Malware Analysis Report

2024-11-16 15:51

Sample ID 240208-fg6jysedam
Target bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283
SHA256 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283

Threat Level: Known bad

The file bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 04:51

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 04:51

Reported

2024-02-08 04:56

Platform

win7-20231215-en

Max time kernel

69s

Max time network

274s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5A90061-C63D-11EE-A80E-FA7D6BB1EAA3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 624 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 624 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2800 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2524 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2524 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2524 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2524 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 624 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1600 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1600 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1600 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 624 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 624 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 624 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1788 wrote to memory of 1580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.0.1056282356\338883674" -parentBuildID 20221007134813 -prefsHandle 1256 -prefMapHandle 1232 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f8984b-046a-4a32-be5b-e779de6c425c} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 1348 108f8758 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.1.1242847744\1084825983" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4090bd89-179e-4ce3-8928-6bc715b48edd} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 1548 60fce58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1352,i,7296333289258388419,11541510406377888538,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1352,i,7296333289258388419,11541510406377888538,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.2.1794298237\805152299" -childID 1 -isForBrowser -prefsHandle 1960 -prefMapHandle 1964 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b266969a-edf1-4056-b634-9385760c833e} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 1976 1085b958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2672 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1308,i,8450340433619228782,17264812017475211535,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1308,i,8450340433619228782,17264812017475211535,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2856 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.3.1290543986\1339171759" -childID 2 -isForBrowser -prefsHandle 648 -prefMapHandle 1712 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53a55298-d3ab-4f12-8906-5756624d044e} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 2832 d62b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3328 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3388 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.6.1645262552\455381910" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99f26d67-4363-492f-acdd-ad04a77ef959} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3940 1f7ebf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.5.336958984\936023033" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {803a1a94-e65b-4b30-99f7-cc3701d1850e} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3784 1f7eaa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.4.1781688354\1261648480" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d1b587-4c22-4f90-8be4-932ea1665862} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3684 1f7ebc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.7.1149473764\1037559273" -childID 6 -isForBrowser -prefsHandle 3628 -prefMapHandle 3400 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8af77d5b-918e-4dd1-9a31-1b658cec2c5a} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3824 1f978558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.8.495125008\1875905163" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0356dc47-e16f-4fe8-a8c7-5ddb2eeb5493} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4308 1f977658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.9.2038921784\1599156738" -parentBuildID 20221007134813 -prefsHandle 3460 -prefMapHandle 4672 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c70cd0f8-83de-4638-9bbf-1a252c0bb11e} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3500 19c60d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.10.1180917020\1888369917" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4772 -prefMapHandle 4768 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dfe5e26-6347-4c31-99b0-adecdc8ea0a1} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4784 1b5fb958 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.11.846282598\1968052573" -childID 8 -isForBrowser -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04cbd766-55ba-4a47-8739-912f9f90d155} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4972 1f7b3458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4536 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1364,i,10419283242327576979,7107138495776332827,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 fbsbx.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
N/A 127.0.0.1:50185 tcp
US 8.8.8.8:53 rr2---sn-ntqe6nee.googlevideo.com udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-ntqe6nee.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-ntqe6nee.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-ntqe6nee.googlevideo.com udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-ntqe6nee.googlevideo.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr2---sn-ntqe6nee.googlevideo.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
AU 74.125.109.103:443 rr2---sn-ntqe6nee.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
N/A 127.0.0.1:50210 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp

Files

memory/624-0-0x0000000001020000-0x0000000001021000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5A69F01-C63D-11EE-A80E-FA7D6BB1EAA3}.dat

MD5 a27462fec94ecdbe485bf80ff1600130
SHA1 d5321ee9ec2e7117577cbc41e6a41d4ee2fa87b2
SHA256 ec1cc6e26f1998f09543f0ad0e08d12da6dd292322a97783945d7e28873a92ef
SHA512 1bdb07453f878404a5dc6b669050fbb1cc758f413bb3bb7e9111c7d2e6b1e52b7cb2f6d910d89e57adaf91c946f111c008f11d72289247f0f50f6c09706e96c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5AB88D1-C63D-11EE-A80E-FA7D6BB1EAA3}.dat

MD5 a327bafc8c55f5f9830ba72d58a508f5
SHA1 0417157a906745ef526b6c67465a5c390f97a7b2
SHA256 dbe25ea75fcaa489a4030425641912822baa7987331aa43d8f55ed0f9e597522
SHA512 c2bd8e3707197cb004158a31fdf076e1f182de485f5b422dcf0b868cdd3b0a23a44f61e2337e2c890e4d2a3782224fd44792f944fd434643afb1183284667a00

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5A90061-C63D-11EE-A80E-FA7D6BB1EAA3}.dat

MD5 c4cd00678ba218bf9f5073758d7ddeba
SHA1 135eceb8db0509b3a1195e6915aa165b5c658117
SHA256 e0fbfbb594617216fd615c81803e5ee4fa55015249e02b6114e9f4ff534480cd
SHA512 877c0ef8584184d9a922205b06132a0013e62024e55ff067cec0ab45da7cd9ef0d484af9dcbb5a5543f45e3ae852adf448366cdfabd4bf81d49c8ceef6dbac0d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5AB61C1-C63D-11EE-A80E-FA7D6BB1EAA3}.dat

MD5 65704f5f83a53ff356dba4297b7e6c39
SHA1 8aa62f0a23f31b5084e9454e6c3a850da0868173
SHA256 a6e09cedb576385be5e76d81bfc764bc6f4cb5e861d9221badb787bea73a186a
SHA512 b013598c34063ff22b4fc7ea3c8772fa3e4d43bc6610e1f70a7d3ee3d9023fb6bb9cb99d0d0c52743b39f6c59a8aa210508e88475b5d64371b3e1ae9894eaf54

C:\Users\Admin\AppData\Local\Temp\Cab1D9E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1E7E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abbda7d55af78ef2d55d4bc270c2577c
SHA1 acd78ed89440dcdf64f19b8556c11e026c95d3d7
SHA256 dc09d50fea621ac185045b8db273cf0bbbd49ce1fb77c8fd8299bf0b3bfc5337
SHA512 9b62a8a3796feb949b43c0bd9c1f3519659d63071e870a8213cf27875cf6c793ecd73aff26975af6aa7c93877b106886e9b568313fd6eb4d50d097c2b9d8c40a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8a25c858aa06a16c0b4dcb07bc67533b
SHA1 aa0114e63c7261b93a679cd8751c7f01a38f9a34
SHA256 d31ec694abc509aa079b2db73be49ecc7b08c95617981036ecf23b928d127878
SHA512 8e2503efd5d24915d231c3486d063d79c29c34a78f59465c0db109b900f78f9afd0500192dbf37addc6b3992e3e62fece9e7f39e0f8c1ff8f8ee1ddb5e3e25b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b66677ba365f6df1acbb5f74656867e0
SHA1 d3f0e9958f84e7430ec13068c7f568bbd29d6934
SHA256 ac78b734de003785a65694d49372c0d003ef09d8c480754a0c4bd38de25bde87
SHA512 b8809db1a8c9b58b6543c2d35ebb9d6bf37a91af34260cbc0072686372cb4c17c5e6a416920fc99ec50d6020852ee9766af48a7d10c40c19e7fa615448df9433

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9ca55031d8ab8911530c0207bf4fa2f5
SHA1 af84bd2a7810ab63947714c3458767832a4f813a
SHA256 9a69a509c52e72a194e7ab915d91435552faede451d68c6968d27e32ede97a7b
SHA512 681630dfe0e677da20bf1cecd8a4fb031e4e90c2e7b15eb57a31918e8f133d788212067163234bb1941b373b7468d219bbd95d18e93f1043f75b22be03f4ed67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 800eb874b5da07c449294c8d9c5cc8a9
SHA1 1e9ee3f2f33f30b8a4aff2bf7e8c643275f449bc
SHA256 27dd6b4292305bb89e4a5af47d0f5026ed704cab5cbfca671b44902cfce1b593
SHA512 37ac984cabc50c6ae14abb8402ed867d41c2a8c27e677e953ea81172ea3da9dd70b6a000bbff518d227262f0eb3ae15c6b58f45bbb384117ad67831b14353065

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 133ccd3579cea8223a1cf816097bebce
SHA1 7a20e4bb5e97699c204d3e333c0b16f805811112
SHA256 a4704cbd74fb0de29f3ebae212b1048e7ca0cca6b4b365306230aefac01a0807
SHA512 73318213c2bb65ed377afe2c94aaf363186ec77bd40ad755729d0fd79612200756bdfa955bcaa6d5e70f06bb953f7b580de1d849dcff73b730e511f21a4e660c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47ad83fce702264cc6043071d4c04398
SHA1 d136d8054fb011934c96838ff4d94a9549202bff
SHA256 1fcaab2702b947f88679fb9206a707b6d4df1dd6b3787a09102680540a10963a
SHA512 02e8f094103e1619a946c15447311712a304664e6a51a2d3ccb94869eb3dd066d1a3575d8d23ec251d8ca9e30d6d123515ed2d383f7bc78b88b3af9aba08ec67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a483efb654590de39cebe83a23203f9e
SHA1 1f0c86824aeb48438928c59068899ae47ae0d7ba
SHA256 bd8daa89389a5a300d386b11b935a18dd8b577b6135e7f8c765d400e2366a01e
SHA512 263e54715722b21f9f35558a58da34f20db552ee98f2720178db5c5548c63406d27344af92b3eb6554621bcfad0c851343597edc32c17a0d22bd9745bb2dc54d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 244506899955334c2c82dff0fa53c38d
SHA1 e2292c17070e2b42fe2f089b383c7b3b923164c4
SHA256 a878f6ce254decd508a96eb0ec532d09090814eb0f4a5f66d500c473fbd5e78c
SHA512 4128342464c7f9745858c20b78618dec3fcd9638a6c02dc2d70e22b11e52581da850f5bfeaa80a2f5cab560c837c2acfae5d06c1ab4a7356f742b21a71e1a7f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ad868e845e8987d68868f025d93ebc18
SHA1 1ff1e3bd1fee6eb7ba94a61c84647ae2be8338db
SHA256 728f2b0147e3295f96e74855998f51cce4f6b21c4dab5fd0afb0ffad485095d4
SHA512 6cea0a0b8c13c64d50bf4dad4ffcf021cc99a7dd3552414876c76ed8945e1e0153c9c82d36f9d4ea5f270b1b5303a5b06d019fe29b89076757a112aef4c1782a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 992d16ddc9632d406ad7a1b42ee9f1da
SHA1 4a9769982ad606fc10146f3fe01af0f132bdd56c
SHA256 4bde9537a678911f30e04710fdc1b29ab26ab34ed5a01711f533d480cf560459
SHA512 8e74653978dc04bcbfa9bd82c1cc06a75bb1a0dbbebaf2a0e08fd0c0cf11706c55b9e1135a68a71f2f639fbd5eac3238784a76dbc5df6fc7affb290dd99228a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 0f6b77f13cb6e49940c5a4b7f4d3b610
SHA1 c8ad02e7b60b338410844ba6ae660228ed1838bc
SHA256 f0de40ea79eb2d54489173afc3e0eb9e4ac32df224f786b0625bf1cfc743b9e7
SHA512 f36ffe5786e8dac36d193476f19380fe0d60a10a04a8333fce865ff3e2a88dc864da05413f83102b1a6c1147dac2c28a3a2608ce5c0dad6b03ce42d08ab55537

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 c665a0f4a496d4b1c38229e1bd7dcb54
SHA1 56ae2583b961a594de34376ff5e423d9a784e18c
SHA256 25188c5e06873f7bc96b721b118d51a6421f35ad45ff324baa9b25a44b44d8fc
SHA512 f8c4a9603e6130b2fa650c950c7612b924e8d08fc8d023ed2e645027c6b5c6b4d1f3e9b5380b26e0654643b69348d8410fd4721139c9192a7600050da5fe0394

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2L2S4DCG\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\85KTZ0L5.txt

MD5 6c051cd7e6ec1390fffcd14a2baae722
SHA1 c37575cb16e70874fa60d17df6581b4c967a252c
SHA256 56e1be8ff2b343f8216931b5caac37c01e170bb80dcf9a7ba980aabf7aec98bf
SHA512 7add5c90a722404e875a29c2a3794111422060967a33cf8052a244a6177d6c8ced9646e11324fde8b06f9c259dc333e99f20f6fb755b06ff29d9707a1a5bd707

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5369c244bba670bd38ff15ead7c6641f
SHA1 27197757d52f2bc68d7eebdb77e7f41807120494
SHA256 a5589f7da4843ff21e13ec4e7ef953a5b3f07eb161b13cb8a946a9b5129e951b
SHA512 2fe5620a9be2b5bb121ee8273535fa49dccc53c00653c66921b7576dbd7d2a5e9121dc549da9858c0c9e48bf7dff5d60136444a6c41a5ddeee9b46169cf421aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 82d2d0d0c039895cfb82b099d7c93363
SHA1 2143a9e4cbb46ed07733c02f49002cb8551b8f85
SHA256 5b8ac8a6b1393a6ed36e41cf604aa0ff924a64e12bd1091ca4f0e34240136fdc
SHA512 1189d97fc29ca8b796265d0994c1ddc9e92a712e6ca0310cd7bf367d1f3c5ef82b05d185d48fefcd3fe9a70c31f2482629e3f5359d620186b796c5045a62a8f3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 358e4f7bedda924c1224d089d7094c81
SHA1 1caec80fd834de2dfe72ddfe25d246a48f55e2c9
SHA256 f2289a618fddbdbce3004e0c63e2ce689b58c48f632757517acd6bdbf045b586
SHA512 ec8ee675a8c4bdea471cc712f597317a94a53d87de499858822c6ba9ae7ed0fd99c892d8912ddbcba0e97e97409b319a12a71303bc2741803e0e341968ddfec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3a99ff8d0626e287bf18f81bc80a1c3
SHA1 1d90f91c125fd880231821886940aec548b34375
SHA256 afb6f84338c433b1cc89c3f81f3e2541ee6c7a8b2ec808b1fc551c755528aff0
SHA512 f0da6e93d610a50b225fa6bce2840768ec3e621083f46bf33d7b854b24730c92b3e1ca4f19ca5a4771703aa74ee80fc86b485ef81f4b6ce7357c6409b1dae495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4177fab2433ef1953a7b3a294cf4cdc7
SHA1 01642b2af5bf906836549cc23005b974ceef6973
SHA256 7ee5f3829622d7ecf46d3ffaa12f76a47284ba9f28f51b0c969df136b4c7477c
SHA512 0a003d28bb93b2aee330315265d4ee9a47f3094b579f7bdc5f0c83d93cfcbc2ae15b0fa000321bd7801102fc8690f23210ca915c06b1bd7fe43a9456bcdac7f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5dba6d127d6f96ce94052e7dfefc732
SHA1 bc3e219d8f486312d31204c5bea0a191a3286d3b
SHA256 0fa61964f075e24606515c85e8234c7f05de75f279fea03c38579a303db913b1
SHA512 64fd3aab435491a634bc05d667e8e0cc9000dee68911ffa65b6b6561ac0afff3ac9308bfe6409ab5b114c3055b64be99e495df3bdf23651c7695d8bf00fd3b18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c0adb6e07a8ed374f411a1037143ef
SHA1 8dc8dcf9880b7538ae6d810fbc6f9710f9796bf7
SHA256 8e52266212bb86fb370ba9020a413adcf9d0f45e364d3357a04e8309edaf3c26
SHA512 7fedaf60d51e88357a4939f2794c5f9418cf33b0fae8e50807001495f00b3df5ca97a126405574e2d6635eacf8e1a19bff14b9dba76948762167e6875e85266f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 466e1cc392d8246c8851cca0c5d42973
SHA1 a2e6d27658b5eb3c8b5872d9e9b9aba995b48702
SHA256 314760b2bd6f9ed18b44ca4b91bdab331be021a285ad284f93f2fadbfc268e74
SHA512 5c161f03b1fce2be5517cf186bd978ec6864a45a545ad56cd2bd6eae129d320b59a5c7ff923e29c10176b511184f2cd8fd6e6991ef0762ecba9b02f836a7369d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffbd24220e88b0586e4a2bd678c4c3b7
SHA1 c8ad5b964f1b9ed628d4d2fb180df761a2c80146
SHA256 24dd0827fd05f0594c694f6ab34b959b9a46a2c90cc696d96d98f29bd32b101a
SHA512 ed7885cce592fca8d164404fce679a3d1605a2e9fb823c0d5c1393d773c3c35bcc995a2a3f39402a8dc1024bd050564aa12bd56169d9f1361f8fd32f7efd9abe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67c0cf5a8ddb1f65166c5311b2b3109e
SHA1 5d26404ad52ef0079915c06120c91249d786708b
SHA256 4ceabeb6f7edb319b594c0e0b7d8e31a4543c85595495cbe9b5c3c39b1d1a88f
SHA512 8d06da71c5a390428dbe34cfae1320a81e6ae12bfa6c3b6c7bf67cabd1da8853e8fedafd867452bb85186a12c0609bc406273a2ef8a0fdbba4ed2d135e2465d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 758f0d5d21b177cb731920e9fa7b5c5d
SHA1 f3f0e633197690a343ac8900502d1ae28d1a23d4
SHA256 672beb61a38ca6501e38607f22b0bfde473d9063919b1e91e42d11e2fdf5234f
SHA512 a54971a5427ab183cf047875363d52b6929dcd5d10fd66c814b4fcda354e38e6af9fc993d8d9d016b6a05271227e67ea1012d3deef3a8b897055285501024554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299dd7717ff000a745a187f722f52742
SHA1 70d30b09fbbd140b17032d75a5733935d97641f9
SHA256 4678a48ee0104176aacbbbe2781f715f149b7e15629c578ccd45d04493772c0e
SHA512 4641fe6e57f61fe084e2b62e41761dafb10fe61d0f64a11f101d6c4a6ae50942bdfe71df05e8431fab861c08ed921ac30168e49bc603eb40d4e1f0d5d449a3b9

memory/624-904-0x0000000001020000-0x0000000001021000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1600_ADJHRVBGVSSIBGSB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5b2d893f-12dd-4fd1-a199-2c5e990e3b8a.tmp

MD5 85f79555faee54b4f456117c878ef056
SHA1 f922a5f9234e558001aa80f0bdf9080ee5a00604
SHA256 71991758350b50773469351ddf1d5a6efafc79b9c2872cdbf24aaa5f888f15dd
SHA512 8b46072a6601448d9744e89c716e0436a3f13669d95d48203a093051b632a5c2c0ba37ab5034100dfadf56337ffda1286ffb41284f291c26ab8c617c180bc56f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4f82d09c-4707-4d0f-8683-6e042a189f0e.tmp

MD5 1f7f60c200e4232c54dfbbe312123a09
SHA1 44a560e75d8a6e0e7a11f438444a738ebded51f1
SHA256 4d67305f4a6694424fc6556fd478ffd576b13125db2607b340bc69a25664a505
SHA512 2ecb43e712bca67610bb57f2209ee152f4daac0703deac9062e9a137a840c06cb110ad918c27b6126abb989504b3287fd3604cdb3d369f56df7d47622c3f9e9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6adc5f22436ac1e80482b8b3327d4099
SHA1 7978fcb52879ee3ffbd083c0b2668a3342118b5d
SHA256 43f6df58c1e97c5dd083d810972586dddc2b511b35818092fdd4a09d554424b3
SHA512 5063f398d0256dc55e88fda9ab5ee1c3c6bc1808d96506ca6b086120b48e598416565e2506c9558ccf6daff5e39d41aef9c50e30bc6e9723c011d3af1f0ff00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 ed5e9368189f607793de35c3ad103600
SHA1 e821309b20e706bd4b21b868dc7b79d46718529a
SHA256 266099f2caacaa9c24e00223d47bd5c1f2bae682d937e667deee451305e4b802
SHA512 5c994ac6b729a1da61aa8561e2d394dbd5bfa849ca1803f26cd3b49151d8571ff6b367ba089280ff63dd1aa785c628e9ca35115cf7f5a43cd06f2cb8e638c1f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 8833ace222b15bd8ee8fa0d859c1c0b0
SHA1 94b53265a53df41029efb5d640f8c3bcd9468329
SHA256 f4af621f1529425ef7f196c3bd180b269b7884290d2c6501f9937890519f5fd6
SHA512 41494718f904b8d0f844d0f6a0b7ce190e3e5d2a9c26f2e4068b530401d996f8c9c30cc59fccc950eb2d8b222a889bbb36bab20583905d83b281aea6d8531c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 99f93d62a79ca1cce0ea57b3cd43e256
SHA1 8e73d9c47a566b995cbced6ea10678b7b328bdd9
SHA256 a82ca5448db4cd998da0ad3701c9f54d2d289398ee5015d04f44f471aa3930c9
SHA512 ebffd9611fcd0364abc138d04bdcd36fd416c5df107992ce1762189f5aa6ff6c40968277f8b8787d33e959323850e19e946d6d773b2ca59b639a29ef7b6d70f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a6ee020ecbbb4bfe59dd0da627e59ec6
SHA1 fc66244bef48822b388ec9e73d70e5bb45cd56e6
SHA256 94611bb1d59fb1f791b6e64631333ce0de5101d45f7f25eefa1dd74aea84e89f
SHA512 82f28bd39f9708a8afce5d4becf63a7d007ec40afcbcb90933edcc0448094fffe778bc7af12bbc6a13aa64e58b734c95dba2661ca26dff99ebef1f057d156cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 6dc5035e0b644b16e15edeaa89dabc5a
SHA1 7505edc9c2ed6e7fc4883ae4cd0f6cff759bd1c0
SHA256 e0e314bcafde25b852dc7e023de61938f0e8f0a83a05cafe20585ef3318a9a0f
SHA512 c5651846a0838a837fb6ea8cd1707ebfa357ba18401d5e42f741079ee311bb4ba23a63799d48771253b55de1b361ae2a58c2d5c0975b639f5b20028c5745391b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\b8fcce04-cfa2-49dd-b059-55ea3a9c78bd

MD5 0ecc6009ed0eb88155f7d23351d113da
SHA1 e410a671afd16591d2e0964e4715004381c19018
SHA256 1d41f6bb56f6924403bbd1a7a1a9cd02820e638f43c63b04acc13dacb3691f0f
SHA512 751240923aeac6aed5c31527e2d882b8e2da691f76717e835ce1865413119ade0dcf2e02d964257de52a057b3f7f1e04a6544cfc07352aca5bf88abe9e5dc68f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\4f8bad65-289f-4856-ac60-f2ef99bafc30

MD5 5363e48f1e3288b4855d90b03660b389
SHA1 b0b6b7fd53d3ebe639f40ff0ceb6c33dee6817d2
SHA256 7a181eecc29b16f3810fd6e2b463e524c7b37259f304fd630ea01dc3fc38d0ea
SHA512 6cba953ec40e1753d053f108f2eca57e455e82c5b2d8053f11fab8c2f3c97d20c4f87460667d33343c40712152be0ffc4220c3d7400eedc5cdd97ca2a34d7ca3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 5bc1c0abb3e7dfca8195cddeeeb0e156
SHA1 e4e0cc84258012764196cabb333f342f1f8a21fd
SHA256 36f1d60c8f1e372ba0621646fd9a903f514d382fc66bc3e2211d1e81a383a5cd
SHA512 8ea7c27101efde0b22a6f22254ba4bfec1ad04d7a90d24b81c0dc1e4e59798404d4959d95ab3333699aca62e248f74e56ae565ee56ac9f6a7fff13b27c4cd713

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 76685f94e3601d9716f59ff0c0a4e967
SHA1 f0d22e77849391bd128dfaf703835b39724f4850
SHA256 b288a26d6958ed8fe2389472a71c3bb38d80c104733710c3b9659afee19b8507
SHA512 1d2456273ecc2f0c736e039bf5f062a91d752ec1509518cf0cf5df981bafe4745f0bf30c76108d0a917bb31e791a7df18e7f5b8611faf90b0ad02747a6388e78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c01ae110a323602a8619c07b5d9b71b6
SHA1 d4a4b08603d50237b42aba5fef7ec5a816c5ce58
SHA256 cf0c5410236db5737ed1ebc9ca057aa3074d4d6632605c2a981e0ce536c3accc
SHA512 0cc2c5b36e4a7042005da1d7a73b1bea7f955a29485ab490c24dcd50c1bf1fa4592bf44792e9fcdbd48580959e95e166b9f0d12185ea1e11ceea9dea4bba9e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76b847.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\165\{5ec02e2c-9bbb-491a-a314-f65bdd2796a5}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\1481198951yCt7-%iCt7-%rbedsep1o.sqlite

MD5 4e6e0ab087ddb3c77e1744b78443967b
SHA1 815ea664252f560cc7594bbe6a82de66b78cc60a
SHA256 c7fbbc793cc5429bfd13c003e089e1315e0571eee9216c47a4f985908b51f321
SHA512 4da24d0cda37b3310ff6833c505d79eaaebd89e1c5ec767f0f21f30e738cfd7a4236a501843ef09a8b0ea82fc175b15b925bed3df2d2cff9c810eb98883bddf2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6d0724bb1bacf75178a87c3687b5d445
SHA1 7125ae3b9efa19705ae2580842ae6ff2ae89a81a
SHA256 f27cd5c26006510b22ac0adb7f7e88fa4d9943021c5961b5112caf5729e6580c
SHA512 bb75d656b2e0c6923a3bb27e1fb26c587016c72a75690ab8077ee6211cbb27a7046c6ba583330529e89d9ceaa4e5006828f1fc7f65b0bcc7195931d6ff00f3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e9f88349deb3ff46e20bbe2b0c2c2e07
SHA1 df146fc060c0d4a59ed17e8926ee7cc2627d7186
SHA256 112d93419cdbc5389cb6069807a18f152aefdcad209eadccaedcc3e84b8403f2
SHA512 820f497b63ff4429f132952c7a55585da6e8fd617643e80683a3a643c75907a47f186ce290ddefd30e66dd743f24cfb96b37adb87d451609aa8849224f4b6af5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\112\{62920ed7-b1f6-4422-85d2-59ba09850a70}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\152\{07467615-e7ba-469f-8ade-f69bdd828b98}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 bb8442011c5b32931a91812229bb3698
SHA1 68ae53d0ef524bceded57f3881315d4a68c02767
SHA256 5c901cdcaff20b79db3a3b5752d69fefbbb4813905c08fb232f4853dea9ae227
SHA512 9e7562f70de51e9378df1359c21a9e16c5117ac03c08ea044132cab626e51e0caba5bf3bec0732ff4ca5867e665eff0f2ed3738fdf175d2ef02ef39a8806862e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 0143db6f4be8d457c4cc3bdbace633bb
SHA1 c4736147e0a5671b24a27998e9142202eae381c0
SHA256 84838451faf4bffb862b3c1c4ddefb019ad771d0423f04020fd55443d98815c3
SHA512 1a5672e4d494e541e138b29038871dcf86f0e4b44b50dc30e1dad84a1800f6e5b9ee7ebd7b63bafd4a88389618add53b96d98d9abd2a2435a9ca3552fc3a7610

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 1fa2658518ef834e64707d3dd24b0cf1
SHA1 0426b16884e7c0903cd53c14f66cce9a4c93eab8
SHA256 756c8aaba79b04d6a3d051d76f40855dab6dc2219f4504a06d6d003162b6b560
SHA512 53df6b2c3cd4bb305f9ba2eace028e5e586ab241f2e44cf68677aef580d92e36e0464b1a36104a33ca5bcae40652f0acd441f06dac60a05c1b97c0363965a100

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 3ed1fd993348a5550af2cffd7df5ca2f
SHA1 06c59ed0c6fa73bbf086072f60030657d8274cec
SHA256 9699e0b6eb3471ca7d9128e5a8d6ff4e5c2dbe7a038353813d7bf3b69d8ce00e
SHA512 4b2b673ef27227b26dbd5090a161129982df7e7891b6d26322ba0404988b7cf185e0b1dc4bf8f49adc82433c5368b2e5e3bc562b8c865e27f217a961d1bcc10a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 ce38ac81988a88fbfd227666a0cb376d
SHA1 29cbd462174d868ada66c2b18f4c2c2df7e10f38
SHA256 883f6bbab2b78df17906ceb9c7cace8aa059ac819012513b6dc228655f498fb7
SHA512 6fad1841ea5cfb838c7a401ca5576e3ba02cd16bede4983fd18b4f64f3e856be07ffb0ac28dc9b39f538a9bad06f388228cb38a288bfc44afa6cd24e4e8eca81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 48eca7ecedc19536e29e3ba40e27cb19
SHA1 df74fca93ad072b3ca815506d7aa121b84e35412
SHA256 9be3cc8f5b0ec086e2b5c6f956c3807c7ff78ab5cf4406da38336b7923f8fb47
SHA512 757b567d738494df06af871c168c8c209b83436ec6324db585152cffd6bd95b27fd4323a81c82cb533716e2f8d756a7fc33f34b20b6a53b45c865bb52cb033e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f61d89519f3da6a2d23a39f98f401843
SHA1 2cf193e195e38da9305dc1449718f9a697bc2fa9
SHA256 9636bf42007df58cc76f6caea6d95fae5ba1ab63206b35a756a20b9a36838d7b
SHA512 62092b4cac3d830ddda34944d6a295d22b26c11ff9de7dd6d5be3b7e20fffff5ad9ba8b1630de42fd0b5bf83a3a65f91b0c87ee1729f368ea76d5afafe21e942

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\98a20067-7680-430b-88a3-3c468b692b37.tmp

MD5 66a73a61dfd3b0695c9b1d7bc1a5ce95
SHA1 d3c21f4b4b2b270e8c5f2dc1faeda4c741b6f635
SHA256 26fcf93d39b0ab8bbf09cf557ff95cf75fc357c501a973b1ab2c71f3747fed46
SHA512 dc449e924c829395319b2ac2ebeeb4e6834c1c4852e8e68d18e9d210568f6abc2faa381449bb2a8e836502c41d6d1133eb133125344139268752bc27f40db442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 22aedb66f6d409e974062f909ed09197
SHA1 a975880b3bbd74bab6fcf830a82d38b839abc58a
SHA256 c1993712a8272aa470be83ba2f6352fccb7150c753dae650e6e896f0b4c795db
SHA512 98076cf6219c3f4b4a4bdcf99f185245e4e9d593cec3f154e8e8278b28ad076dad46004cdefb1cd3177bf8972db076fc903ba7714cd9c16328df1c3f71a24940

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 933ade206d856b5ea589c01cb0edb114
SHA1 fb090298190e98a46adf38379df27d676413ce0b
SHA256 0458e80c864741c6f571cb8904eab5e9702ec39fd211f7253874886de4055419
SHA512 47ebc69d5051dec5a5a3d4fe96ffd3d3def5dc7dfbc7ee789ed93af3a209380bfb68e7bf6468d8a1339959bbb184ccaa27a0508766e66e67039a9a4e5e7fdb17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83332426dbe51b29fc5244b726526e10
SHA1 d745fa81c8a902c962c2f93f5339005228dff187
SHA256 21a34baee012dc13f40a6a0f28532e646e0891be860b0661af7c7f1c13c0ed7e
SHA512 495baa3cfcbd6b8b2d9db942217dd61f29df301c57916c0ec0cb30c1cde03318d2fd4750a037ded9af6e2399253e1632f560dc36db62adccbeb79722bd901853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45855744f786c93239f35c2115781b8a
SHA1 cd80582fdb8a761a81be4d4eddf7eac2d1873dba
SHA256 6e113f0d5ffe3439ab8060031101e05108c85ae9ce617ec6ae2fbe8953a29708
SHA512 c47fa8537332e5b456c29230f07c1d3b3cfa5f3448dac7c5656078ac541e8b9594caf16da4bed5d979dd6a1e138f908005d82d3438f8b435fa88cf8850434990

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44cbdbbcbc2fbbe4502164d8e36a4da7
SHA1 f0649a58d17754a396a2c58a0719a75968a3d4bd
SHA256 7d5b5b7065fbb79ea4cabb38a338d3167db99f30990e04b7ed398bd24414b269
SHA512 7c307b010b2be690803587a196f6aa7ade4d05265c2aa961947ca92e773ef97f307d68a32fdc3dfc33d8cf27fd14e9adacf0ca2bf02423ceffe3581c4b9f8722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f7f0f61f48454076699031a9a003732
SHA1 d7cd26005ee1723029ddcf1095493ed6f5410994
SHA256 519eb87f1b9f0740389cff48099e2818526278d0a4a908d8ed65a19cee3535f3
SHA512 70fb6011c48ed7b7c291b9ee6bac76f0b56b0bfd26a6e6d61c72722d79812378ad281aaf1c6a89efa612a7e223048d507e4d36b4e4ce040f58544090f7640198

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1d1c2c882a6bc01b169bf21dcfab298
SHA1 fbc1af4e83eb2d0dc684a212f6be08bfeaeba7e1
SHA256 6dca89e56984d3af46528a8bdf56e33125dfa6388704d784a593c0f544799ae7
SHA512 fcf62960c5e1c11371810fe93b4bfa2692a84a6e3b318733493c586d5f1f91612df79db96b4a55408c4cc6b7715479791b18b871a6826d716613de10f5fe1af6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bfc4c305147cc978e123fcddf9b033f0
SHA1 e94f7393bdd97e12be88ec4dbc821119193abd01
SHA256 d2cead15f1b3cebb9bc3d64fd34da30bb673e6b746419b34f47799ba4763829b
SHA512 9ba21c23a43c7d6426a88219cf0f413423202df9224b270e2fd7ee14bac195e0260e446c30b96e888471dbd186ed06301200c26b22ae9f63830a1cb7bc0f13e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06c4993d5abc1bca0d9fccfa42ebc449
SHA1 96848539ec0f28efa78922abdcd2cb69bd18b123
SHA256 fb316a58df60d2b6fe637873a5e07d53f8e714ab5aa9ef4ecd5c4e59fdccaf48
SHA512 f53c9a3313f2ab2c43273cf813d533fae4d754b4f81421b3f46bdad3763a731f95cce761e29392b2ae0081f589029075d9638cc5102277ce3f7ccd7443069cfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84763604a95dc03da4143f6e5a12fc28
SHA1 5242ba8c9df5dbcae6da6ff4d917a892c074e058
SHA256 51234fdd85101fa97e6f10757b9cec747ba19a9385ec974e49ba2db34e831381
SHA512 e8c5b234e33a33bce390d765a79bf39d31502fefed47111312cc7224e926dccceab5cfcc517d0cc75ecb088b0f0b5eca36c73cb2f1badb9d9e64e6ad9949b40b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 711cb60b167901e9ca6f19f86943b801
SHA1 e9ed982d36fd3eea6374bb585a77e1566c1b75f8
SHA256 58e3674f24fd255b551afda190eb60b5f1e991d3bc4853866afe7ab9763f8bbf
SHA512 2e91494bfd930175cb3ac59955a9abd62bf7f480e4d59b7ec34e67d78d9ce507e56417042db3341660c81519a6b58a3546bb1dc8dc4e66fa585806a39776c7ac

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 bf530bc91b582bca67253cbc046fa98c
SHA1 c45ba01b49a2fdd29d302e9ff8703ad621c21748
SHA256 c782c9dd977fee9e0b8039d8e435543b82390b11e3b00411b8eff149e89b4399
SHA512 1af01f9ff3e845b3f7a11a35abda07d156d38db03b44d19e74fbfcdd55905eb939cdad5f7c381edac467c8bdf3eb157c1c22fb9f85ee0e4dd8ebc22f1e353967

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7b742a77ed3f46ae6690b546a9da66ee
SHA1 b0ad9f07089b8da19f2c407487a898f4e42ff060
SHA256 df9082bc83dadaf93c018d5e09205a4b32048bb27bf5c7c158fa918516845b0d
SHA512 1014081f2536f45b61301d0bbec73eb967bbb5b7f7b1bee67315cf997d681e31c95654f3bdb4448aaa68ec593e4b7a19fbb498e36fd947cbb3ffd29d9ddfd11b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ed711d84958bebd1b756342c6c24dc60
SHA1 1dc06427891e478a9fb018c63f4c47ee0900ba99
SHA256 2e28e0de12eeb68bc86b7e10ac66f3b8f3bae64565b8350b6d65f1ce9876ce1d
SHA512 042ad722ab417790b86bd058265bbf4133a39b38154c10bbbdedf0d141d44d306b5bf639d79afe590e12d2218fa86f13c2ac6b02078be81dc3c5c62692443ae5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d769a9adc4cb23b9b750790e9356e61
SHA1 ef3e865ed897de73adf9b4eb12f88941919e3bf6
SHA256 f8810cc22e235b915ca394102bfe3ce283009675513295181627e212b31936b7
SHA512 f98b9c0e17b5dbcdeaccbf571cacf4e2a7c81eb01a1ef19c8aeba3819e7d0f2dbee090bd781782d10b66d78589c5ee56a9abc0f0c685b75ab520978ec71ac2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 890ffd00d7642494e3732b468f2bd31c
SHA1 9398add2016734a72e2aa401ae7c898c545451b9
SHA256 7eae290be6334e4eacab91c3ee51caae69fe67d1a852a1632d058f739964c957
SHA512 1556afa24c518559eb4d26594dc5c680f011b999fe77ad5abb919f7f5cdc177cba7b67fec48411692f999cdeab82082408d012bfe4b3a155d4b90a29aa87ad57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 09f4e6de5cd94ebe61d43d772c0595b7
SHA1 6f03757d546871fced7dea49e5fca376ef220c70
SHA256 aed57bf5164341e73dc50dcbd34c1f6185e251301947c93728aae288060bb9fa
SHA512 56955cc68b57f2aaaa124d17cc00853bf3640e8900caa191485ac01d9c25568796c4ac8e62155d2f6d2a2c8b32ecdc1cfb2484ba9c51bda93b75d8b01c5ab8ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 18a7ce46bb1606a480c71c667e5942d9
SHA1 85703694b38c5651ce3056122daebd5965d4c868
SHA256 ba1eb1a3aed1363cd2b9a7115d23db2d6ffd804a10cbb8fb9dc041638e39b3be
SHA512 a4f3cf94ff79a736e392f02d8de9ca5415b7542f76852dbdd794939f48fcef481b2492b49c00bde7f565ad159c3f038287eaa97213035ddde1b5c8ac6e3af711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5be2a969bd806d12e4635483ef20cf3a
SHA1 e3e53f64314ba5bf308a62dd2de5f72da5ebd8ce
SHA256 76d7224bb2f110e82f2e4dfbdac1a0deb369530160e60b8d1d6278108bb5905f
SHA512 2a63d5849ed10581bf4ca2b0ee1278c041be2b47ea206ce7e00b124b993669e0d43e4ee34ba5d9b4a8949ec12ec9be49b79fbffac9736aff1f196e84b74648a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e9180da0570a6f0300471ba021f9f73
SHA1 247970bde8fc9356b89807b408d960e54786191a
SHA256 09f0a8acda6e335d1b1f76aa7c7e0aa4344f4bade93a97eb4e24e54cd9e3da21
SHA512 4155f00f5020a4fd65ce8dafceabc6fdef8444a4d9b3259d8e469823d9b9d49aaa117e7b40eda9e312b7bfb92211074eb92b323566241f79e8e198c279795e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3bf758932aab5c9f12c6e28c91627edb
SHA1 b2d920294495b38dbc0f607552516a9231041592
SHA256 77e497c864612b4cc8901ac78c8cff4b63df2b98f7425908a23203a183200318
SHA512 8246f88878bf068fc24c6c0a52eb5c5a049e866585ce0ede739fa5020dbbcb7167a877a4fcd5c1c95e33f2015bff83d63c115aec2ad5d3e008bb393da66034ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 392171102a8280bd5a88ca3cdde67663
SHA1 eeb34bd824a46eab97a6db9be5ff492fdccc1889
SHA256 3663f27dde6179c397875315d46637a8f2dff10f3117d830d787cc5ac9353952
SHA512 bc057e3241678036b325922a61e39f085e21c4aa460bd53dc2a096d5967e88c2c525c1c073ddcaf29dbc988d1d76b92ea3e1d5abf1238736eced6f28d4aba7f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b8bad0d198af6b2e3d910ea53cf0d2a0
SHA1 7c15a2f34d9a8923902f39e9626446a60c6ebf28
SHA256 0d693ac87a04c2bfeafbd4a842aa716eb83211a13edb80171ca073091bf2af24
SHA512 f248d4e3a1529e6c0c854453cb7b45855ecfc1b8fac14a0ef289c81a739ac3f9f11ac6234036a251c7bf5568a9a7b49faa16f1aeee7d0448c4958e6551448c5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5eb6ae20ff639ef1d653b1415b3f959
SHA1 2ccb4bcba26674b8ac93c172e37b9c57ed5adce2
SHA256 1e33a063e132209324ba89a2031e10a18bb8f3e676e8fede49c7b877c6c9db87
SHA512 5c448875a23f13b5d56ce6149927a4b2b5864c1ec3607e6ecaddee25d4d861eac6da19c73f7f8bd3fdcab7925b25469bcc834f4a79b70895c9ae7fc9fb04f50e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 adc4d0215989529f1d56bedc658232ca
SHA1 e27475e992909d2aa70d7624fa33253f2ecfcc3d
SHA256 8f2f25a6520415d53f761dc008bc900531c7ee8764f4998150a143df777970d2
SHA512 77563545d0c2aa288002aee4184d59a9b3f8cbf9689dcce8b052f030d586e2c11e9e27dbd94a9587bf23b312863b92ba0d1a87839a2517b39978e4c15356ac32

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 04:51

Reported

2024-02-08 04:56

Platform

win10-20231215-en

Max time kernel

300s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518417187039242" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f08414a04a5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = f060fcef7c5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 5088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 3208 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 1340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 504 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3976 wrote to memory of 504 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4988 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5564 wrote to memory of 5704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5564 wrote to memory of 5704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5524 wrote to memory of 5692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5524 wrote to memory of 5692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5732 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5732 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 5812 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 5812 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5888 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3308 wrote to memory of 6016 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3308 wrote to memory of 6016 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3308 wrote to memory of 6016 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.0.1000573550\153993970" -parentBuildID 20221007134813 -prefsHandle 1556 -prefMapHandle 1544 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd86ce3f-e34a-4f2b-a03f-9524069ee7d7} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 1648 27146bd7758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.1.962410476\949389754" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e767e2f-666d-4074-ae3d-d6a7e56cf895} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2124 271466e5058 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1848,i,12353812782079427191,9295690121794367507,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2684 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3860 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1848,i,943455763856711584,3503816093365886890,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,943455763856711584,3503816093365886890,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,12353812782079427191,9295690121794367507,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1844 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.2.1254462212\1741894539" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {824bff88-448e-4dac-82ba-bbdeb7b9bdc2} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 3264 2714a22f158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.3.406128885\1362258160" -childID 2 -isForBrowser -prefsHandle 2704 -prefMapHandle 2588 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dacfd22c-de8d-474a-a033-65560d966a88} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2608 2713c564458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4644 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3644 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.6.373935053\1433908084" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {924ae68b-bcc0-4b66-8716-dfab928ef7bc} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4928 2714d7f1558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.5.1322359280\1401183401" -childID 4 -isForBrowser -prefsHandle 4740 -prefMapHandle 4744 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a33d768-37c0-40fe-a13d-b594b3672500} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4732 2714d7f0958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.4.1345251933\547646003" -childID 3 -isForBrowser -prefsHandle 4616 -prefMapHandle 4588 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0790142-bea9-4907-88df-3cb82a21bfbe} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4628 2714d798558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.8.1586479411\289187981" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {420c4dc6-9867-4b72-9e10-045fa8bbc76d} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5560 2714f2db558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.7.2138808597\354877715" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5160 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58195197-2e8c-4b01-b15a-b44dadddfe42} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5384 2714ee36858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.9.1031677212\1431834607" -parentBuildID 20221007134813 -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63d5805-423e-4ca2-bc82-2f46a3f1fae4} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5940 2713c56ca58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.10.1330377346\614475042" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5960 -prefMapHandle 5972 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb66f81-e7d1-4363-8dd8-4635aa680d86} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 6068 2714b7a8558 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.11.986414508\476378444" -childID 8 -isForBrowser -prefsHandle 6292 -prefMapHandle 6316 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c26ed1e9-da1a-479d-8cee-d74ebf0e6a58} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2560 2713c565c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2508 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.172:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 172.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 52.168.117.172:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.22:443 i.ytimg.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 157.240.214.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-q4fl6ndl.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-q4fl6ndl.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 9.141.194.173.in-addr.arpa udp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.9:443 rr4---sn-q4fl6ndl.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:51208 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:51227 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp

Files

memory/916-0-0x0000020E37620000-0x0000020E37630000-memory.dmp

memory/916-16-0x0000020E37B00000-0x0000020E37B10000-memory.dmp

memory/916-35-0x0000020E37D80000-0x0000020E37D82000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2JN406AR.cookie

MD5 fb13b2eeb81f4ceaa407f1d9bd670e3e
SHA1 b349e47731533aef3f1b9d0bcb5f80c8844e7ed7
SHA256 74908f27ba743c515538d1b46df17b33492990aee96fe4624bf732fb3ec257ab
SHA512 da63e000b6d5ac01b33f8108095df717edee264233f22607ddfe08670a8eae35aff907258cc98b30b42050352eb7b290393425ccc6aefe9cf2e5adf4de314514

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d61676671c35eb06e6b6d3bd418375a8
SHA1 e30d29d206d1ee4c4ee926707e2e66a2fd7ef77f
SHA256 8f8db436848e5a485120edacbae62370cf221c51c640b82f40493a093b6a320d
SHA512 a46e366d35320ba7bf23e60d5d392c5ca3ccb87e1d7abbe798925c9be86d03764d7dbb13ef29d57deacddfee59ce8c6a1a94f1613218cad47c25c277b06db98c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b497cb83136a8923cd28a9b5a7c2e4f2
SHA1 8e0d043c8486c3e8a5b84d6bf1078034e5b2b598
SHA256 cb1f153bca1a6eee8f300b0a260736926a3a876cc46e94a745ad91850498fd5d
SHA512 e3b74905a3783fb3c3ce31bfc49ecbbf277e545653b52ca75422e82a49a25541ac5500d2d442b58a698242206581d4577227476b3c0c0602876424dfc84ceb7c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3T4H6DWM.cookie

MD5 7d81c5ddba7b3240bf4a989c92ff204b
SHA1 12c05bd722c5c7c83ff6720aaadb537f7d3d2871
SHA256 7e9d13f5bb3ceeed05237575b2a3d6648766cc27c2773714f8780488300a2c7e
SHA512 1c34a1bedede97c7e7f2bb0d2fc95407604ccae46085dfda8ad0b6deb860a751946aed59984e76edcc73bea9ac6925cb1da33b30d2c480947e3d313519a904e1

memory/592-102-0x0000028853500000-0x0000028853520000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OU6VCJBZ.cookie

MD5 08fd029ef2755226548443bd2853c9e2
SHA1 d6c3931519f21fbb57ed818b27c1dec69a93286d
SHA256 f8963cc41eeb6fca3fad3a7c340e12368243cffe138d12a2ca30398ce5613e03
SHA512 2a4f3fe442f0a6a5b19c06a88367f00ba1166779663f20e25273934dbd52ac34ec52db6b3bb43dfe91c8d7e3b9ec1b4ba93c10f158aa1ab449571e8d6fb49bd8

memory/592-126-0x0000028852C60000-0x0000028852C80000-memory.dmp

memory/5088-200-0x0000019C7E5C0000-0x0000019C7E5C2000-memory.dmp

memory/5088-210-0x0000019C7E5E0000-0x0000019C7E5E2000-memory.dmp

memory/3208-207-0x000001A9C5C00000-0x000001A9C5C20000-memory.dmp

memory/5088-215-0x0000019C7E9A0000-0x0000019C7E9A2000-memory.dmp

memory/3208-216-0x000001A9C5B20000-0x000001A9C5B40000-memory.dmp

memory/5088-248-0x0000019C7EF40000-0x0000019C7EF60000-memory.dmp

memory/5088-298-0x0000019C7E9D0000-0x0000019C7E9D2000-memory.dmp

memory/5088-317-0x0000019C7EA20000-0x0000019C7EA22000-memory.dmp

memory/5088-323-0x0000019C7EA90000-0x0000019C7EA92000-memory.dmp

memory/5088-328-0x0000019C7F920000-0x0000019C7F922000-memory.dmp

memory/5088-331-0x0000019410820000-0x0000019410822000-memory.dmp

memory/5088-333-0x0000019410DF0000-0x0000019410EF0000-memory.dmp

memory/5088-336-0x0000019410060000-0x0000019410160000-memory.dmp

memory/5088-334-0x0000019411440000-0x0000019411442000-memory.dmp

memory/916-373-0x0000020E3DFE0000-0x0000020E3DFE1000-memory.dmp

memory/916-371-0x0000020E3DFD0000-0x0000020E3DFD1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\87YVB6A3.cookie

MD5 c529a065624db232a11fed0a091c7bea
SHA1 f490988e14805ed979a52538ecbcc70c9d2a1812
SHA256 ad3e3652dce5c28261f8677112384e537e553157009f5b6521fa98cf8e8e2e92
SHA512 6934600d721cf9ea7efb93fcf3a91cbcd7e1eea279e66e0e4da0f778cd6a9849f0615500d8ac50e57e6cb47ec80d702cf7c1b212bbd778c6dbbc81197211dd09

memory/3208-401-0x000001A9C5F20000-0x000001A9C5F22000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GN78M8W0\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/3208-416-0x000001AAC6E90000-0x000001AAC6E92000-memory.dmp

memory/3208-423-0x000001AAC6ED0000-0x000001AAC6ED2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 5954229f49e63d0c1fd96e7dfe2b208c
SHA1 1d41613bd7712cf613caab1a0a3ff7f2de7a4271
SHA256 84fce55e420948b2802aec21020038f8a0f892ef1e33c9124535a11a9514dfbf
SHA512 157ca28113212b98241086a80b1abe58f98b8d44625079fd796f911abfa031f993d857174e66c5e23313a97a486ed5476fb953b2f1e4ad81306e489087e2862e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

memory/3208-426-0x000001A9C5DE0000-0x000001A9C5DE2000-memory.dmp

memory/5088-443-0x0000019413AC0000-0x0000019413AE0000-memory.dmp

memory/5088-448-0x0000019414000000-0x0000019414020000-memory.dmp

memory/1340-491-0x0000028593900000-0x0000028593A00000-memory.dmp

memory/1340-508-0x0000028593AE0000-0x0000028593BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7FLOE565\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/5088-559-0x0000019412600000-0x0000019412700000-memory.dmp

memory/1340-606-0x0000028592E40000-0x0000028592E60000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 31e1bdfadcfe23c052030158571ca127
SHA1 024f396c8d2e8a3a7c2ca3a55f21232298e7055d
SHA256 b85f9866d1124f703c6af46613e89be88e411ba2486b6426b2c59e72fb228feb
SHA512 4c62a6baadb6153f5e7d694a739cc04675303de45363ca857e0a416bce4c2688433346ed62d3042a9181c6afa0e78ecc5e9ce27fae13c00cbfcbbcf45882af57

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\34H89WFJ\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wv4osx5\imagestore.dat

MD5 f9f24e9ec96c7321297042628f07b980
SHA1 c89df3de6d0f83f6f9ef5e9d7baa2a10f16bd3b9
SHA256 4821f8ac9c013b646ed4ced60c0475724379795f85bc55fa3e3f2bfe26806f8b
SHA512 31679ea9409fd10d07a03ec52dbbbf475fd8d7234f37f35c99c9b04740bba681ed342cff82b9a5fc052e8a51eb596ea8b12bc1366d0c2c441739bca789a7c4ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 d08d706473161d868fb14bb5c3d11593
SHA1 f9d1a1ea0b4eeae951600ffdf982249bbb19d018
SHA256 1747a40c4f63ddfe9aca0173738b63e514e7e8be7ac5ef9fd3e701c888c38ce4
SHA512 7bde40f50fb3d4383394423e142061f30f0a42370828e9da4dba03e0a40103afa080c92440ddefc12acec21fbf94267457cc507e6628b0229b15f675d8a7051a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\117E2SX2\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WKNALI40.cookie

MD5 ef85d3f96b41d61bf3960c5021f930af
SHA1 2efc2eb84439ea60a6ef093c8cb3a1a4ea8306cc
SHA256 15e5388fdf46d4c3745ace4632d6d8b578dfbeeda04a6894b03dcfee96181ada
SHA512 fa06d29861bcdb39623d21ce105829e578436b691e1c8e6ae6b210c2315683895ef2e262371a0c0f2cd15cbf3dd81daa347859faa3d834b6321d804ce36b5dc1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\www-tampering[1].js

MD5 e2b71f92d13ffb96c2387e583ecf4f53
SHA1 08d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA256 41f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA512 2720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\rs=AGKMywGeiBUuq5vqE4SKSRdxHIEuINw48A[1].css

MD5 d9a08749fec08ab760d54e41f553bb4a
SHA1 0076985a68f45ed9e99e9bfafc49de4207f65d4a
SHA256 a4bb91f252030cb86f73a3fbfbd05244dbf231629c4433359048c60c4b746dee
SHA512 58a49918b18aabe9fe99bad13010c97ed8b19809e416147a87a791191bd90c64fbc06fc54fecaaf82116043d576c24d278e729f3429d3901228877e8c1d71187

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 ffbb0836709f77fe01dd7b0d01dd2f76
SHA1 8e737ec46d21aee1b031d4d228960d4835d5bd31
SHA256 204e10064d400db8fde93e883a96472ceff283fe9c9f8211a4ef91719e8b7529
SHA512 f19718088f702fdd51df0c5a1daed5b7c883dfd08a2d337f552421572157f41d86d0f3680c2dc9bc48f449c3829493007e099aa0a24f9dc9268363640a6486b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 ff0a448f24ad3e44cee8edbc34e16e50
SHA1 23ce90558c96108abe00ef9125f598f0127263c7
SHA256 43290e32887148288645d4d58b2576ffb456e2b37ed32f5ff23cd0a0422cfe0c
SHA512 4abb1f94f34f49b672520a0fd1d7e9c6e603537b5ac0044fde264dce06cd285f64a3b7f9202e3f15897620eb617f3d0d40525fc99f086004b749472a4a4a9193

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\desktop_polymer[1].js

MD5 76e69c295f1223d67cc1abe176ee7da3
SHA1 0ecd6cea1cd9ba2502d6f935f35835aec7c75341
SHA256 d071195f19ec8b8f5810b31c8eb34a95038e0880fb9d351e8abdf1f25759b343
SHA512 3fe2427438f1272e0a31cd85e59107b70b8811120738fcf6eee4ff005f1f54f5869463e6e39b35a5b8c1548d3ff57f8dccef3b2a172111e114d87a67666cc7dd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AA6QX34H.cookie

MD5 e2672ba508fce40d52227ad5206b18f9
SHA1 c07325929a331da5f434ef784e8edee67e1ebca7
SHA256 68478d91fd9117cfc4d4d43483df9ebbceccff2f34799500a89b155d30b6164a
SHA512 fede41423d020d4f64b029109ac78aa700b80b0937bbbe5c84121baf6c8f6d83160f11db6a84782e5207d2f6a9bd6331648c9eea6c045ec8a3985b761c2aaa99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ce5d2510556c8ad0cb39c8d4569592cf
SHA1 caf92d96271359b752e07b632d0886aca9161a85
SHA256 d3576457eb09ec0d539a6337da44f773ac25ae2bc80f038b6cf99813b86dd92d
SHA512 6755d263b60573cf813845be095cba5f1d6367c18dc969247fcf3be6362ce610717072f4d578339ae35a260268294228d139cd34f3659fdd50e0684bfed495fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5564_NSWAORZBYUNZGQTL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 579c26d74db7a315adb5fa10b335b013
SHA1 bcf6b5b7b807c9c5f789c0018931bfe60c9c786c
SHA256 85a80a23d883a4026d5e279e779a6e8fbc24db78023ae66b6692def38cee9937
SHA512 369db03d3a66a6a6d9b272d46f43cd222535ed9419c8cc1da1107d330ae5c9e0a357315c115d671c3fd4d678aa3f2922013cd3fd55376397b7b8087ee651fc68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 523b3cc78a242e37005530557a977bfd
SHA1 65f2b9a4e05a19b06c18a60835792508378b3e30
SHA256 9447ef33c46ec1db99fae48742e2b5945aac20db330f9dd788ce13794791e2ef
SHA512 91fc8c25194a808f7ed4ffe2d4f85d221693ea74582fe6140ae8c74a29509c7551156c256b7d3b89c04bc55f604cdbe9283a1985dca4562bced84b1de1ef62d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\db\data.safe.bin

MD5 01c58da030ae5cb4b1a8c8fa07e6c222
SHA1 6b375f84de18e9ad704d1919d0939f697a2edfeb
SHA256 5edddc67366f922b55655dd889e921468e31b70586314a85e9a2b69a5f44d832
SHA512 e74c80cfc13aae3a9794d9944f63d73538e64b4d31e2fda10c05795ad150619424c818a4062102d0ec77146283cae31a2c02dfbad48de5b542390e2c701444fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\e03cd357-3e6b-4772-92ce-73081ac5d4ed

MD5 1e8fad49ea461ab7253bc95dfbe90401
SHA1 156e66bd0a0fb001e8add88d4ca643ebb6ffdd28
SHA256 941a296b357c39af955ca32c1f1ee8179a0404fc8a43b02dfe4615052feaf90a
SHA512 fc541463fa1eda9e6e094f1a27aaf210d0237653c8d99d99bd267a076d137badf58f9552ba4849a9a463638bfdef783f69fc4972a21421580ad2990ce736bfc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\cf2dbb31-87df-47e6-986a-bf27a13dfdac

MD5 f690599060450c8eadbb577f231af157
SHA1 46579a192a995ed046dccfa90e70e808763a3775
SHA256 bfbc6c87753f6e8f756e045d137a7d5ce445425e469900c73ba78e27aaeacf44
SHA512 c7f71b73b477d0e14ea096704ff40c2ccd93ac80c076af00b377e65eb7a1fd78a4933f4e0c432ed727d407a81b3672728216f846f4fc16ebf183ee87c1267893

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 590fae3b076707d35940ee5a857fce36
SHA1 4c77ca04be9bd4f6605de0d90ed095fc498f2557
SHA256 94d8de1f75872cffea65cf2a216119af89f6c08e84aab766e30bd5b96c152093
SHA512 4591b8a954ac7fb6e9a1b5f885d320b9d6988b78af0cefe1e2269df5359127bd51031b24ec235a2ab54dc5ba2bbd049347553fcefdb9cc075650d6470de17986

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs.js

MD5 e5d9f65224f64137183c49b34590cca4
SHA1 bcdd9d705ebd5cc41cb317c02952ed6b82bdf7fa
SHA256 ac8eaa9fcd77bd4a0f5253c6ed2d86a67fae7dea0595dbaf7d49dc07a11f2c47
SHA512 07ee26e5bad79582802f98f4f8b08549f438d1a810302378d8a0db462c20e42c8c5797d89e7abbf29f88b29343a82fde12ab70bf17cf69a627d719ffc9423778

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs-1.js

MD5 999a7a65c44a4392394596051b8ef89f
SHA1 0749fae3ace476cae8ecc5f3a208049a4a6c28f3
SHA256 3c42b72323dfc25db3ecf9d03ec66fa0ab48dad1e5fc2d3032c057ae2f7261d4
SHA512 5886b1cee56f5fe80a31d2b8345b7f4ab520d65b573ca4268717cf5d7d1eed7549e9ffaf68338f1fc15367a647576564a43e78a59308bc0ab62f4df2ef4676c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d2af04ed65a5ed88fd1e791438fb2d7c
SHA1 73b14ff405b2a22f1bce8e38cee623769de9b4c8
SHA256 c8c880472b2b0359bacad7bbaec2f5e2fbc90af218d434c1160174fa4d5d5de0
SHA512 6a74f45910201ee463ab56d36ad4b16b6fdc2bb3598d9b6dca37410403b1029d3a16e06bdef227f68f5d8348702eeb030b36f237d0a86c9c94cc428c771b83f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f5fe256962b26bd5eea0b0404a582737
SHA1 51ce2c7388c18bc5b607f3902f1d1661a0532668
SHA256 cfa090c2306f7e3889f7eca48813c8b3d6410bb40dab9f0abdfa59db1f0a2676
SHA512 69b6a2c06ed636dbe0ed9300c0750490b8a704a74209a1e1fb801df1128832d5621e65384f11349a38d81115e5879894e19cde37bb8109201c6f1804122d8ce4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e3a62000fc9e705114f219c9d341459
SHA1 ebdcb91dcdaf3377fee142e609eb725d2911d479
SHA256 6ac5e872a9776a2a29c051fb4f3d1656c8d6de85ab541c8ab94edbb1b77cc9ef
SHA512 05c26081aa7e72cb930cae955f708bca358ae0982e7dd0fdcb6efa97b249c0c5738f4a0227b8a4151e44c898bd3cca9d1f63037fcd2543eaabc99d1bcfdea382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f59965585b70bf8d9ed991874009bb01
SHA1 ec35c8d1d572c1ad0f88261094802b2aea34532f
SHA256 94b1ef99830b18d8a94551dd7c1148a0abae6b58ed2966059d7c615f9d1f36fb
SHA512 a5c07b8ed415a5bde8965ffda8c84d2602018ec095da0ef7ebaf838ff7aa4ea93074aefad0e9c2475511d05f01713789aebffbe8005128ac2c7375b4155fe3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{e5fdd3aa-d6b4-4823-859d-3455bd0b373f}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZOE0AFN6\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\idb\2384382011yCt7-%iCt7-%rde6sdp0o.sqlite

MD5 05a64885256dd27901b409641af2291d
SHA1 040b3ec743c0ac4d3baa64a83ac65acff0a84d50
SHA256 30ccf91b7e794b91219a304635d92041332db0a867f158d31f7cd35313cf7ff1
SHA512 706500da9fa9553cfb0d128c022acb132e15e5f0bc0c9d3b0679d0d152b13a5362bc2a74011160fd11f3cbb4da5e754eea7785a8586277de86ea9278dbf135fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 7611185685bd3d51f1f6a5a2c01b1767
SHA1 11aa48a6137c11356546bba4d3de8d395be52866
SHA256 10273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA512 38366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c3fbf624a309665f2f99cd264c02017e
SHA1 7664a1a54638b7f8d0f3f6c1d923a8f4aa2da34a
SHA256 5ea4a5a39e48713ae546099293ef9f412ed772bdb3c9fe71ecf6f5698f4fa929
SHA512 d44ac36a1fa97d57147f2053e0aa2857b1455b19e9c4330507fd6f7b9732741adb5b4d881f68609eccc6746bb3aa20fb07acd41eaa73fb5dc66580acb7d6f916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cdfb637eaf91be32e79ae801977ddc6b
SHA1 661373a7145ca5e4e4ad04c68d69980848885df7
SHA256 8e223a1936f590dd3a89478921b1006504e933176d740af05e4294f616650e91
SHA512 8e40398791aa23ff19b7d23070c33040089384d8d67b1511f12c1e4c9187384bfebecae888d9e9a06ad1286c151dea143b1e680d01d64b201350c918d139e4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 35e9d3af09d966dc80e2b22973edd2c9
SHA1 681e61316038e864392a637041321ffe2ccfb9e4
SHA256 c61d658546bf8d889e3fb26dc03584e9f89dc3084e1c6e79c148c779782d738c
SHA512 f94d7a3ebbc558b99be92344b5fcaeb032238fd46d8ad20e1c093656575f8d4e91ecad5342e32c7d3ec1664849f220052417e42f1fcc792019e348933e86281d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58459f.TMP

MD5 80c44df44292659ee6d5842c3c37027d
SHA1 478579c976d17e8e74e1e468b744d4608b4e2614
SHA256 f1c76cd24b2fb555801c7110279221d715ab6063bec5284a6e69d93adf71ab02
SHA512 097083b19868afa47b0be21b1bb1161f92d508eace730e2d275258311ffb38a16f5f5f6e0482c5db4e5750123837b70d53e6459d40839f1f06b0d3283f3a16f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6f27dbaf19e8e4779a667ef309ea9c0f
SHA1 a0e8793e9d1df9f461a4eb853dc09c16d9e41d5a
SHA256 72b6ef25c092e472dad4335396b8182b958b7dba728c9d16fc830fffe8545b3f
SHA512 e6e30affbff64eb01b9d39b9390d1386f55c36ab9e079aadb61011a6e986b324dda8e0b57b1d05a34f562a2e380441b0301a6866821fe45362d2842272df2be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs-1.js

MD5 3af8f8ef82fda87b9c0a3a7f680e0d04
SHA1 1eb9c65c2647a0a34fcfbba8ace69e3733ec47d8
SHA256 484099f025d85dd1f88dcfd2d130cbb2940d8d2ad76154a8e3b3a8b97c527b46
SHA512 e7e5df2bd58c8392e5381bac9e4be01c5bc25b640a7b323fdac828f3d545c633892a4836cf5ce14916bdbbe479fce88826a18edb57cf781a4b6a77493dbbc8b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 67b9439e76e68666db64af5a9e966e1d
SHA1 5e3dd1317657f9301bfd87ced377e4043381ca3d
SHA256 8c06836e5c0bce3c44835e16994c086b56e5c6107b4c1f9129e9ccfb0957d1de
SHA512 5bc32838a5a044d9ca8516cdfb814f7268dc7f3ffafbd20dccc029b646df7d69fcdc27f97d444616ff13ac9a1609403d932828cf4a6dab1c108d36b16ff3bacc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7e8b5c3df076ddb94861ca973255d17e
SHA1 b6df3d492f7077eda6ceccafba4606a39e24736d
SHA256 9acc63b83bfc017f62c69257d86b07047bbcb9cfbe4b4dff82205c368472defa
SHA512 a4f9889ff55148ed44f4d6796b076386e24014edd5f8368f529530d7dba585a9e2ec9a5d902c909be682c57be6afd6ae20a4b86eb5df3fcd1b78b17944e74caa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6d0606f459159b836102d7ce54db5d4
SHA1 87b513ce99155b545186d67874c52d0bc5990737
SHA256 3c232904248ad0b719e20dd689d4c7d7de6935d312fdee1bf4ee59c84149a73a
SHA512 6be9a03675200ab477cd67384f8e274645cd597c161dcf85474a146d541743627457973274b75625c48711c23c86895055e813fe23c1d8175ff26821d21e2659

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs-1.js

MD5 fe9dbedaf4f723711fd59a2f6ddef44c
SHA1 0a3589a19e8ab0a9bb3153ce5adbae33e70f1bac
SHA256 b773b408b6241041ddffcff394a2f1bfdc015f2c42b0b7b8adc81dcdf3139f30
SHA512 158e87c3496c090a8135b8f5c4dd6ec88242fd4a2da3c1016e08d281e17f5fa1f1005f7b0a7c4f7322fdb41b309074f94ded0dfe8a7b71570e9ca079086410c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0RE9NZRR\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 81364d87706217bc328fd159211f7ffb
SHA1 66d89ab7a15a982519832a78d64dae6518f07978
SHA256 d7548616df33fcfe531e2ddec95715cda52577699427222dd21eb659e9ae79b6
SHA512 387ac4a4d7699879b3b000991af83047926182da06d48c39234a9a3c087f553db1979034f43930c5c6c995c18e825c1670ca7055ae3775af7f4d969ea11643ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 d6383a52d658f6c8f703aedd6001cfc9
SHA1 15bf543cbec2969be7cf37718d54a3ac55384210
SHA256 2df5174c34539c5728aedbcd3e9865d55a51b8db4b354f6ac5decdbb25c1a9e1
SHA512 7b5986a7b0ad38a7c644ac0b2bfa92af1c5d6d0b6f6b0dab647af9b39583dbb809b2bb90b2f4ef4ea7e4f238d4bc97bf8fb5c05585e8f799b1a1bd3e654971b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e7a833b2497323bb1466d5a9c981779b
SHA1 89270aaf7413fa4bd53460f5dfb0139da1c59c1f
SHA256 9d9112ae9b68980f478164f632d30f99d34cd3805fbb86003fe74f20da03de15
SHA512 e809299a8765e7282b1df4bc0f5fd72b8482b1725981894e65a81069a0c1c9eec9763f909840e19c061350c15a37e51bb602494c34df5f9aac4ea1a44dcc1201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589fc5.TMP

MD5 6fa1e39aeef8c146de22abb731b4464f
SHA1 1f90c653300eb728e245dcd93a3f35d7c7e0614b
SHA256 1b10c4575f4c8a34fc3bb9466fa8786055da995461cb3ee021042961c4c2f4f3
SHA512 73ea4f5895cbcfae6266dd6caa0b29a157691287bb94ebd92201a333b1bee8ea66b3e52d260286118000704df00399d647bd7b967e547f2ac7c167befe7c4960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 856756b96bc26979d23213b111786dfd
SHA1 1dccbde5b679dcd6fc6478e75e5dcf8eb2ca6b91
SHA256 25a32364d4a5cbf3ab4fa4acf764d49c08c49f45ae591706ba96f333534266e3
SHA512 c57d1ff0d4dc8c30d8c6afdccc680fca3fc4f5f7173d16f814bbf5c8a904edfa6831f60b2d2830c24207db8d99b3c6de41eac4762af9314d54fb59d9070ad0ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a93726ab3e70c6562fe4a3e68651af7
SHA1 1cf869c9172a95aeeaabb3d24f8a61a30c01a771
SHA256 ca0ec6bf73dbd9568ffd4ca109f89ac0f1b088307a7d8715a0d57580c7bb4ece
SHA512 117fd4e11b163077a3aecf2814f4d39690429238b499a943a13ff83595d94b994fa63c83d3f5f3a159f65a5f18c916786c6a29498f9fef186d111a271f1651be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce8e794b0ab264f1205b643ef7f86a82
SHA1 071e323ef6bd1968fd95938cc5213da6d6ce804d
SHA256 0c439f4a15769562c21f63f77c82732d2d6513f702a5983d60ae52e2b6444932
SHA512 55e7d19d56d56f8e71887047d08461fe8d9b9e756c4b505c4d782d5a5afa71b8d39ebb27541b2bcd0b0080e4fe066950d61d6640b2801b5455c24d1be9481182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e8782cfed5b5098d795c8d789fda5cb2
SHA1 2c77522758af87b3ffb5132450002dd03e12d862
SHA256 729003d1b6350510d8841ab88f554716be2fdf1242d09bbfea7027bf0f6c4097
SHA512 41d631ccc1d01078d1a77b6aa82d405fe708f95442fd8b0c9b7335164a69ef827979fccb7b378b860617d468d4551541a35b5743978c3616615f7812fb8477ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e481bce0b3afeaed2f123c5ecc6212c
SHA1 c36abc1804ceab9e781ddd6b034d18174d27d3b9
SHA256 b5b417d5a744200eff0dec4454f257afb188ffb1676665d3b462a8e73a047bd8
SHA512 fbb4d338ef77567cb928b299a1a7063439352cacf496aa0d17a2d1ebfc6a76cfdeb396ab17d7140e30c240b33cec6e75dfe6b85f090a640cd4c120efe372a873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0e21165a1f4902147f6851bea09d939e
SHA1 8ca58233e625b76336fb9555ca39f5b6df04f47b
SHA256 00fe8f70118ef243c6d55ac3814fe85430a0030ee7183edf901702780326b72e
SHA512 0bf2ed4a9ca1999ac764cd103942c50b2c6d62ca1eb5d90a5e9545984e3ea922c72fc58be5d7aed30e6e141ace564505adc889a53a8bf0c0b84a95007d6edc9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 013c3db324574d481c3084ff85514b08
SHA1 f86567c5cccc3ef7b3b871a003ef4b2d2e1ee748
SHA256 8facc68638bf586cd646f27c6e3c7daa24cc35ab16275b0df5a4a2146b08a43e
SHA512 181b99ce6431f7558f7a7a959e305b7117d052816c6de2343f2ff630db6acb122d75df9e2fdb71a50e5217ff1a26f9b2f786d2fff7527ed125dd549feee9b66b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4b14f5c254f6606f3e296d018087dc0
SHA1 100dc0255a6c857d1a0d18398f1437e8bc78a9ed
SHA256 7dc4eae969ffb94cfcdd84e2c3517035c82341f9926b520e6bc689ba7a693f47
SHA512 b2cd5c32a6faf15bddea2f0606f62d1db5fd827b4b62c20fd68f584f9185b8920191b402a27b315f64d56bd00c589b3e055879f0de1c10f93d782719ad2e9805

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5f93b9c1fe1241a0eec7c1a7fea6e56e
SHA1 3ec1cb3887c04ef220186785499ef9f66ea2a167
SHA256 9f9671ca3353562143131030b8033ef3f0989dfdcfb14db6681c39913ef41132
SHA512 4c1909841e9e73ef1c160dbcdbd19ca8971f16f916eac509c4ebd4a105b532d8e1215f89bd46579221af9098fbe9f9bbacc9c0ecef99423c87a01f8456c4d9cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 97f9785308319b83ad869c85a2215c42
SHA1 fbb19d9937b3c132858eb1747de35c656f1b5dfc
SHA256 926c1aa46bb9e3e9e91b56f0ec4a63527826ae97683670cb285df40b3f2daf63
SHA512 4271defc120e9e869251155c655afad655ecf56f49ef587e98840d4602a0ffdb44cf887bec58ad1a61fcd9028eaab9717d2f1f6505c466bf974814baf0a021d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a25e4f8f934ca15489765899ecddbf9f
SHA1 b96b69f62da9f2b0ac77ea398b52c169772f332b
SHA256 3c3ca0793c4795bf8ae08a6ba5b821d5f4b9bc725379ec77f3eff0acb828d5e1
SHA512 6a5f0ffe9e96c1cdc1eeaed501f3885debd2f67a1264b6a5ef95316f0725311aa82aa50d31e6dbc546a9b8915a35bc179e8cc1f8e639136bf0f2b50b87a30d8e