Malware Analysis Report

2024-11-16 15:52

Sample ID 240208-fg5bwsbc3z
Target a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a
SHA256 a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a

Threat Level: Known bad

The file a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 04:51

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 04:51

Reported

2024-02-08 04:56

Platform

win7-20231129-en

Max time kernel

72s

Max time network

286s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFA62EE1-C63D-11EE-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d78000000000200000000001066000000010000200000000f471d83383b2d3302f991114266cd45fc4ae98f59b1e85b842f81b8bbd9d221000000000e8000000002000020000000f0708f4f5a29fc26dbb5cf855f29c18952ce168986a11aeb4ef59c06763bfbc0900000004a88e9718698325119ac01e1d1dd52665d47ede4dec03637459bc1442a2ca4faae831ff459b75d6b47630f2bda2e5887946ebc7a54db8d7635c212434ff46166490fd2df71e7df9bae8084eb71018487ae71cd64ad8aca7ae617043b2815abb9da379019e406072b0e6d62226c4024082dc30b6c3b202f5d509dafd97326325afe95150edd47b61631ec19ae87a8109840000000d8a3cde7af2c3bc517d2bd8fd38581471f2830e9c4a33d1686d8a13c321c18a244b0bd2392f90b4fda7d5a4279e2888c2b980ae9bc90a6bcbb85a3dc89161131 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFA3F491-C63D-11EE-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFA3CD81-C63D-11EE-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2244 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1680 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1680 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1680 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1680 wrote to memory of 1080 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1676 wrote to memory of 2664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1712 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1840 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1840 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1840 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1840 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2160 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2160 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2160 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2160 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2244 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2380 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2380 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2380 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2244 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2244 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2244 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2244 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2244 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2244 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://go-case.com/main/case

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.0.261787806\1803478279" -parentBuildID 20221007134813 -prefsHandle 1132 -prefMapHandle 1084 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5b10e9-fca4-4bca-81d6-e28f6e14bb80} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 1280 11ad9858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.1.118886381\886535140" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {967d566e-3cf2-44a6-bc24-fc7c798d19eb} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 1524 1155b258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1412,i,2047356636272584144,1840960105156536972,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1412,i,2047356636272584144,1840960105156536972,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1468 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1376,i,6237416564970394367,2846630219387644466,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.2.594696583\1673830266" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2516 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1807d4bb-275a-4a90-8534-31b74a89facf} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 2532 f64458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1376,i,6237416564970394367,2846630219387644466,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2504 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2544 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.3.77664527\1123601587" -childID 2 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ace384-9e3e-4647-8787-72ee7ebb536e} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 2872 f6ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.6.614079473\670379413" -childID 5 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26142 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01df60e-c9f0-41ec-b257-cfcc3950a28a} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 3820 1eb10858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.5.381731116\1763555455" -childID 4 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 26142 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b6623e6-52a8-49bf-8f99-8759c28d08b0} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 3648 1e40d158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.4.350330518\2103731551" -childID 3 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26142 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c5568e6-714a-4974-8a6e-78873a95ba7b} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 3556 192bb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.7.1666870994\1832857911" -childID 6 -isForBrowser -prefsHandle 3508 -prefMapHandle 3512 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf93a85-6735-4b28-961b-4e798ce63850} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 4128 1f52f558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2904 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.8.1773046042\2119553060" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4380 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356ea5ad-1bd4-47f4-900e-e14d64c8174e} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 4500 217ce858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.9.73476831\695481729" -childID 8 -isForBrowser -prefsHandle 4616 -prefMapHandle 4620 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {769fd02b-a09a-41c3-ac8d-249838c5c3e0} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 4604 21587858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3312 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.10.633998088\900484001" -parentBuildID 20221007134813 -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 26212 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06bed08e-ed3a-4cb6-8898-cddbdbc754e0} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 4828 21f1e858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.11.2037608156\707513530" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4900 -prefMapHandle 4812 -prefsLen 26212 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60aed157-4860-44e0-8828-c0a79a57ea18} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 4516 1f592858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1296.12.1916708876\215715731" -childID 9 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7683961-8ad4-41cf-9249-fb5fd50bfaf2} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" 5224 1eb0db58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3892 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1296,i,4326574464105667638,9505710353633538449,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 go-case.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 media.discordapp.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.181:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.238.194.110:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 127.0.0.1:50777 tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50790 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 play.google.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp

Files

memory/2244-0-0x0000000000350000-0x0000000000351000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BFA3CD81-C63D-11EE-AC1E-72D103486AAB}.dat

MD5 dade45745efc0f14c1808be0d55bb43a
SHA1 4d2fc2bbaa5504fa707afc4ca66edc8f671f6aa4
SHA256 9b13aa5878d36df1102317c528b41c5214a545c837a2388160aea94267f6d36e
SHA512 a438484664d3be519a39f19a720624bbd2a36eb22e9f37d19e9c918071a058ed6f6ac753dbc7439f6f6950c837c24ba149a2ef31b09973f0e119e533ef9b6925

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BFA16C21-C63D-11EE-AC1E-72D103486AAB}.dat

MD5 883ca93015d9682ba31b13d0dc865cc0
SHA1 28fbfa8e6e6f2fa67f6bfa7667e2fdab2f36b0d6
SHA256 cc9f03351d0a52753bee42122e6d7fd9616754ef9570a458982c815a7fb8665d
SHA512 6e53ad2c52d898d48176a3d23b0976ef999764f94076ce311545cb745125a2ec818bfd94008b4e91b0788fc4f2d98acbb5dec2e596bddd7ba13ca241774da09f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BFA3F491-C63D-11EE-AC1E-72D103486AAB}.dat

MD5 cd7940b36ac2fdea6d4e7f2adfcd4c56
SHA1 ae04a83ad8ca151393f98e2367bef18b73780bad
SHA256 aaf1d42260a874ec5d1fcc3d55ee3c78e91a4fd66781c51857661b89448c4b20
SHA512 345e12d6157e9db2784faa76156329d9afb53ef5ab5253c8e5997fc660a14fba49fbce9d0d41cd95c12af005aebbd90f1a4c389b38b5afeb9489bbd538afa0ed

C:\Users\Admin\AppData\Local\Temp\Cab2EE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BFA3CD81-C63D-11EE-AC1E-72D103486AAB}.dat

MD5 ca0a6c183a9b821eba28e54747fefea3
SHA1 556e4bdc52161b129c61b7acd1e7379c7c782f55
SHA256 47e3b1489f6339895faf7b894ce56aa3c311f896365f617050ef73057382acbb
SHA512 47d1e44b60786ff61972df766ad530cb61eb4647e3fca0571a7415eb216d59788de3f31db6379fb390900dbb264f492193ed029589dd7d1406e4631663c400ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52b194b8534b59c557656d0a7f57e174
SHA1 ce1e9e72caf051d61c81e118a9c0e71be28747a0
SHA256 1ea513d0d3332681a6478138f07ab3fc9156a8e74002149c1bdc6a907371cba8
SHA512 a05161f706a42bbfe7bff88e61d6ad6151e892310a51f060b19ff452cea5bdc4ad59b47a1232d50c991dc6cec99781d7988dced79254a47b1961ead0e8852e7e

C:\Users\Admin\AppData\Local\Temp\Tar37B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BFA3CD81-C63D-11EE-AC1E-72D103486AAB}.dat

MD5 2bf7c95bf4b02bd274739973eded3faf
SHA1 646143d2d466c7cf83b08358186c452e53112ba9
SHA256 929e1272fed21f0172b7f24fbd9c26f285c7fe61ccfe93846833ce04e77c154c
SHA512 a076278f89373c23828cf691cb0857e2aa61c32a4717f9d1dc6a51bf485a48ca56cf1594a0679fa7a58df12df57ba2f018669021f4f2b8594c89c02cbc25166e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6f83c8ac02c162790810906ed631f452
SHA1 b6688c2f982a9eb12e49ac288d7a6235827b06d2
SHA256 6d798b4c4b901f3d1040407d3aa79ab02651e46a80e9507cf3a714b944d219f8
SHA512 5652dabed84380af82eb338da4d7b66e6ca6c9a9221943ac680f7a6330c3dda14f68863eb57e66e492f1f0a3913e6118711c2829c4673d81213373cf0edd63c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 225b12c50f9782324410c9101215fa9c
SHA1 1fcf6b0c482fc867fef0b11159bf79e51284f71e
SHA256 457dffefba7aae773b34da630e02d0d7d5495cd7758454b2663fbdd259093cdf
SHA512 3e7f4de077895d9303ad7534eae264df4ee6e544ba21d2628c31ce5145121277615079eb352a37a868ab019a0044c2b382f0119e5d0d8f783e969a7f4971be98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 67ebf22700d3d9016891c79c0ff4fccf
SHA1 cce4f98e20d71bbb49574d56f3d4ded95fef3c65
SHA256 292dfdcc49a20870cfb598598089a2c50395a6c28348f3f006c4ce233c6e7135
SHA512 fd412b7cf9a2dcae1d83e0da2eb15946f8f527cfce9e0d27399338039d222b40916defd2effa103757a3f20e73eb703cd0cdd6370e8c188dee126e0834960dc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b0ba6ac0b54b97e2e5365133c1f17c20
SHA1 20583802e5c403f69a15bdbc178296f2b72c7e06
SHA256 61ac0ef1e2fb8c896fcb3990bdf4654270e9c7ea27234b83665eaeb367d789bb
SHA512 10f441a2e9cf7c439776459e1a4c7afb67037e757d53e6c9f96b006c1a792e5060de0f08299304bb09a360b987d0c7501c433cfbfcd476df2925463c8c8c72d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d3fa5bcd4c9fae0b918874c82a52f13
SHA1 6a6f905eb82d280a4b9a41d63c3898f92a3f3af1
SHA256 20afbb60cf9236d23719f65eb46d946ee6e6c3ecf0f21326dd10f422ce41e0ce
SHA512 7e594f7eb74609e582269ed595fdcd977e80d33a630f82547c7feb0f1764703c32569c2959f1d9bd294dd7922d9b10733b477ab7e4e0e6e3e156269486247a26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b50690963bfab80623498b6f5fe5499b
SHA1 66c8f8ad9bb1f1492f7fce18621d9b89da7230cc
SHA256 fd7750c4f8504f9a66008551bc03ecd9111f7823a79c04cac6380f792785c949
SHA512 228f1d0e60ca4eadd6c53c68f7773e5a5fe69f72e881663e95f4e77e27ed923e19e4ccc51f946d70aa4ebbe8e6f1b8df8417b2fb9686f1a2f01d2e4079012f7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40a9f35d7fb600e09c45d365657bd92b
SHA1 5966f8cb82b4d7592fa506444e8666d8be7f8fba
SHA256 60716983b8ab0acab545dbf9cc0e487c1b218982e3a172cc97d9b2afa7ff126c
SHA512 26db16fd520085ee34730a359180f72fda932e625470655d3d115916bc9eb648ba770fa7ff39c177f09074a64511d1330e0dc8152b489b8ff66253056c6ba799

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f07ad9bf9176ee0631ac66bc1e3b12f
SHA1 17b8c83aaa06948cbd4911d5c1b47b88d3fc1eb6
SHA256 1b6e47de045ff5f0a96c0b1d357b567f5689bcfceedf3dc9fce645901ad6628f
SHA512 ba4adf00e313e01724b813a05557e7f89ce0869d5f14ae860967b6a415f880920abb2d1bd6aa633c47893664aaff9ec8b3b4e3787ff55703d2cb27c77d3ea8f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3da18a746e98894a0bb3591a97b76a52
SHA1 3cd98cf4e820854ee97dba1b354cd386e057d73e
SHA256 48ebc24d5edb65ddd3753cc2d01b57e39075ca6fc7d471f7e9162ab7366e80e4
SHA512 f2fded8c0878ac0c6b59630dde00197b5acdd643b3bf9e49aa4939ac68dba5b670ab47f987ccd485093969e31e9e7f635a5f436f0bcaadbd96a41142a59b2cfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cb7fb3eb5fb4b1d5b70348f41cc21fc
SHA1 50bb9a8b8c7298da807c89f481ad8eae60e512b3
SHA256 c76b918bf41acf1c0ff08177e86cdc5b55f59638ac6de5aef5253f60f3207dd5
SHA512 cb066072444eee3cb762f1088178486ce13fc17c67f206f886322b4ba196f74ca8a849292e4e9f4450b7ee4ce63d8bd42951b2d6af0a8d0249434bf7bae3d399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b0f1774b9eb8ec579a6b01bca12df0a
SHA1 aa7e127d94f22ab33bf635d8c8b58cd6aab3b119
SHA256 6aa9dea9801a20ca430950951530fc64bb91582f3f4e7341347295a1deb2cdad
SHA512 bab9a18f038333ddb55413d52df0ae857420487846139165fbccdfab663df8518501beab6978d5e9239c7a672645025d5e20ee1efa9e0dcfbadc9cd236e15145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 854119d1c7e24be171edb0c275901030
SHA1 b2133b3cd02cf0816dff256a83b4f41f8f4f485d
SHA256 b60adffcf68b5758a997836afedd8d4e3363fe7ac7c4b9a80763505fde68e0c4
SHA512 4ce39f69c09b70b54a3d90b39c25cb94a7a8085bbb9cb6897cc4196cc0a7aec357fd119448b54d3b143349213ff7db2327f0e34e73fd491eea5d5b22640aad70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1052e00f980e18b955d2d9ebb93be627
SHA1 05a788e74f0570af3a419680683e01241905c01b
SHA256 0e44a9dcd2a35afc3a268f3e709baed350692c2a6dd80ea42b00cf0fcff1d514
SHA512 09c0d747faa2c6a3088eadcf7006b9c3b96c30dfaa35262885da2c0f5d2711e65acc722a4cd6a266f732a56bdc709126528f337ab09827232f926be684c236a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYLR5K9L\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 894e6c5c0a2290e33695f2db75c78ae5
SHA1 9e1b5c59d33b4f5bd947d9f4781a069efd74abf0
SHA256 83e6d71d4b10056674de8853430d5e4ebaf5f32209084f58e7942b8307bba384
SHA512 0f20f5ffa72461bd325a39b7e594667ee06acb68b63645c42a3d00ab46989ebcdc9114988e0ae196d32f65483d1b6fd74681851a911b307028b27e6c17f62469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33677f99d13e8fb484c4faf73c66a430
SHA1 c357aa56b77cd13d96134240344e1993df5e9ac2
SHA256 1a04e7e9a4d3c3dce0334959a595c9fbf943e3cf1b187f368905103e62ca4619
SHA512 0554df63afb9728336cb07a104b354259da986e31ca10207b10babdc0816a001fc00c7d4a63bb52f894c3a8c797dcc4afe65ee4400c1cb60570078c910cde9c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 87d018c5e036dbbbf8d9ae31b85ceaa7
SHA1 c30c57d5bdbcb7e68b0f38765c80e6bd3ce0192a
SHA256 694b2044cf786c0e82584c23ed0563b5ce864849d8027d7e621381d0b54cdec7
SHA512 45dc068fce4554e1c2f27d590404416296b229196e91d79a525019f12531a8963b7b65f977e2d62ff7bb43448a361216e829d80ded9a78dff61043c29f86a2c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f1ec9f1bcb281902aebe880edb464c7e
SHA1 5f27d964b7763993a126de5a7527ef1eb046f96e
SHA256 1dc4176e45edb06b6149b814e82ed5340f39af9544e6366f8f1717675452a857
SHA512 c172dc6088a5c92613075e324d7be2227dde7f8504f8c1a24b6124a595e8157b8d53306409619cce5a4d2a84589f48e54778f257f5529d460ece52c2cb292c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ed1fd9c2066d00011dd8fc69456127fb
SHA1 5e87ef3af758dd74c87fc0020473d099da825e56
SHA256 a7ba1e2a8829e9c2282ea48e00109783c0a030fa6a384ba881571cae060205d7
SHA512 f707cd5933632b37caf873c9aa4bec5cfa5e99a1c0a1f11f90b71a7f1eb052854de4a9619d8aa848977b2a0bc3fcb7e8a0914773505a03dbbade284d3cda57c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d27cfe5176f76a39b59efe72e7f367f7
SHA1 8b006fb09eb13b86bec552053c460d7b6c4beaf7
SHA256 eaa5b874e724582018c36493c65346bd097d4b14084ba7e2accffb9e0ed8db9b
SHA512 940701fef5a007cce3f3efc255b93a1ba5ec3dac8339a1e1e91559f58abe099e19cc8ebef26490c178e3f2b29cc9607220c5adec1a45ffe490d4fe78820274ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57758baf0f423197f466fcc0d3a568fc
SHA1 8ffcdc76e666769b9e835c018c53b474c970c266
SHA256 c9a26d5af762cfb193f3cc5156c040ede6139598085cb800c63b64dd675f4cee
SHA512 dabdfdccb7aba41905203bd4b50a7715215da1ac9457c6dc6c578dce54132da08819d03cac8cdddbd01aec297c65d775a63c56cde73db1461a3857de74637b2b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 3678f82caaf0a849853bca81a3168d4c
SHA1 ccba7cdfd27b82da2fe114ea9b55ef799b5a8158
SHA256 1c09c19ebd9c97bad09acafe19fa2f31c8a6b473d6b8f8a76435679965559bfc
SHA512 76e2795ec8b0cca02520d91288606a0514f56ab34c15be75c42e30f87388cea2a443bc100bd0d2442dfa575f398e3a608104449540ed6d8d1231563a2cf79046

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X55VHCG\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2UTA4NX7\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9RC95DSR.txt

MD5 6725a765198f2f7cc136e7d9abb5b0cb
SHA1 e452568656c31d1c0f3ff88b5af9b7e96eeccbc5
SHA256 f575c5dffce3e97feb79eeeba5c51e6b90918ada9102fedd38c309b7124757ae
SHA512 673018817764a4088f627897eacf237a55e49b3cbff4e56331b01c6caffcefc5ca102feb2f1d7cc76bb6e766238f7b8682036571b89e73b5dd145e37922ccd5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 aaf959ad4e01ad8c6071cfb71620575d
SHA1 4a2b054b9bfcb1a195bb9881ab98d55e08f2a574
SHA256 0efa05e7f293633d22d3ea1e29d1727e6e226c5deac94d210f487175924c3384
SHA512 9c78045da71c795a42c2b5b8c7743e58c0815bca0b09f8764ddac3de3e05a1ee3ace298c79b918940add17ceb726b02f85a49b654a92ec3aef114f995ad44ac6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X55VHCG\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 ce5996f59cf51d36820e83ef55815bc6
SHA1 0824ec689ee65b726c1a032978d235c124281b3e
SHA256 83567fa2267772c82b0a4bd44a48ba88d09aa8c8d1b1829cb3db56cb91720b64
SHA512 5081d67cd6162d2dec61d24d168af4c7e9a0e6725bebf36e3fd1796b1e7ac921bea5ac548dd15b30066d2a5f40d84ce2d74fb86e21ea7dc17712d459fb05d2fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2a1c54553bda7fb047aa6b946d82ab3f
SHA1 10edcdd5ae76c3a445ab2b1dbdfde9579f5d0e1c
SHA256 cbfc4d55ca0edbf07928966fd5a200bd00fe24091e2a74c7ce8e65f239c18dfd
SHA512 d95312bcb951df74505f9c3a4f887110e54718831dec9307d0515b174631266042184c9f791da8803c7fd5c82eb53a82855d2ac918d9e2042392ac0f6e26e65e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X55VHCG\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PMSN1BT\3a012c1a689ae3df[1].png

MD5 96f113126e106726f8b834450192c44c
SHA1 4581411ec3fc7d085e4144acce9fe96219e46d7b
SHA256 ecc260ca82ff2ea807de78eae5c96a319140717ae737cc58c0abb52fc19a2aed
SHA512 4e1c2aab1cb29095c4009e02ff8673c990f04e519da18234c24c64dc6546db97db7daafd9d9a82d8387b275d176a031bcc3bafb1ae2c37f6b4a1d06b4defc253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c78575dc555035c975d6870fd510a53
SHA1 efe7a2219bd6a9843ee467694cf242bc55d5fc47
SHA256 b1cffe8da79bcce03989564356c883a9270bece4e69cda5a9de033fa84aac03a
SHA512 02a9aaa8d5cfd55f9159f69f02cbdf94d329cd239e8ebfaef955c3b0aeeff2074b4d6d659d1f84705544a067a75cff21f698cddae7957e5881f726c6f755157b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40584188e30cd02fd627dc29d9e92bf7
SHA1 17e529fdbc9c0ed7a9a7aefe73d1e72f64f94953
SHA256 d2c6fb4dfb6f15a667f414236a92b43273ee3e8139e0e3170ac278e37d64c394
SHA512 1b6cd5c003216303679bb4be5ff32cd8f7cc636938b0b71b5a11509cd6477f5b29a29560d71a99ac955d58a5dff76baf0cc477d70a89419928e32d0933e592af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21037758345a12ae8b52afb3236c81e4
SHA1 4e4278996a46f40cc1c24ee1bd97c34188e5c764
SHA256 faea3d8ebb3eda77b33eaa5bba844a1c0b2e76c00de43337bf8e189950b1db1d
SHA512 efd1fdacc4d498c2d409292d1c72481c3143b68a28297e9ae7cd150a60a270e5fc5ae7263168931b5207dd49a3f47d8caafa1f523b8be7d6a5a1d3ba67d29986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e79b43952e4597cdb1f7bd5d132196e6
SHA1 613e1afa5ee7be741183a5697087c5b4bc5816c2
SHA256 c4352376d1e94fcebf18015e29d30072e1c56559a9fa05d92af6dbd6903a91d4
SHA512 4b1d8735c28515273e45e8b72072d092c54c930dab1b2b3ac64e0482fc24b11e5f82aeb3c7aaed763aa00db7f4722a02686ab96a5b3fa120e73eb48e29088d09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b24d5f7a02cebd618dbaee5403468b34
SHA1 464a5f1de35f897a30606c228a861d72f6ddb32e
SHA256 afe62bbce55369780da83fdc37e0a85d337b256b12af2383f64dca9f42061f62
SHA512 588d2bdf526bae14322d410b0bfca404b7abdf1c218debba355dc8fb43eb4bb4871a013f5933cebbb6783247c56d919356502984b56ed94d3e5352e2edadcdaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 202c92d1fd9cf6680bdaac6e61d9f378
SHA1 08236d816848211cb17ed4e711f98a874385b6df
SHA256 e38972ca96ac8ac42f9e35e84d450a0e988a5ef6b4c6fcb44cbaa63703b14a23
SHA512 76a637aa4fa7298ae69b97e9e09673e8cb99eba43b4b6ddff20c61dceb4bdd879a30e8c4336618afd3ee8737a408327008ab7d61bdcbd564dcd0d20810232a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ff0fa9133edd065934e75ace1732723c
SHA1 343eaf96b804d8f1e4ef2eff86c6b4cd25974c39
SHA256 ada39db963e51624dc357f941e5fff9855aacaad1478584051f24cf59b6146a2
SHA512 f6af58cc49acf463b340feba173729fe5feb253d9f45b3b433c90815c60ed8d276b246fb31e536c1202c83e4a99e4c080e85425239bad4669039e7d3885af069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a15b7cf67ecb03083b86dd7dfee4f4c3
SHA1 1c451453ba8c32a687a8ce943df55bb2629478db
SHA256 73da45ac1f2f86172c9b50c71cf6023e0690fe80654e76002ecbca0dab146519
SHA512 d5a197e0ad82d8217842300417ad0000688415fdcaa7a6182b5cd8f1423a940709ff5ff8b99c65e49347e240e97e95d423c143be007415a28447ab7345701f7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a4ff1f8c316714de0ed6a32d108fae
SHA1 afd740b414bac1243a4b7fff03de37c11bd363c5
SHA256 b22b27d558735e0bdef191a1ba99cbf83e27d5de7641bf68dc22542b3eb5e3a9
SHA512 6a47df0ab0f086530f0ef2965055ef9ed1e292576eff0a3d9f31a8b5aba28ff17ace941de187182d8e5ba18129b93e94b903b2ea26adc92393abd1b147ee89e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32fafbb40eda8b52a3be36ad410e4b61
SHA1 1f5eeee29555fa3e58a5230f4fb3389a3c3209ad
SHA256 7f05d93f6570491efac6104750d669282430a1f25567269b13a0644c9d1ce713
SHA512 bf071b18e09640613793203960f32654417fac84a927b9106c8578ff33aacc864225a48df022dd6815f4469d32603c67a92a30001533f10b798928ddcddd1dff

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 8400975125e67fce5955608f9513d5d7
SHA1 f668c8268614163a390e6f118fdb2c3dbdf7db5b
SHA256 0b4a238b957b1ee2a34cc90b152d92432bcc58dbe905a720bbb868dd83fb51eb
SHA512 306faa8f72cdef3e2bc195fe4a8cc1a8597809272b087b4abbf2959eeb70c1fe54e51248ae11b2310b22e15e22c2ba4a9d840acc4e9fb778d418f508aa905e22

memory/2244-1466-0x0000000000350000-0x0000000000351000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1400_IBUDSUDJWQAVBGDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\70e7a5cd-4420-41b3-a61d-a3c04ce69f1a.tmp

MD5 d0a9f4d6eb13504c4fecf1bd0c17389b
SHA1 28d08c7414418acc9dee8793fd22fec7af873d6c
SHA256 028f7f74a81bffed2306b375e8a28d82828d1a9718d5b600ff75b71e33a753d9
SHA512 3ed70f233d841c2aeebb8c0b87edfdf83e29fd8d3b3d765cc6146b73dc46ae6e2b25a9cbb7e7a1d67950c7e05d2e52b9481c114d8828e3de6e3e8f4c6d0c6de1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6192d8d16e0ed9cc89a98f07930b96c8
SHA1 bb94b6a8027653cb64dc8d4f50095d6a9f570fc2
SHA256 f134f1a16e0190c4dc16ae82e524c506d407b44ba9c06efda6b8f359dfab213f
SHA512 7fb93fbdc10d56c5ad4a7559a1131a934a80a759e1c24e8f1c86bbfbb7a130981f5acf5c0dac4d8522bb8ca1a70c1c78e8193a281195858930733f57066bf795

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 562a89ae09168dbf935604032cff0e29
SHA1 547af5ee89c246f09428d6eba24dcecea168ecad
SHA256 78cae0e9cfd6ff26ae6ca04eba389014d6c9373e921a773f06019ef105cf8e26
SHA512 24082f817682bcb7d4bfacf90dea569a61dc3a97d95a2628e8c168d0c5e726e0473b336c218410f8162c1dd351d9fc134c5f3ba20140aa0e0cae30a378320a6f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\6f5aeb14-9a39-40a3-9d37-23083dce704f

MD5 c7000d0e08420313798aed6c6230765f
SHA1 c5aa1e1a8abdd8e96d91312c6d11ff56d3ad84aa
SHA256 f787495d60963d0f49a7958e19b171841d2563a81321e1f44e4fe6fc3fd0f31e
SHA512 a65f8dcb29fd5780fc07d6a07d3c1e7ec8c4e663b8e5b609ed93081122894120bb026b946c3fa84ee24a211bd5eb623e4adfa8462ab11f4bc8134dc70e55e60e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\1a660d7b-30a3-495d-bc6c-67306f8ffb0d

MD5 868c649efc6474c0d6faad00b49f48f2
SHA1 b93f9b316da7eb76d87d881a60d205c54d99aec9
SHA256 8c6b22273140a804854c09ee7a6551f558d192e2382e2a190d85c1e653b6b80c
SHA512 6196ec01d3d2bf887f802a1d672f9ee7929e04b32632e9df7738e8e1541b35be78771411a7fcd35bae2d72ff66491325e0487cfd84d794c130344fbfbf33a4fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 33d8b560695d8327ea9a6ab774ebbef5
SHA1 f1892bb4493d6e4fced2dc40ae29beebf0eccd33
SHA256 bdc6dc45a109eae7f8fe8dd9b96b8d58fc9c531b559b00090ddc3f25e6d8f187
SHA512 376ee0b34cc45f8f8ec3cad8e477c2d11476e07694581a2aa1a168212d826e85e2c4a87c616838c8fe2db2df7c508ee0ff7993116e1d6ed58d278ab6d4bc0475

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 525c169052301cd9c503ac6c258af9c5
SHA1 d44a4269c88ecf6e2aadd2fa141cb257bff7dab9
SHA256 e4432e50d2821633dc4550e42f527a9150bf0e25d62319b0935646ae1237d5a4
SHA512 fada7e8c00a87fc0ca29274845a4da7c60595046d7792b546b9e46f300e9fbc0455e28aad300af865e7875c7bce6f1395e38a4fd0645a83e2ca378ab4eee1670

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0df0aeee0599f13a2a42d462a87477ed
SHA1 77371a57e41bf0dcec408bae67335da5f80fe1ea
SHA256 362e1c7cdea771e82bffa70c8176ac2b7be43c3c1de2f2b1c60bb19e41b1b3ce
SHA512 bc6fa69523d51a992537bd08a0ef0f1abf44c9ea2b784d388d881c2e2f9c44341b570f3e75e9045c3f8485d0457ac2ce7984fcebe5c17b7bae3a27c5114d424d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 9229a538fc468cfe4f31c05093911b1d
SHA1 be9ebae772cb8c48c5f87eb4b73d5f230b5c0c5c
SHA256 854e6357434b9a1e890fcfc4e7cc0b3be26d1552887742fccadc5360252cf507
SHA512 1a5600f0a5b9da638806271754b5d240e6eb751c6f34b59711ca762b180c1ccc606fdf86f69d9a43ca05b9e0b5aff0e492547484ab6592a6be4719ea8a3c410f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 41dab2503223d9622d78c84f26975d87
SHA1 5f80fd821f4c1d397973857c26370647345de378
SHA256 2468516cfe2a3e27323087f62426e2b28020dd124f32c06d6e35f0cf04d84feb
SHA512 c0a9b059326bfc5d197d1eb39aefe6a0cc922fb092d73ec6aca647bc47260e33c76613588856a8c666b1ac18dab445f7725a33a0bf53772a60351faa58c598d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\158\{53b95470-211f-4416-8fec-54398621789e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\idb\3708876830yCt7-%iCt7-%ree0sfp5o.sqlite

MD5 ccade5b72eaeb307b525c3e1efd4ccab
SHA1 2819613446200b37a5bfb2b59297255b6a21870e
SHA256 60ba88431c235ab4dbd2d607f25924a8004c5f29e2395424f8296ab9dda802c7
SHA512 78089142d6ef047d0267a5f56442481bee7b63c46ba7a919b69603748eae5a76597e65b31980080fcc013dfb3e5dc6ea90d3b2b159a8c5ffc1fbb49dad0a7db0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769251.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c09ad8cc1cbd9942549741bd6b806f52
SHA1 7319a9479ba06833801757d668bb49184766e9ba
SHA256 6bffcc73122ab78013e9e7c05864f991056350dd0bfd2b12f279b2c2a7d919e7
SHA512 dafdc43c4f01dd46fb7cc188ddc75a6b4f3c5d03f1082d5f90956f6327218640a710f2fb179faa2558e05804884872208b938eeeef42c52ea048fad241e53a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\28\{f0c44c30-78eb-4977-b4c1-9eea35fcb01c}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\232\{7f8b6ea9-bb47-4570-9a55-e9907aac5ee8}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 7f8f7293619a9467af96c238603d0ee0
SHA1 409d353e02a22c6a153495ff821b2ae600be9043
SHA256 4dc63b6ce6b7efb3cd4bf7dc2d87d6568bc250d6695a13c760c4e79de775779d
SHA512 8e9208815a3a3bec0e9b2041a2e2f3d410ea53ebae191bde3df1c1433b59d91e99ef383120e4d0603eb90f1a8595fca240d5b153c3fa3c02021d1bf53a082992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f4752f11440b26d3f6eb2296bc20b31
SHA1 882552cee33976807458973f3d3501a62bc31151
SHA256 51a8aa58e5a78c26c24e52f1ff258f854f686bf6ba87ca01464ac3b8e92ed70a
SHA512 aa2f6338966f5c0f7605227fa8c7558967ae63996976365929acb0261f820275a603bdc5627e4d0c36e62cfe30ab5721a90c61f2f25f1b826adc99c5d2bef80c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 20342946ba3002cc13d8f7aeace69462
SHA1 0ec302d5b562723305c02c11f7104bf13041ffd1
SHA256 c391552d431067de38b1c63d615d8ba85017e0d58331fda741c952e266fb5e6e
SHA512 cff0d20b37ba238d2452ef0c7c5848b3d3af7b44c03b60e0ea41e904f2e56ab2c7d0132eb116a4a779da02099916f78c1b201b5d4dc9eacab7ebc6d429c7935e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d417f2dc9b8b6480757632238fe5ff1
SHA1 12e9d82ca46d1816281f415fac431dd5a0556dfd
SHA256 0f83b54c8de605c3e67098791a88e07aa2b93f831515efb978f4bce0c8a5dd38
SHA512 8795bc3f7e36ad15b986857d3e8c3e6db3a1961cab094258b31f77b7fd4b68a43c15e1de97aef877b4ecfaccaddfdf3bb691d6d421c8362a595fa4947e5b5168

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c03532eb1c693d80211d6d540d820d2
SHA1 372d53f60cf9e7de4ee147a97ab2695fa0194d2d
SHA256 021aaa70b9339cfb6fe98c7f563ff976a999571d3327ed82ea7653e39325f146
SHA512 4406fa0936655398752c214397507d1e3d116c73e589d0347b043cf880822de04c089a58befd5f26eca58edbb4434185b4d532d3973006b3fa71be1ca216528e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 aec6564b3ce10800c2a6dbdb1c0081cc
SHA1 55537d4da883d11791a854bdcc257497f83fb1cf
SHA256 026dab1724293b4f123b061a602de52054c81a31c7fa6fba8621f3a38c898f1a
SHA512 c64e0d187ab1ad0c7d357d7a9318a95cdd6e825c69fb3a0e38f1631f9d87ee6ae2987d38935ec95786df237712a3a022ba16ea977fd51ad8c4e36753a4546b99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 975ad34375120cfa29709575bf9c19bd
SHA1 76ec2e363afa8d1cf13afcd54493dff072262a19
SHA256 359909cc2ff9eaf74fc9c6c533e0ed8e34386a185e46242540ed25f2243b0a17
SHA512 e9acf07f860b5759196d985b86b027cf6990bfc98c9951e73b9abe1bb7968eeb2dd980552a4387b0ff3ffc058672ca5598f20c7710f2d2c66bd94e20acfeaf6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4a4f7af9-dea7-4b15-a1a8-af3a55ca271e.tmp

MD5 1e05ae8d395d0b0a05e7943c4a1b0262
SHA1 cd463153c81271c7bb3614960ca3d814131c6a9d
SHA256 737e6645210c184af1f6047e1c84569d7fb281013c13a0b4a10b196a62443fe8
SHA512 f6a9dc30cd1040636e1d715d74f578f8e045b24fad4320a3118830d013607782e272ab5d593f256eba7886659c0c52f72c7336306af15dbeb3186387117d3326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3feea58745cea37183cc9b545c34be9
SHA1 da0aeab00cb45d0ea804ddc6efb2a1f9a8fdfac4
SHA256 04c5c83645a012451a77c16f4022f151cf38d43dcc37100f2fe34b9789c5e056
SHA512 fbadd5db0a05cf4cde7b17d19ff74f6384f5e7263cd7c05c853c7cc034d925e9564a590f3ad9b70df7baf3f576170b5e1c53345a3f5124053356f71f111a106a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f092f49f96070b7cb69376567d8d8067
SHA1 8ba4af244d64fd12edb8ccdb51ae1d39b0571bf3
SHA256 87b39b26c56324a1b997b7d0e526406979f9e508c1d1dc5b24fc8bbab949a2e5
SHA512 9f266cd06c7f1216dbe3cee528c5c141ac9b3e17af4e3bbd590ef4013bfa1a39f979b2548987b145ff6643310304203a114c107f3cfa6fd9de621056ea96bdc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48f292d9e7aa6843e1a3c0fb410f8dd6
SHA1 42ab0379f6b663f23bdf94aff8c090199fe9023a
SHA256 5a34ac666d5a707db20f9baa18367807bb608cc9f4b29146c65e85e47710bb6c
SHA512 6782b5e451a7b07a16fdcd057f4e4b85e0c7ce36dcf6cb1c692db948f4e35a33e0dec3108b002b209af1a4ac92b92780ac7ad8d75ecbac9ca064e2d995b4b9f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdca861d31936f2862a79e319c55bd87
SHA1 fc6e5e612a00e7f36c1814b8390537e50af2b321
SHA256 fab6415aac6e947fd600ca562a0bb2d346163c5923cb5e4eb45b070cd509a025
SHA512 156900a91dc8e24b8b650955344058e2f43a2f7fb3ac3cb2709029d016e66c573bcc45f008e4575da24aa788edc32bed76b4d5614097ca2198858ddb44f7253d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 82fe1b8ab94205ea8cfbd2a1fb96726f
SHA1 3c6e00f8a46fd7a376e32715c3b5418c70da1c16
SHA256 a9bca37b1b3e2efd4399c64b30548870df2bc47909e9f28e14daeca20bd393f6
SHA512 3f47a6cf31c7f882e4e9c94344f45a07cecddc974c68e76377ca486406bb0a97b01574681e681ee0185e69d0d05ced91c09e209f03cf736648e5b4293f507d6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 a1b2d6c6360109d852320b1997ce2f12
SHA1 fab4b453ad0f10e9630bfff16f3e90d5fa95fe98
SHA256 5287dc55906ddd62a60af4f813bda7244b892146de500d56716a8d2b8ab0bdd8
SHA512 1ad513b5091b682a654039ee98e1ea194e81bc6a9d619727a1a0433172a6e314cba99d343c31bb132d8c3a82e9bc434a7ad39bd6e7daa07c2504c003be1026cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f38f9a67bcfccd0487f9d25bb8d0bfb
SHA1 6de4e1073104da5662a049332c71a15b4d3045f7
SHA256 e954cd5f2975779ce3c3f59f12b3ce2c032bd241c8f018989788efaec7da3d8f
SHA512 9eaf09d7615783ff2f644cf4ecbca96c0ca933a94c71e07b40ca9e2f9bb6bb79c81343b3b7bd6b76f5a6a826d5e2cf73b6e9f21692d5a2441ffb0eb353dd037c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d71f1ebf2889affd7ffab50161f44151
SHA1 b81789b46c1984e7585627cb7fb16f11ccf9320e
SHA256 9a7d1e1d059cb4dab59c3a145761c34f28332437b4c43b23779c92773e712d08
SHA512 03f2578c6325cdcad6a22c27d42282efd1645d1c1b6bc62d661866de4c30654486d3ce21865846e5e63f9976204ceb33188feef48ae41e53b22a6d4dd278d487

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fef61730f463dfc526e2b991e365845
SHA1 d6ca4151815489036f1e6022a6f07e84a6ca964d
SHA256 939c284804bb31949af1b1c0c3820a884ef311fa6a02de28dfc4c1eb160a7593
SHA512 b884e435b5f7b6ff7c9a41e0709c5e67df54ba05c4ba027bb9e72fd0a162ee439cca8424ec9fe4975c222c294578a0086e8adb158d70e9bd5c48152f87d0c4cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 616bd5420bb43b277944e097e3d56cdf
SHA1 f99f8ed344023993a3ba42ded371433a0cc8339b
SHA256 ad33853eb27ed40676be9559f4e3cbb90fff7bbdeaba0acb5298ab171da1938e
SHA512 e1b497b62fc0d31783c1936758b44de700f78228370f3e05ace3765b7c20946242c149ebfb7c0f44fa03b757fc715e1f00b55435520edd886236a326e2ef88a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04ef4f63332911d025de53c294c82ddf
SHA1 26974c27e1e18aaa258687f543e87aeb176e915f
SHA256 04c420b4973b1b43a7516b2ff8eed7fc359046a3edc93fe99803211f4d78502e
SHA512 f291f677749c224400cd59758fc75cf7681650b9773eab03f71c49a9f37a242be497f1b2a3100dba05c143692124ca148d9864e42bcdad26cfdac42e76c8a37b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d00ecd02cdae54ef0df1f8db47ece8a5
SHA1 ba57b7d6df8d28b83fbc61353b6162a992dc5baf
SHA256 544b4403eafffd118221027ddf8ed8b1f143349547e5cd01acbe0187032d0c37
SHA512 bed4584dc8bc28dd2066bbc6876cb661334b7f035ce368410a55b637f9ef71f709e8c889acd1f75193aa602463293aaaf21f28ee8fc7b982369798767d48d881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a62caf91f6893b5c6b6b0264de3ffcbf
SHA1 d35bcd6ff9242b3c10a317400ed9ce97af677f26
SHA256 b5fd54477aae99f36c409c0ef42b5c6455521ebcb5c5c0f0e3cda295fb4a7ca2
SHA512 43c3919fbfc84480dc62e93bb95047bad0cdbc7c216ba7ac7504f559f9f8510ee779329eecc6c23cc2c1621a4cb12a4792bd33cb6c902f0a37bd0668dd4016e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 bca385b6641257fa0a4e0901921401e8
SHA1 cc23c335eb861a8a88dede9b428562151dbf5817
SHA256 f266a0e43b43d15e5706c8eead5a92abe536e685e2ae7d54712a5db890b72bbd
SHA512 a7099b6d3525ae54ea63c6eb18b39214a43ccdd870b1cdf0e73f53f5c7a160ad73caa16d690c0809b7d1861dd6dc1eb0eca7e3c90e02dae73e6e0982f39e1c49

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 04:51

Reported

2024-02-08 04:56

Platform

win10-20231215-en

Max time kernel

299s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518417092876228" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\go-case.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\go-case.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 330db49b4a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 40036b824a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 996cf1814a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d09056d7bf70da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 679ffe974a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 592 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3504 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5696 wrote to memory of 6012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5696 wrote to memory of 6012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3504 wrote to memory of 6060 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 6060 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6060 wrote to memory of 5860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6060 wrote to memory of 5860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3504 wrote to memory of 5160 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 5160 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5160 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5160 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3504 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3504 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4812 wrote to memory of 2660 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffacdf19758,0x7ffacdf19768,0x7ffacdf19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffacdf19758,0x7ffacdf19768,0x7ffacdf19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffacdf19758,0x7ffacdf19768,0x7ffacdf19778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.0.937261613\1391817240" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dbcb2b2-a229-4f64-b9da-04d8e1d9a1d7} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 1800 28f281d6a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.1.1136353755\252094147" -parentBuildID 20221007134813 -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bde633b-2dfb-4a51-a3e4-da78cd2a8d50} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 2160 28f15be6a58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1728,i,14827550096121622612,1700361676923658907,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1728,i,14827550096121622612,1700361676923658907,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1840,i,952082959327573121,4683362845694502926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1840,i,952082959327573121,4683362845694502926,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.2.54800569\1377661420" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e838f62a-e750-46ea-a35a-6eb61873bae7} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 2824 28f2b7d1258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.3.531769452\448827449" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b027979-df48-46d8-ba16-05e3d6fa8391} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 3492 28f2d20fb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3764 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3620 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4680 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.4.414266672\1340946333" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4544 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16fe699d-14a5-4000-810f-e09e8aa4921c} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 4572 28f2e2b7358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.5.1568535883\1644984325" -childID 4 -isForBrowser -prefsHandle 4688 -prefMapHandle 4696 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00f760d7-d0a1-465a-b4ff-11d01ea99211} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 4792 28f2e620458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.8.47268992\2085989651" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae8d1374-8ef1-4239-a478-bf9e7c41c948} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 5592 28f2b782258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.7.1182963612\1146092088" -childID 6 -isForBrowser -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d173b08d-e9b1-402c-ab5e-f31e500c0fb1} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 5516 28f2b785558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.6.1327431533\1307106348" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5240 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97731db1-5933-47a2-ae02-39a43a6f30ee} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 5276 28f2fd18358 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.9.1013131627\824104185" -parentBuildID 20221007134813 -prefsHandle 4008 -prefMapHandle 3960 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84088a4-d63f-4473-88da-46cb2d9c53c1} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 5448 28f2cf8f858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.10.947332766\827346866" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f686aa23-5fd9-4705-bb42-d7fff7d37794} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 3904 28f2cfc1458 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5384.11.438326631\1727052380" -childID 8 -isForBrowser -prefsHandle 6204 -prefMapHandle 6140 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 996 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95122827-a79b-4300-974d-0c0efb33c2d3} 5384 "\\.\pipe\gecko-crash-server-pipe.5384" 6188 28f2e9dfb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5360 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5392 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1876,i,17952218600868527360,16930559869226863496,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 go-case.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 146.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity-a.akamaihd.net udp
GB 104.77.160.221:443 steamcommunity-a.akamaihd.net tcp
GB 104.77.160.221:443 steamcommunity-a.akamaihd.net tcp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.214.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.22:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 127.0.0.1:51480 tcp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:51496 tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
GB 216.58.201.110:443 www.youtube.com udp
CH 216.58.215.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp

Files

memory/3704-0-0x000001A736E20000-0x000001A736E30000-memory.dmp

memory/3704-16-0x000001A736F20000-0x000001A736F30000-memory.dmp

memory/3704-35-0x000001A7344F0000-0x000001A7344F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 eeec411f4c4f2a9cce3e95ad9197ab95
SHA1 f1a78b1af81e9415825ac4a85c1bfa1069771f53
SHA256 4eafebd1d4a26163190c5225dbadc4e86939c5919bb0aa3d2091e35eb3ad89ca
SHA512 97ba9ddd2c0b798f380cfbb35c50a22304bcd0a73275e9f4188ed8c57a3ea5d16be4cd5beb9921601b6939e8eb72ab01c0ce6f881e4ac26d4871f86b1b55faac

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 679d332d9d3b365690a02251a56f76b8
SHA1 7f19d20585bf433b788d9b5e279c37f484c6fee8
SHA256 979d97377ace8ff039f8ababc00585583117360677b39e96866a12487f4b3027
SHA512 1a4c419da39c00ac2ff36a2e03735cdcd96c4587e56c776dd6c4efd997a2e5780f856341a6eb90113bc24bb85abcedec6235da66a7c620ae2006ad75e25be977

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FO0EJ8DC.cookie

MD5 ef500d816fcbb856283d857344897de3
SHA1 a983e558340905cdf5c0060f6e61c393c0108586
SHA256 5723901378b62389078e5009d5cdfd34a2f05cd1506cdba8ebe2e2cd2b5d4df5
SHA512 962946373557057fb9c0a64dc4d1ff1f43059612aebe6b35d59f32f49b740ced4ace1e8d1c0806670e41d89f57cc0ff5154e4c989a9969746ca1c3c6ee9b8551

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CB3KWAWF.cookie

MD5 f8cfa6edc4cf6617fc7d439c45a26ea9
SHA1 6e4acb19180fd6dbbc9b8c1bc1ef95c5ce10d17a
SHA256 144ddcc46bcea5e22f13830c664b2b13657dacbd330f39e2a5ba03b03a54de7d
SHA512 73660a626a1a6b751d951049a7f90c8e4342c73e354949ee26b0751ff31b16bd7dd18379caae090379f3171e5da1a58b865d62b0076893c0b3c5b380cf21058f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2ce161daf2d377767a495030f39970f5
SHA1 42d379eb37861f6ecef6ac9a2320f45519e62fc2
SHA256 4889b89a0e8e7f9893e1921db65932819ee4223a90c3285ed6c4ea81276f704c
SHA512 f7b04cbd66aeffd5056e6cc71f40fe12682c37e42cd02ca18482f770543a5707b95d7e7900d880a5a219a19f673d2e7884386843bb7b9a15a5b3ed07b60fb70c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N8GCI2ZF.cookie

MD5 67a4bdd90c666e134f8a1994e7a9bb92
SHA1 268aff49c3c27159d1e482e9f289fca5b5d6231f
SHA256 adcffd589ca3965227782ea38cd56563087ae4c89c295b5bacfbc6c7ea42a051
SHA512 654a2b125c306bddf8305becdb24786cc9358cf743e0df29a1c178e81ee9d169da98107350fbd6bfbe1675f281f0db72ce0bde15a0ecf970c4d0df44bc80d8a5

memory/1116-143-0x00000155BFBA0000-0x00000155BFBC0000-memory.dmp

memory/1116-164-0x00000155BF720000-0x00000155BF740000-memory.dmp

memory/488-187-0x0000022CFD3F0000-0x0000022CFD410000-memory.dmp

memory/3396-190-0x000002BA94810000-0x000002BA94812000-memory.dmp

memory/488-194-0x0000022CFD310000-0x0000022CFD330000-memory.dmp

memory/3396-197-0x000002BA948F0000-0x000002BA948F2000-memory.dmp

memory/3396-193-0x000002BA94860000-0x000002BA94880000-memory.dmp

memory/3396-204-0x000002BA94F50000-0x000002BA94F52000-memory.dmp

memory/488-278-0x0000022DFE530000-0x0000022DFE532000-memory.dmp

memory/488-280-0x0000022DFE550000-0x0000022DFE552000-memory.dmp

memory/488-287-0x0000022DFE5F0000-0x0000022DFE5F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 8b0421806122b2035dc67657fae5b6a5
SHA1 642f0f67b2882f9b3d327845b19c309878f4a131
SHA256 d724a3ec5a7cdd99bb0720f249690c62a3d6f6a0e9e46c858ea6d7d062e93586
SHA512 8481e3346a460b33bb25c854623697d2a3b2f0cbc78cd1a32e941d96ba3705a9782f8075f6665bb62a98eaae5e48fb1420d44c52f01ef0bf619a74b3f6a98bc3

memory/488-293-0x0000022DFE7C0000-0x0000022DFE7C2000-memory.dmp

memory/488-299-0x0000022DFE7E0000-0x0000022DFE7E2000-memory.dmp

memory/488-303-0x0000022DFE7F0000-0x0000022DFE7F2000-memory.dmp

memory/3704-325-0x000001A73DA80000-0x000001A73DA81000-memory.dmp

memory/3704-327-0x000001A73DA90000-0x000001A73DA91000-memory.dmp

memory/3396-326-0x000002BA94880000-0x000002BA94882000-memory.dmp

memory/3396-332-0x000002BA96A80000-0x000002BA96B80000-memory.dmp

memory/3396-335-0x000002BA97020000-0x000002BA97022000-memory.dmp

memory/3396-337-0x000002BA959C0000-0x000002BA95AC0000-memory.dmp

memory/3396-338-0x000002BA95AD0000-0x000002BA95AD2000-memory.dmp

memory/3396-343-0x000002BA95AF0000-0x000002BA95AF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8A1Y6PVW\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LYACF4SK.cookie

MD5 81ca009a794c83f9e4556495c8c74552
SHA1 9a2bed612cd1a46ab1fec29ac65a4374924b214f
SHA256 057ddc20f9a266d05a947ba8fa580382502fc60fd01fd4f2fd310044ab322efd
SHA512 87ee0f0dea702543c24a27bebf10002f1a55632f622aeae0022d0d438117e67dbaa73cec5ea26cebac2b515e792e5b57698cc94599a00a039c2e2d7faf9505fe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cdc48bd8440efa901e9e0d2346462eb4
SHA1 5764c0d20c192511763386f7f4b53767a15fb674
SHA256 02ea6070dc7d13d97d0533bace8a4b36eb7b31f54bbd67b5019ef1f1eeb884d1
SHA512 1775236818421cd463ba74f01befe8f0ce0efb4e362e21f7a6ab9046713ce4003ed32f3863ac4c2ff898a6744d2e83ffcd7c0546e5961f65c333dd531887d7cc

memory/3396-468-0x000002BA99250000-0x000002BA99270000-memory.dmp

memory/3396-470-0x000002BA995F0000-0x000002BA99610000-memory.dmp

memory/3396-472-0x000002BA99610000-0x000002BA99630000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\12NYW20S\jquery.min[1].js

MD5 220afd743d9e9643852e31a135a9f3ae
SHA1 88523924351bac0b5d560fe0c5781e2556e7693d
SHA256 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
SHA512 6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

memory/3396-661-0x000002BA83CF0000-0x000002BA83D00000-memory.dmp

memory/3396-662-0x000002BA83CF0000-0x000002BA83D00000-memory.dmp

memory/3396-660-0x000002BA83CF0000-0x000002BA83D00000-memory.dmp

memory/3396-663-0x000002BA83CF0000-0x000002BA83D00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SX4W3IZJ\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\qgcyh8n\imagestore.dat

MD5 7fb970a7596c04eecba15739dc327a4a
SHA1 c7a2553764bb43d411f638a786db9f186b525ebc
SHA256 f391a0daacc11a75ce2405abaa5c7560043498e1b20bad8fcedf2c6137d7ce5c
SHA512 16bcf1e051798fbf5b679370b2026ca79b751c544d1f1469979457a8761ff6f83360bc704a9b5cd4509a0f1ef80c6da7b2b44e54fe2696b073e3e89e4528de97

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6HWYLCHD\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 a36695d5ff795e01c096567ab0a3c355
SHA1 9faf023ddeff1f07617413c2ec9472257bf2c092
SHA256 817d80886835d5e92b080a904ada6dfe60e58c599369397783cfe30d9cd4e223
SHA512 bbebd0c5c9c42fdc754da2b6e4839955ff5c1d9515ead2991f6c95204b9b3c2885f6e40b1f7447b5aadf7c1aed16a1f1cccce322b3fd2efa5ce4a096465d4729

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ALZ35MZ3\3a012c1a689ae3df[1].png

MD5 96f113126e106726f8b834450192c44c
SHA1 4581411ec3fc7d085e4144acce9fe96219e46d7b
SHA256 ecc260ca82ff2ea807de78eae5c96a319140717ae737cc58c0abb52fc19a2aed
SHA512 4e1c2aab1cb29095c4009e02ff8673c990f04e519da18234c24c64dc6546db97db7daafd9d9a82d8387b275d176a031bcc3bafb1ae2c37f6b4a1d06b4defc253

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JOC0CD1Z\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 95e4710f740e28c7593bfdc1de7ae263
SHA1 b37b6558db0bad67426af341b603c8343526bf14
SHA256 75d18f95b2b5c62f2343231369e5649c5c515b9211cfcf91e120831b61bbb2a6
SHA512 fa6d1ac85a277aba85267199c0aef0968932fc8e534cd834c432fb192f2b0ce423864f03c352514203ed4236ab9782dd0dc14923ff206143f31d6f60674d68ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PDZV5NNF.cookie

MD5 5bbf8b39aa0be55a175fbdca88c70bc0
SHA1 01548bba9dfcc3d1b766603523d3f20a0e43c39f
SHA256 0a6dab6129efa95ef7928b2d2845806a4dc27c83c6f6b4c1942a85e1cdee49a9
SHA512 98acb0a957531b2c98596f81bd64f59573bd1aa73bdfc067bae9a66e380ae7284c2c9fddd3bd17823fa5192ca9425663e1d73679839cd0ee200048a2e7234dc8

\??\pipe\crashpad_6060_EDFWYZPDESURXTXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8204dcb87bbae5fd48d767b95f72200
SHA1 948b0c454acb368a2db7a2ac39274664de6fc646
SHA256 8b4d173851b35fd5dc4acf171bf9aa0379a3097e72f7012b8ab9d8561f934fa7
SHA512 5be82938f3a94e947e475039f86938a83137667c56d21433dc6e6a89cc8473b635b2853425b5a3a175aa5a9c8767338c4cdfa0fdb09d71c2418ea69d547e64c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7f346b24-5d94-4b7d-8cf2-fbba47c3ae9b.tmp

MD5 48922bdc305f3d7925320546999c5658
SHA1 2425ced80fd02d4b680f4a30af9f5595abcc3fa7
SHA256 7d2b74b03e81874855ee76da180153e6bdf3d9fd2ec9d0b018f97b2242430fd5
SHA512 d49e91960f67ba0f82d83b33592f1cd11f10034306dfad29e8fe32842acc39f8b71c71e96479680a11b91e754817a62b82524c539db8538f2066e28d5f0ab53a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\db\data.safe.bin

MD5 6a42f877408f11c0d4deb3bb61887609
SHA1 204e0744e40e92efe5c7fa6a9d01d829dfa4a30e
SHA256 a6ac5cd47eb479d32cc75b05bc95f57ecd3212ce435d3461ffea175171272b8d
SHA512 5726e73a5cbdf658d42a83a816f9fe70577c99ed2cdeac23d00ae4a2f387114911deabd24bdd765b7098f9dddacf6338775de425c7cc133bf5dbb201fb32df99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\e489edca-125c-409b-939d-eb97d930fad2

MD5 e855a04678c574f0c1a3e9caef4df6e3
SHA1 b36c055c54cb5983899720840df68666bad27e92
SHA256 4c53e0210357071a1fc3fa3a0fe10c4a0567885b385f4ba9a027dfdc97e9cd1b
SHA512 0fe63ddfdf3aac925e8f5f1cd67f5c417ca290bd53ae3a0ea0e477685fc42c1ac822fb252cec1c3ed3ecaac3514314e91c724111e93601f8d804c9beb625d4a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\0391f11b-a85a-4a13-b53a-c376bc283aac

MD5 83f0cae63ff556490159401a2747c43a
SHA1 129a73f2b79f21f1302a7783c7a30d590d3be6f0
SHA256 bc2503b8550ea81ceecda8ea6a3e874d1a8a71e3209234bee15f85e8f3fa0da3
SHA512 d43b2903e9840eb701ffd1e15fbb772ecbebaedc1ed52aefc1b8ca8e7c2671a7d418e573b449c11b988564a5ee53bc58ffe2ab7d84bc295a612ec258a7bba19e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs.js

MD5 324bea75e1328dd6e367baed48bc19f4
SHA1 6162ece23456f210d024185c002d39a22c0415b6
SHA256 b781b892c7ae05ed8166ef171b0d1ac956b69b819218ca79718a3ae165c69d37
SHA512 3dc8ffb9b08c221d5c9ef3a8505d6c96a7b2c1daa7411c89e628b0cdd58228053262d1e0bb50efe2056e001b3d6bcd817ce1d2738241290cfdff1d0aac44936e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 512174de4daa32a286a0c4d587ee9106
SHA1 14ab5355a22d5dcf9fb60e4a716dd4c2cf6feceb
SHA256 e2dd7d9b0d05e75bcad7e0307cd2d5141c8531849c90e2a7aca542a1fb083cae
SHA512 cd4318c0578c3380f7e9dbcb48f5de1bbe64c7ed2b04c09b5e10a46cc584f77d7caecfa1b377651884543752d3b298a4913a6c9e0a93b5896796470857338306

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0ONNECOH\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\12NYW20S\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F4AYQCBD\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

MD5 cc5c53200913dca218bab4f905afe4d8
SHA1 52c2f3be587791096c9c0131b4d7838bc9652a88
SHA256 bc974538ca418a3cd6dae425507a1229d20f5af85104078970ab607d83bab220
SHA512 e496aae4c297946d9f5a1edcfe242449ced990f3361a5e14ca3ecdef97728588f68952197b38718fef66e2b7b6b8e3630aacd9e03083669569d2e61a97e0d52a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\www-tampering[1].js

MD5 e2b71f92d13ffb96c2387e583ecf4f53
SHA1 08d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA256 41f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA512 2720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0ONNECOH\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F4AYQCBD\rs=AGKMywGeiBUuq5vqE4SKSRdxHIEuINw48A[1].css

MD5 f03ec51f25ff402faccecb54edccc72c
SHA1 012394b44c9865e3157b690cecdcdf3efc4ea851
SHA256 bce5028128a0febe1fef4783fcd1a8fa3a26e602c9c4fcf495d6f5f883fe0def
SHA512 e3a2b289fd05eb604aa79a1937a36f89eacf13bfadd35a5a320f6313f04f0b364aecb7eca220b340b1e2a9dbe624a2b8fcb2b8a58ce72ef4c2188695bd17fbe0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0ONNECOH\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DVNCEISV\desktop_polymer[1].js

MD5 9611592459c7c48d4b5e81c1a5c2b6ca
SHA1 f841119b451307e9663934229732760a835ec0db
SHA256 082d5102de1ff548dac023a5262187e33f070c340c51603e39b1c5f646bfbe80
SHA512 255a152ab0f2807d7cac8ac96833047b00460ad8f58a9a48a3e6f8ce05e581bc84893f08c963ab238ac467434a5b34550103d90086d0439d678dceb7605d4da9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\12NYW20S\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 ffbb0836709f77fe01dd7b0d01dd2f76
SHA1 8e737ec46d21aee1b031d4d228960d4835d5bd31
SHA256 204e10064d400db8fde93e883a96472ceff283fe9c9f8211a4ef91719e8b7529
SHA512 f19718088f702fdd51df0c5a1daed5b7c883dfd08a2d337f552421572157f41d86d0f3680c2dc9bc48f449c3829493007e099aa0a24f9dc9268363640a6486b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 083896730e345acef925977e466376e1
SHA1 3d1597320fb559fc4e1c0548929e1ad445740c66
SHA256 3bb50e8cda8c72d788d40d215aacc4d4eac08483dd91a756a0385b4d91d40d20
SHA512 b1aeaa225611071c15b75e07c295eb9a74f11fb6b6dac577f65db2f47e1b069006e0eb62484f90ac7a13dc5d1f379b2dc15edf807188dad9ef27bfebea13ee68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 703ccff12ad9d7aff2f5492949516959
SHA1 cea239504fe07446b898f3e03618867654afc090
SHA256 c9c1903d7c936a387d042d88c511a3c110540f6f3681e79746d34f5b53012df6
SHA512 7c04ef96ce37a37412375abb89dae2a568a863f14dfe9b1e0011fe7abc93a46bb39561f7eb0f6e4950a4090a4d25d8805a7b0b66220dc4e3360cddb297e01d71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4dcc0698fa3b13db723c73b72d0db511
SHA1 0b2336be2b32e630624fd7407eb09391ac116402
SHA256 639c2f0449f7ca903bf74e5fa09e46545849d496c4a0abd6a1598874b2b131fc
SHA512 2b2c30be660f226e521c4d2e43d522d9b99d67effcdf61fc922b49b4e96506727150d2528bf521fb7bc9f4304362746008cd3ad50abfdc74b085b2240396e760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01fee2a2aed213f1f2809c4012c368b0
SHA1 4e0a118c8ccbba2e847c44b73559afeef662ac36
SHA256 ea3d57f6f1795aeaa591f04e47cc5e5df97af4a6dea179c80eb1f695d6f17cf5
SHA512 e1ef6fdc5304fb36e485c3ed7d6939b7bed569fa8663c9b49762ec80f86154e51349a94c204d87e9672d269f9a6a40c4c7105f5d9082e934da0f44d0bfc30d8e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVCMQBFA\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 144ecc84389c817b78bca84a156e3d1f
SHA1 6f08cff370f8c2a8eb569406e0743b7e1b56d71a
SHA256 b18e5af28cd6039b9c627def0e0d3ae8abf58ce7e2387a376f0c4462ffd9f02d
SHA512 c938a2bdc0831990751f181c5471e4b2f00af48922e097f1d281ad455d08878324a75d3c9ee319e1a3064e46366c5bd970b0f0126515b20eda3539fc1776e9e9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RKCTJFNU.cookie

MD5 aef67830c49ba8369bf44d3e24461416
SHA1 d5467cdd242537944e2fc77a1b97ef48dea37270
SHA256 010c6ccb757fad58961a02b37e699d5600375158eb8c7ba6aec56339e0309ff4
SHA512 ff0acd3454570b55f6aed1b3c948b7993bb8fdeef49b367157e58266ba2d1ef18bb256c864349fa20178d0861a89a127398713f9e2267adb1acfa1fb67035a57

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LWMD25Z4.cookie

MD5 434b570a9ff287dbab5860b2e06f737c
SHA1 448e145c19ce00d3dc72aaf9f856bea52cc01c77
SHA256 cb2a26a0f575880cb03b12b1e254161a8be0bf8f1959a4c84e9e8b6a24fa8fe6
SHA512 62df31a34b7d648a31ff3ecdbe8c91ae76f766228030e2b4c3797c2c070362f7bffe7c9f904a6ed225b536dea0359cc80aa17aa784cf8eb81e3087dbf877671c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\cache\morgue\131\{1bbcd7b0-d954-4717-bf6f-a06bc55e4183}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\idb\4128163033yCt7-%iCt7-%r8e7s3pdo.sqlite

MD5 78f29a7c12ea8e5cad1003a9f2e45de1
SHA1 90bd9b90cbc22eac3445ef36b346c7f64164d0bd
SHA256 85a93187f2ef334f9853693cede996c067854eb603aadcdc29c438dccf9fa64e
SHA512 595e7b4d702f98113892d7f25da29d2eb8d5761896972e01d3d3df6f35d78ee4f7361765b1044082206a4bf1ee8e337e93f863b5924d9d986d2e6bd5cb77e5aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3d4f448944ed2a61142e24df372334e4
SHA1 884f84e2075b839c469d5ffe2fbf1a0df833104e
SHA256 eaf94c36848c4f2b781d4b24a93dfb64923f6850bf26e5b3da5c7d74b009f73e
SHA512 eb2022a1fd034b5d988b77233ee3cb1be7826c36daf854d9493f1651a20995e328af0e9383f2b6b621f3801405477c488994d5c9a8d9466b42835d4a9112084d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir6060_1879658910\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fb0b1ee06f9cc521d6c4424d10d78238
SHA1 0ebdde7d6fc9d9472a0a7998f0708ca3e98b633a
SHA256 ea921427c39558e44c7c3057a50f12db9258b58b9206f2da59c6fd54a5a03f49
SHA512 edd9511408ba7e4ad721a54d413e71e9a0eebe91d44d1b430f192fac990f7c0142c8c61fc8497db87d223432c7a272e296c42999dc6f1ad4ddb70fc7d17d458c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe584215.TMP

MD5 75376d630bbaa1e1a63a97ded76dc722
SHA1 b49644d044f1bbf108f43a687def372933878b90
SHA256 e66b63ea668bfe8135c61fd6afdd03bf412fa25179eed4ec522273792783da18
SHA512 a95fe342ea10faf4924b56007a6fd4fd8f3ed74c9b4779aff08bd372ceb9985bf2b00404ba4e5b53b779ffb2dd278fd8f3223216aa563dab68755dce1ffd4731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a94be652b223e6b9af6f0e83e91540b3
SHA1 fa4a8c09b3da27bf1ce25ac0f067fb0554910db1
SHA256 2007ad9e9b3d2734e7446a9f723b405af68ac9fd388908024c7ff981284af128
SHA512 feb706b18f1b479d8fc07ee5e03f8cb6b7d4240b90f164ecd2fcdb23088ec85ffb34bfe7a3cf79951873bbeae266a7c22af95ca14136e6dfed215f3ca17a57f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f654e0f31da1ac03fc9a21755065ee51
SHA1 bcbbdb220264524fb1cb3b1b9e747e7525292d9c
SHA256 d0a0410c9b8eb247c4515a110e2e83ce1b61eeee18b04b62fe3798f52d790066
SHA512 42d0da4e8fd99fda9e9521ca048b63568530a35b3c8de2ec63e37d857a6a33b48a11a67f478d089c6f0e656b19b8a999fc5126f5b425de371e7a5d1b862d9aef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

MD5 0a1715065f6185ffebb838e9ed4a8c0d
SHA1 c7103e920dbbfb8a752ae88276a9c4f3fd95bbd6
SHA256 53dcd9db086412593989493c908d476ef883ba4d9789d2430e866a6e26d7bb18
SHA512 faca4ca2d119fb8b05a1ce73d836331e1f51d52e1e20e7e474e14b58146107757d9fa487a79b0e9d1bd1f7f471900abcaa9c07feba06d0290db908b96e587df8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\cache\morgue\119\{27a6016d-75be-4b15-9406-36b04e219e77}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\cache\morgue\97\{9a72086b-dfb9-4ac9-92f9-2394b4e8c561}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9669f1dcab1c4629f9761f9f0fcb63e
SHA1 870bf1de86e51eca1c7852dd9648a5614405a43f
SHA256 f0c9953df7bf70d712e7006dec0f8c5b3cfbc9298e9c23edba7f3773785a57a2
SHA512 228e603055d6cad4bd9d62fb6b6e107044cb5b797853983ff5a61e6ea3a0af39e84ad7aad6bc32ae42482ac770d6a62596177f3890a96c6640d6f4dbe837c882

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f1797ff4da99fde85001bc792aadb581
SHA1 e5b629efabe45ed1277b0d30414f91054882d0aa
SHA256 3425095fee392220dde67f79524f04e7bbc2e8a3e02a630047472a6d6a073889
SHA512 fad2bed6bc4af85f40557ef810529c09b3dd4b8987b5908f17a1dced63b446940050df46415f760da6b01f5165ecb833abf20c52c5620d895592789fa4487724

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

MD5 edbfdb6461545d33adb696dabfe19fde
SHA1 dd44174033a07c4563c61918474c7a23f66d447c
SHA256 2fcf8e0da01cee169192dfd166592612888c0123fd32b7db212e50db946bb573
SHA512 e55d3205be5d44530d646e3dd392bf454c4626bda0189ba944fae0af917d576554fd32bd45dd996024bd23bab828633a199b3ac0af79a55829131c91abd3fde8

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8A1Y6PVW\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 d38c36923dc7c3f12e072f34e8f4e762
SHA1 cb7d05d5d0de18c95744af620fa2a62acaead807
SHA256 0093f23a6fa9178b002bea0c283aca7016962570384db623e9a47a2b07f30e24
SHA512 81b956c40992890d6aab3b0ed92c3c16801cb25994ef2a949627d2e8b7087ce5de0768e49e516249a77f2af67d8c14324064d9e62a70b00f31bb976eb1900046

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 08e4867c24635157560ff5ded6c21353
SHA1 86a4a325e848b770d3e7632d04c7e3d280844896
SHA256 fbb8330cccdeff90b15481f10b14b50ee4eeade1ea2adb658d1d986085703318
SHA512 bfe9a3e8ee2bd65fab28a56afebe71a6a4d9b5619d9db269db9c3d9592a791e7efb2be30e1f182213f71faac4654fffb19927028011710c95d59f9edcc925df3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 81156c0e825277ee2125667e6c769621
SHA1 212c34c82c408a3d58dbf8f01d23b332be82a2f0
SHA256 6bbedfb833130dc525fd9bcf3d594a41d4851002728eb72193b103b3f4c0b817
SHA512 be7fa9f2c52d40898421329e74d358a1338eeb1db8b0b866c4aef23bb1dce86c540443d89d50005295dc2a4bda4770d7607799a3d1a95a5bff407d8d1bd13a55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5890a2.TMP

MD5 5be2e0e59112a921b71afa7183ea1fb8
SHA1 c08581135c215ea1ca2735044ba67521dc6ea8d2
SHA256 880517a1c9722fb8958148aedb369cac2a8461f66d5b7cb067545ef05e653db4
SHA512 5ed272a929e0826bce4980ec2ae27869b2f6daf8732a686a834d8a04decd4aa091e4c37a0c1a903cbe024a744b62e3bd293f09353f2d94c26c195fbfce1f0805

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{72036c59-0750-4c53-829f-27083c9b1225}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{cc6be11b-dead-4322-b6c3-56d0b8c4ccb5}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2cf6039-9c00-4008-a387-36dd7a136759\index-dir\the-real-index

MD5 0678a07ccf0dd51353cb85d7e65b4777
SHA1 d45594688d224314999ec2d0a8258bd412e9e569
SHA256 11d77f672d7edaa8025098d3441df68cf9eac8030c55ffe77cc8f70132d35ce6
SHA512 8abb01d2d4c8ba4de32c7892723727c27237cfc33dcef67a49194eabaf53cb222ce73f5c04eb7b2a2d04bc7f30d7ae888975e07b5bcc362764ec7c17d097228f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2cf6039-9c00-4008-a387-36dd7a136759\index-dir\the-real-index~RFe58a0fe.TMP

MD5 0536592fd132fd9bef7f7cc15996aebd
SHA1 88b17356363a453e507bc5c7728791b114116356
SHA256 8aa0d376366893aa5f14ddd13d8db9597655f2ddf6489ddef6bb2ad57126fd33
SHA512 eaab92b5be904669f9c4b252e441e7407b5028459811c75f5c4b010ca8703b78b572d5fe90577451192fbc85468e68d0737ffd2d5ce578f6eeb938460884468d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c62ac5c2ca74c75301afbf3856500810
SHA1 d56c71a05e87dcfc8a1ff62b681f92db5d61eedc
SHA256 abd6866bb55595d38c36f739c2812820d061c33c393323ac1728fedc2a0a5402
SHA512 2113a0a89cb24006bd1a4fe9b169fc429f9724e9a86a05908e2c340ba161c484c08464ebfb5988ef180cd1b792259329f4a6ccc5f09f1efc4b402277822bb9f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 001ea6fadeb61b6e805ddd01bbabbc1d
SHA1 7bf50e8d2123f838dd3acea065ca38157e64c7bf
SHA256 4b51cf395a7c19b787b24911a77a4fbe2e703586343e5cb71883cdd84fbd5bf8
SHA512 404601c1e2d26819563681204c7839464fcd28db2ecd37c2d5300d447ec5da95ab9839221153c8bc89e1434e6ac0c5edd7216e19a714a1f265f0b1a3bcc58058

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 415902bceec16ecd5bacd07c9b950aef
SHA1 1f4fc9bd6e2fff5f4559ff049cd73de0d60b5d6f
SHA256 329a4e63200173751d02d89c736c29148878786e7d8ab0c823713bdf03b7aae9
SHA512 6a8e08ef4358fc42d5d5c857429fc60db1348be1206d5c41d22ad284f3a294714a6d0b67d20042a8993762999fb52d9987b79867dd90fcc1f7fe8429f8c75700

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cf80cb3801a00534873cdb633d490fd4
SHA1 f72bfb60ce43b5b773523ebd8ecde0bf8a74188c
SHA256 bcb49e7ae7cba76150119d7abfa31f1d8797a23ee21553a8a1872ea01fbd70fe
SHA512 27d9a01f5f525e7f6d836f330d46dfaa2df6fca17864707387f8187a08ff91c235b23b91c235e63a2183f2e247cd83597fc78c733986f27d634fe9be908cdc34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3aa66162e1abd8ecf0a1884fc3fb233c
SHA1 d2b00793ad1e62d2619067ec630fe71fd666ac75
SHA256 005f9c99a3bbbc1148c9c293b509c6e0625022fc37b9fe22b17f9f4e18dd3c1f
SHA512 124a895b59aee47694a817941b8f1b64e17a5270e33fb9f5563f7e8fca9723ca3b7f40cd07ea12614cee781ec8e5056c3ab003555cebd508555d2ebc096091ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ea7a3a976b769227794722ffaab5ff15
SHA1 9ed8ab89f5b8fee12afd28468d59e2d46cb2235c
SHA256 ed16f3fd5580da92b2c43980106a638838bbb035e06962baa91b2ab54f8d45ef
SHA512 237d77541289c00388a537a58184cd191c5c7906a6196191085ab850a7b6ecafb486a5d93d338f27c1518985f0bc03bf847124517bf6f0f0a23296eb89237e83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 302f2d079ded38cec94a15997cfa38a4
SHA1 9acd1d153cbdafb59c33689e7bd62075b47ed89f
SHA256 4e521cbbe1a6a6260f64922221c36fdd3213433d7d155a7c97778a8a5160e875
SHA512 9efd7675c91c2b7255c2fb820324f0ff899783a2fed77a7d8d323a2082db0fdcfbc5ae35dbade0f287bea10f328eb759e7860b6cbec5a59c699df21b0edd6b90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d4d25b1ebf77f674d6957d77a8ca9f37
SHA1 9a0b82ba69b3ce1e9a65155a4fde8b9b0aaa3536
SHA256 f975d1301f9e4d27f3c31f145bf0487a95c0b7fa567d323c421fe3ca6f13305e
SHA512 61d4d23db09a5f95a7ce0e068b48df8a09521d848c6b36ffcb7f4564b2a9fe595fd01257084b8d87c3ac852de1f46a70ca608c770b79fac6c49856d3073c4851

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 57a0872a2175d1dd444f0f1b080b1a8b
SHA1 6ea00ca6e827fa38e4f91096552cdc051034271f
SHA256 269f0ea9983ed079571b85e2557b65abcba90bfc034104b91e0315b88340a201
SHA512 8073395cf82ade9a1463f6a0eb86a7c4021a94159d60a90934238dd2fe9684c956e428ebd85cbb5fd945aac3294e6cbd66d24f3bcdadd72142760dc869973181

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 392e5097d1bc5aa45176a7498105287a
SHA1 f7ae6acb6499737ab815fdc5935c4bce5c056ee4
SHA256 c906a7c55235808ac91455cfbfd4b2679046e75e66e3028d318238d5dd6916ae
SHA512 59b95d3df4a72272cbd9b7ce556a42caa6fc1efd07b9662743a430a1ee8900bf3638fa72eb806e79498bd47f6d6930036b044934728e3c2c5f3cc3eddcd99a05