3111e00794f0c0ddd51a592d6ad0f9d9e92f95b290f52136126c5775e60e6564
SHA512 c42a9bd3cb7fd2b749b359c5b855fe05bdcfac9799ae1c1683437b37b51d28ec7baf643142881a1a3c8fd7f0eeca163dafbfb3ecdcaa25b66da5b904c8ee2c08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ad64bb93f4b58b935066a8c17e582ae3
SHA1 ad1ab7fe2809b999ff9e5c8d1e1bd1e1e28e3f86
SHA256 0a3b54da13bdb3ecf58f72112a089a9ed98f0c5d845945b8b0f53880e0745c10
SHA512 21bb82698aeef8328d925d033f5ee9c9cc91ff291dc4ebba82c71e1411b721380198bcbc6bedf93f59ba78087b45ec151c6fe73b0f1f67394987d29f7315a833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5851c5.TMP

MD5 418112ae7241e68a05c6bdbc5dbee802
SHA1 7179f94290234cf7e0c10838d786557ffc90d263
SHA256 a3439e0d3eaabc283497f9e2a2ca51bc9ddddf6ed5c8e964c00ef083f42cdc64
SHA512 3c651a3f8ab83f3ff25d7eb8f44a6ca2dbac0377f4e2a864a93dae9c846f1ef3ac59b48c94c2496a1ada1227de1644d76ae9ea9d3f72f3b7fb5739824141e553

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\208\{798e03ed-a234-4a92-b6e4-9bfec95eb3d0}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\239\{835dc27a-471d-40d8-b5fc-17fef82ee8ef}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{e8df6cdd-1796-47f8-8245-fdb9049969ba}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 79136825c62980a88b09eb95a820d751
SHA1 390b008b50cd60673b8728b35a205833433499db
SHA256 abfec1e24fdeb18a38394cba904e1db9b49577f87a9d3b7ff92788e4420be337
SHA512 8c2f599dd71c00da732d162e5855cb4ce1dcf9df7094f0aa3b6c815ad7b6cb6f197fef947ab0d076493718177457391dbd7e60f9ad5be5a25bb32a53d41377f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8b5b87848b5c99fe221f57724ad4ad4d
SHA1 602f00510616d808657d94b91876be9c718e6280
SHA256 6052f4d46ab81d2d1081d527ab40a5ade14cd8849dc47f8a0df67c968c0ca931
SHA512 4efad429c752fcadccdab5843c19b135d4e422bc7414efb72f4d2d825097a0b9f9d73cacd4e77418e1b1eaf6416d8b55826101088283b61df7044453f313bb49

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 712db7dfb10839695d5ed1de9b9e945a
SHA1 1290ec417c2ad4fee9957d09c733fe5680899677
SHA256 72bf7c454f4c294e14b75fd43b36a810e2875e0f19ee9fa4932f1800f6d66fef
SHA512 1c9cf21f2da1caeefa388d3671e33b263465226a5cf7f3778ae025406d52c9699ee546c1798e009d5e22f723fa0cb80fffaf28a2dea0d4b8f5aac79323effa93

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I5VHUTG1\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 e341e1081e0cc91bf1efde3e4a479e96
SHA1 69ffa0fae89d69215a494af2cfbd8a25629a99a3
SHA256 c46692791b6d899f52c31f0fffa6a45af154129afa90c0822139b981ffeeea5c
SHA512 49b8f72810255e143cb561027cc58bf9d4601f4a5fdfedef7dbb39930c45dda099b63152b3da215e67ff67b26312ddaf3301ea0bf213b98892f8b2947d82f86d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 d8cad43686e332c25199f92acf67ca4f
SHA1 2aadf4d709c071c7be7ecac6986de671d15b4639
SHA256 6cae1fc39fec79f8ff1b6117f75e177f315372b3b983239ea2bbd9c3dbbfc829
SHA512 2343da6152e0fb0269807ef46506ea900e78f7d5644bf0f3f774568c4a682f34e6f918025af6dbbc5788d976bd33ee0613914ecfb395ebe0ecd5e529fa25bce3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 26fe048232b11f7e195ee0259362f5a0
SHA1 f4d53a43859ab2019144eb67923f99164dd7b821
SHA256 4bccd15c70b6dd6056fd613109b42197c4cdbdcc9f34210bdc97c921997b6c24
SHA512 ff2090350b4c4f6b8978439c9652b79d56e37b980aee12ca5a6956e8abc97c6ed6103f71bb6084cc83a1011b588ac5e5dab463ee6957398ef1175e6727e3b6b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8cdd01bfb77631545b4bd35e426901e8
SHA1 85e7ad98bada892c6ec0fcca54f21b826beedd48
SHA256 df0e32c2dad0e85fd5e5f91a5872ec9b733311ebcf353f269d1b7229ed3a35ef
SHA512 81e8033795f7d6aca7af84a8f3eaec2d08e210fddcf28a0a68950daaad3c886aba79c250a8e900520a8f8e2068c84ba143e4b8e3f31cbc8d741fb50d33795e49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1729a888a64253e4d1299a4fb83ffc4d
SHA1 67f723bbaf786ab1aff856484e89a9bb46d65867
SHA256 ca1f750f4c5c875426d42926a9180f8f8714111734d250f9876a5badc721b97d
SHA512 9ac9abbb03dfd87d9e526363526e4a722f1621415890fe8448d9f6648bae9c2c28b0dc9bf188bd3a7d6da008c19ae8ecf105371c3621f748e32988599728082a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20a33f2eb797ad555e376395a616bbe7
SHA1 c283269936a02262b94fac1862d21ab85b2e7067
SHA256 9cd6437ed75e37ab7e1ba8cc277b98e88c303052ab94df4200ad4748c07ffb1a
SHA512 3fe9db2c62a08158e6cc61927a88d2f101b9b7bb28803c34d50d8695e966caee62e5bed3fe61356b419b50f73707a5401540b59d9bf8c9c8b166087f3e198f62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60c68b999afdcd4106f7ab151d59f92b
SHA1 5fd87462a61b2b9747ce0aaf4bcee6fcdd16ff94
SHA256 65d6482fd5b632295a7a4635e8a36dcfc9c9977f2aa8dfbc4ce7219be42bdc01
SHA512 56af0b8639d4e90ee8343762bd9f89f3a769117f008e8445148f11706daa95ac23fb9b5ad0dc28669a3607afc3c9befebd216d643cc0e7b467e40dfdb3199454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 896ef6b7ea82b1acccb9c5529b431615
SHA1 e3cd117d97110ae3254e5190771df4ccc26c92cc
SHA256 9c9c9de8c5f47ef7f6c5856bb4d8d3da1463f51f6ba3a7290c2a684767b72532
SHA512 a2692349fe7e21ac067199e8558178195afbd4bb961eb34f15d149b4830a097f8f30ca04cd3f52dc23f5dae1a22415939afa14c0852e84dd38533fae23b66bf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e8257bc3b9eba511c083aac78aac1b1e
SHA1 b2cbe594721e83364cd9991c59ea1495d3b6dfde
SHA256 129a7f957fc342d1eb1bbb494475753733a504b00e9eef71093a7046f8a7a3b0
SHA512 bf69e85061dcc9f1e9c644c1dba9268259ac293d8c9644f82d73d8839c91f684d9a588e5ca16e3cd0105f19905d0a77ccd564e0772838742822c364272109418

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 cf679c6e7f140e97a7015618aaa5e1f9
SHA1 549e49e51c109847c3f209d6e9ea3f55bcd078fe
SHA256 556e1419096fb0cfcb0409dd3d125eb5828b9eb87facbe9a0f4b96c28ee20495
SHA512 149da842b48c35accec528f109ad4904d190ad9062e3d59f09b7e070c90561c3122fa2cc2c4e7ebd40fd3cef2d422c7728533db6cfe52c240ba5243513073418