Malware Analysis Report

2024-11-16 15:54

Sample ID 240209-abhcaaee75
Target a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a
SHA256 a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a

Threat Level: Known bad

The file a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-09 00:02

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win7-20231215-en

Max time kernel

72s

Max time network

280s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000157c942481bda7702f6e3fed889e4f4800c3c67f862e014ddca39a6e3f206610000000000e8000000002000020000000546eb7c48e70241521c28319b6167f9ba1013e5a025914ad7bf876c17f5ed63020000000730bd3f157ba04beb32bce58d07d222cc96064c34ce580e092b633872c69137b40000000595e42c4bfcdb508c96a4918f813ae797e6f9b21e04a33bc6389481fb29b4d424187398322f6548a39c26eda0ddf6573fe09e79835178b56701bcc27a0f741b8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78B96F51-C6DE-11EE-9F2E-4A7F2EE8F0A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 601d7950eb5ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78B94841-C6DE-11EE-9F2E-4A7F2EE8F0A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2232 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1716 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2080 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2848 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2848 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2848 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2848 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2328 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2328 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2328 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2328 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1872 wrote to memory of 2180 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1872 wrote to memory of 2180 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1872 wrote to memory of 2180 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1872 wrote to memory of 2180 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1008 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1008 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1008 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1356 wrote to memory of 2576 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1356 wrote to memory of 2576 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://go-case.com/main/case

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.0.1332747173\1543715652" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1180 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0982f8de-cb27-4511-9896-e6bf54b5fc23} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1296 fdee458 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1320,i,841904389074454580,1291932656258414751,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1320,i,841904389074454580,1291932656258414751,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.1.119696236\1578769185" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4abda71d-2d9b-4d45-aeac-9f389d084177} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1512 42eb558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1476 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2548 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.2.1385201864\1880708831" -childID 1 -isForBrowser -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a1c765-2892-4011-96cf-1146474d1e2a} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2404 fd60458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1288,i,8831996820702581252,1548760692066749099,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1288,i,8831996820702581252,1548760692066749099,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2868 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.3.2042005251\228571565" -childID 2 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b0e3180-a407-4d2b-841e-797725787777} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2880 1d15bc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.6.1903877597\696186029" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {433635c7-181b-4e1b-beaa-3fc42c2b0c0c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4016 20ee5258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.5.261641480\67167058" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63f876af-f540-48f4-8695-7e736b08b299} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3840 1eef9e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.4.496868189\1014837421" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3436 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d679305f-fc4f-458e-bd8d-d2c5e62edd43} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3744 1e96c258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3108 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3316 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2080 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.7.581873261\1468130596" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d26cfb4f-55bf-4367-b25c-51edeef9eca6} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4056 20188758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.8.24301049\1243552798" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4336 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5b8c87d-e851-4f04-a7bb-1e9adf1a8493} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4320 20188a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.9.228691684\1297762489" -childID 8 -isForBrowser -prefsHandle 4448 -prefMapHandle 4452 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1edef6c-f354-4148-89ab-e5ca2942146d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4436 20189f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.10.781528280\1808422117" -parentBuildID 20221007134813 -prefsHandle 3852 -prefMapHandle 4800 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3825dc50-5852-4cd0-ab17-38cc8b04b24c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4816 1a208058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.11.915858527\1797271774" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36c533aa-3134-49bf-9043-381abe1386d2} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4936 1a208358 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4224 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.12.2052173138\684596472" -childID 9 -isForBrowser -prefsHandle 3396 -prefMapHandle 3440 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb881645-1649-441b-9d89-734a9aaa9bc7} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 5168 19e48a58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x5ac

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1272,i,17084090396813421574,15206652914522971008,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 go-case.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 media.discordapp.net udp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
N/A 127.0.0.1:50483 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-hgn7yn7s.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-hgn7yn7s.googlevideo.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-hgn7yn7s.googlevideo.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
N/A 127.0.0.1:50529 tcp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2232-0-0x0000000000A70000-0x0000000000A71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B94841-C6DE-11EE-9F2E-4A7F2EE8F0A9}.dat

MD5 2ee914649050980e7ee60b41609bff35
SHA1 49ff8f9e7db9bea3be9661006395a581485bb5dd
SHA256 185a5a3166457d69b1705906d784c152c4f775355a0fb4a2c93262cfe5204a2f
SHA512 4524273d05a5ee7bf37ce2c0eca9b4c9508d7f54729721909301f9fd1742d965c98927749d18d465ca1c344741cbcd8fcd86b221a6c469963e8926a2a956bfdc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B96F51-C6DE-11EE-9F2E-4A7F2EE8F0A9}.dat

MD5 650541ae703bd0f4fcb8d13ac0ab4794
SHA1 300ee1bb36df4478c80881d4bd62e5df6ee102be
SHA256 416609d665a7aa749c4de78f2dfc378375bcd81f630597bc9fbf3d87e4757856
SHA512 423f80df1cf005da90b64d8924b8c8c2def32de48e55da7b0ff32f887715f823e52e29436041a5a1300419b738bcee833ccba2fedefccdf0cc6cbc919d433b44

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B99661-C6DE-11EE-9F2E-4A7F2EE8F0A9}.dat

MD5 f592944e61f783b2f6639be16e591f47
SHA1 cfc498b191b3db38d010fbd6371e196dd47668db
SHA256 ece27a39b88b198e0ab9890fe12211c378ed3e43b0323995ece22020d4377084
SHA512 52b69098b80fca734e3af82fe72ccfbc1714360f172f215b86f81887619c2f26c12a6ee7896c78383b3d738a001992752768ba5d7f75acd49257be4ac310b8f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09756441bc9011e042ce2790b968af4d
SHA1 1fbca1e817b2105518c3c1127edb861316880444
SHA256 722eeba8a426f551978f3679c5c27e4134575a679d0fcb4bbb3173ef1c3412a7
SHA512 8642a352f20df38de6d20d8b93046c4ef41a59ccec4d4842198bc4d729b2cd53b73cceddae86c8c85caa69888656cb5f8f4f4f29ccd3d278ed7d0388e4ed8731

C:\Users\Admin\AppData\Local\Temp\Cab1739.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar173A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B92131-C6DE-11EE-9F2E-4A7F2EE8F0A9}.dat

MD5 676a5e15d163fb880098bf5718c9fe3f
SHA1 b417f162f3443ef2259036e045ed46eb00fcc2ad
SHA256 94584c026987ad5df1578711abe6bb3966f94d84ecbfcc32915baf5815680760
SHA512 b34a331863824b5ab22ccbef374981b3e86bae2ccb34eab8b11a646a20caefdfd77c08690cdbd067c553734a3b08369a2acbd2303ecb559017d26cb4380289c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b79026841539d245cc8afc7a5132b1bd
SHA1 4afcada7bcfc50a262250e4520adb5e7a8aa20ad
SHA256 5bfe0c0ed106cd91bdf3f73d91e99b314f1e64bf53a313ca4ee9542514ff9563
SHA512 f12a3de4298820b641058ad3a12af4c94a1162175474a28466e2c9b30f6c9989e711e9ca61f1edced81dada40412392f892e27ad275f77c38cd0f560b96436d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B94841-C6DE-11EE-9F2E-4A7F2EE8F0A9}.dat

MD5 fba500d7a558d821f46238f9b3deedb6
SHA1 4b6bb4ff766035669c5323c86ce255b2416eca6c
SHA256 7bb0c41fe45641e14c542d73637e4d057a56198544992720bf14d44bf7fe070f
SHA512 69033a6b1055f8839736096c9f72d567bbbefd3bc57131ca8a67ee39c6ccf55b88063331e3c0e71412aa71b1450156a6ea4ddf82c24cfa0ba2aad332b682f565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a982b4b7e24efdedb723eafd5a9b29d4
SHA1 d8c954e1f1a29dd5990f2ead72b538039b441dc0
SHA256 ad7bcffcaa25e73e6ccbca4429efa8790cd3f1ea44f15e781e11a4fd70b3c98b
SHA512 02c4803ce542655ec28c8558f49d87b54fc048da026df7a2ec58caf959b8c9c41974628c4c5cb06cfaa56ba60f4dd7e931a74b6c837d0a99c6cd9308c5371054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f949d191ad980ef3868114201844f7a
SHA1 db769edc1fd3dd7ed40892a9145bac1f7eaf1f04
SHA256 14240ae8de8cc43c6ef74d1727d543e1f5ebe59c921609a49fdba2d878047bbe
SHA512 a18c937e48ca80b4dd1ddbff544203d3f367943b01609862ca6cbf961939a07755d64d4b4a3fdeca50fb95c89c9bf55607b7a2afb277c031951845ba39be95fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c7b2f3caeeacac51825691d49b6f6ea4
SHA1 e7f2671d5353fa2f34ec60a24d1bd6c22e997060
SHA256 8a9839f39cc907569f45c18badb839cbfdd1f026db851fbd79e228c361e68d5d
SHA512 7061ffb9b6e373fb539d8867391ee25638f6334d6fd34834eb170f80ad485ed14c6039b71354603e5e3868d75898afc9725e6380729ffc5a41316ab83e2b5030

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e90e3470adbad759087bf5bf796c311a
SHA1 ce472af45686bc8ef046a31c0cd2509aab5aa3ab
SHA256 0ff8387b0315c6ca6c06f686c0a5d33861049c4240b4c2f721d075200342c4cb
SHA512 1b205d2baee59846d9559a2cf6c381a8dfca6e372a055ac8c647017e601fd800c0a3b0e884fbe5a31d00ddc83097c124eeb42edc0bd9d8b9e601f494daf25000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 0185d45832a696b8a4eae4fc0defd0f2
SHA1 281bab7106475e9a0e749ce2a1915c8a4a67c861
SHA256 8f8516cbf31b938e2788b41a3ba957cfd9a8e7ca7de327c21ffe50d1a8a64391
SHA512 cf7d2fe8efaeeb40aa8f08d12979d343ea2b353be52d76736f88d245108e6a247a8286957439184ee44d921dd1a54710d62f18f440c0e974a93f117232e6074e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KPUA096H\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5N4IM9SZ.txt

MD5 2d9fb2cfed159a0e943b29d2264790ec
SHA1 9355142b8b1e3e115ecadd047c8d0d3f66cd9276
SHA256 bdb385d5625b65c9cee974abb47a91c8d91b94dced901c15186f08c97e283576
SHA512 bcf33fdaf98cf0a0ae42e4aff6542acda3c6463246054d12195336b4759011c6a00e8f469a5842ab6ac7a871854053dd239472eb4b3a41b070e03312b95f58f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 675dc18ba43e44c591707c32962e18ce
SHA1 00afa1773f5c77bc0af3cd7070f6d57d88fb03be
SHA256 0db849be4e69adcdded233a3b10f1dcf1fe62b8b71f305eeceee054556823709
SHA512 393a6157a9f3e572209d8d333202a725739e1e18c22081bafc35817d11038500e8093c5c4a363fb58a944250da8821cb02e7d790d7b5d07a271848f1dd96fe65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cd07af87d5c67f870629da7829244a27
SHA1 d11b2efcfa16fa8b4aded06360ffc136fb0cc4b8
SHA256 7a27f5cf3ae5845a5e65b11fecc3f8d9dd8a3fdb1f0bd36d7017975ba348740f
SHA512 bf33a6b059042daceb83873d2369da7be270fa35d5331e97484375d129e5b608ee84b0dfd71e0336edc7990d0e16819ec3393f2c9f690bf1d722ac03e6ff748d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 66001aaffcf2da3aea98c963ab83885f
SHA1 71bfe9805f0afa16e7af83e5473cf82616e554ab
SHA256 35205ef3ec4f98d28637e3fbaf7ca23173f5b1f95d06e2c700d9d928abbbb154
SHA512 84c50267b8762bece0831cd117baf32ba34ca290fd621731508d292a4aebb73c5910f3547d168215a1e96414967d25c8522d146230a2efb92f1d79905fa1085d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 81ff1eb564f552c628ac776e67c7e8d0
SHA1 3b596890b7217fbfeadd06eabc4bb4d09c917546
SHA256 54f92a51015108ab4b18fa1a2f2fa109ad090d57a28abbc2f9af5d1aa2e2456b
SHA512 a39c2725430b7884a27080bbfec023c1d092ab89f12b876cd10d78643c57dbf99e9d94a53a94f26b51c55a74a118c0c90067d9267f47a2ed441346f1a9afc0ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51443f890eaea7ada01b6a4f9600bc0e
SHA1 ce95324a5b172a7b458ff76af382326f1b7b60a2
SHA256 406e68b1f5bf9997155a96df929364798355fa766040d24ac38b4e22662c6d54
SHA512 cad88e2a4b58da1dd1efcd05782b4c9596f4e3761e022843a2c1a5ec936a377a4d4658a156602dd123e194019db273467c6a640a4fc3d9b5a214c80fe967c660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54cd4ea9e1fefaf2505bc223c13a1936
SHA1 b4c2dbf18d292aa81566e7c3de9fdb3574d3f75e
SHA256 b274fde81379c38fcdd0204a52f14bac8c5e8b20002760a737999531e02a311a
SHA512 e3a5a7364fd860c82eecd7ad1f7f56265aedb50ecc5f58ca989f33e834548ac8e4cda0305d3a20737ef8e1c4572163a684ea155dedf001125d8e98e694eaff54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 5fde8ba00eb6135b5bef8ea479b0c651
SHA1 c5afa6908fe68515eabf17370d3bef50287a7622
SHA256 7e47921712aace26b65008a64deeb84b7f9d99504fbfdfb737ac0f0c78609e42
SHA512 f753a99282566f188300453d47eaeacc4703435aae24b8401fc9a2b75ee89935dc21d14f47f7ab7a5ab3422ef4c532c6f4334c5e610d0c2be602fa0b09abcc49

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 5ea1ae191349a5e16acea78f199a0888
SHA1 744f7c25728600382dd9f2a72dd746c276609f21
SHA256 6562bfbb11f47ae23e975943f32b9a690f4ab691288e03a7f17dcc178d1c3ece
SHA512 ab78244ed7a361c403fe0a4ced5fe1bef7eb70a2d6ab059aec45d91267fabea622a133ad346df88631b28268e6f1d7959325b47ae7750b76bff4fcf80bb7e3d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\3a012c1a689ae3df[1].png

MD5 96f113126e106726f8b834450192c44c
SHA1 4581411ec3fc7d085e4144acce9fe96219e46d7b
SHA256 ecc260ca82ff2ea807de78eae5c96a319140717ae737cc58c0abb52fc19a2aed
SHA512 4e1c2aab1cb29095c4009e02ff8673c990f04e519da18234c24c64dc6546db97db7daafd9d9a82d8387b275d176a031bcc3bafb1ae2c37f6b4a1d06b4defc253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c64111e6e27e551a7d2480bc83b8f71
SHA1 6ae5bfbfcc94efbc43a1fa24c2e03407b30d932f
SHA256 9d034176fdce16910e44f3ac5d63c3ac589db4ee3da67bfe2e6d86fad25afc71
SHA512 9b96bffeb40a89e977c41075113101fbbe6a1ad13cec55d57290e2b6150b3800a81ac35ea124abd66c83d03db1330504339e0f86b3de1c5d7c46ba7284ab9d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58847799f4fdab03c218b39331a1398b
SHA1 0cd3bc625733152beb278d80ef55e1f2323687bf
SHA256 358e1a7327b8a765f4a04db24aeeea05654da041a3019e265b7a012a854c260a
SHA512 c42586baeb7357f76bc4955bf92ca8640f60beac685c2769544bd71e8e0622cb8eb457f4cb0fa68185fe8be4920bd4e08081644c19992ba63917fd0b17973c63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac42d141ffbadb0cdfac24a7f44a8a49
SHA1 39581169f1ba3e880b4edb520111812f7d1009cc
SHA256 0c99d18aa6c32961132c1f6aa65f95b3b379e8e96e9456963db35451e655f2db
SHA512 89b7695411ce423d0d91e7928be07e1d58687242a8a7d89e1d0fd4f319adf047dc1e1a02e3bf54de681d2c0a08f6fb181c42e2351b4d329d4b1775fe3af0c4d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29a0780e291570648ce26ed49970c667
SHA1 6d33c874bd3f938da17b7bf2b0ff143993f17b08
SHA256 74c2f99757d569a35b68bfc66a215498a5555631c6701ce2563eda05f62b5492
SHA512 67fba5bcd4a84523fabb3f1156e820f043ae00a79902efa4139bfe5f045fc260c32d60d997695768789616c117fd23b59d8b7885c5f18ac6703282a3a9ddf773

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4ebf9797660f43552cff8a37a133478
SHA1 646466d566cfa9f8aa43afa0ae0246e14a8769d1
SHA256 f0ccd2fd161c6ba4c5e9982dc6b07486bfbc803fc4bdc1c315aa4039da2f78e0
SHA512 00cb9b97f4303e50bd0192138c22c12e76cdf2182a848f054ff8ad184db708e7e9ad1bf197f9d4de6276cb0d16e591deb79c527fa2acb8ab87b3907b3096643d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07bc3373c4cb1824225eac5814ded4d7
SHA1 4cdf80e496f85531b2f76f42c418049d4d2c7dfb
SHA256 2c1f205638df7df1a199141b8f4ab869cd8ab7633b5935f126eeeff3d671100c
SHA512 e6e8d9084ea706b48a88a2a88e3962e0a3d500b0dcbc9d282f467d767aea43fbd3b1df4abaf03879e5167e195450d7595120493067faf0fa2d7b184bd9dab5dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71588e4f4b37a6ea94138cb992f63c13
SHA1 5f135039f9f3c508b50c972737401aef17f0b0a0
SHA256 5eca9ec291625028e32523ea365574d09b7c5d566e43a24b2f56ee038c7e44ac
SHA512 05ebf430a0953bf341208c63ed1ecb6c8144e51e75eac28dac9fc5b043d8b113e42a8ec6f72746967168864ccf66c59eb5831ac0605b7c0b1fd8c482e3983afc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3dbefdf92ef4a1ba187a52c3dae4042
SHA1 34fe65fc136693273cb907bcbb575e383f4232f3
SHA256 0d95572ba53349d39047fe9308f4d5dd1eff28c882a13d4a0f97128487915f63
SHA512 6ecf7121a68669ae2994d4acc4106d1b3b32fbb286519b8a845879de5c9931ac622c789ea3d83bcd8fd52fb6d572208544a621f54efeec04d5e583892187dcc1

memory/2232-1151-0x0000000000A70000-0x0000000000A71000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2296_KEXQOSMORVVKFRTV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b313d3b-e146-4e89-985b-ba73c90a6e1c.tmp

MD5 9132d20ef876c94391ef5680a18a0cb7
SHA1 2ea2c7673b612f275d771a8eee583b447c59c130
SHA256 0a8f37a21fb2dca9426c65e8491e36b372a64cf286e8d260a9e12f12256d65e7
SHA512 2a5a3d2513f5db31249cdee9f6c6dc6b2a20c089414710533e0a5bd31e8d57f6311454b541bc68dd596a3f3c247d51f6d62f386002e71f2b35202b4a4b4414f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\08593151-ca9b-4436-9a48-5f6b827d37ea.tmp

MD5 94b31fcfa9cc9984ae746d182dc9b778
SHA1 14b500d90d0dcdcb3dc1d08bb4fa8b384cdb1a1e
SHA256 b1acb33faebee9cb915b914151336018ec2b0c7de933c4417ffd7450335cdac4
SHA512 16cc17371bba06ee236b1bcda68d76d4f12202e09b4d311c69eee60c0f5961f73d7ff16312fcc9fd8295c869d25dd66fce8930671293d4a3888df2ef4e58741b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 13955272562dfb690a7fa7426d8678ef
SHA1 8ae964d6a0a2a338ba01e405add36d33cdfd4f78
SHA256 4c80e021e86a8dc64c9114bf9948cc13687820a52b8d6c944cf5e5a0d077bce9
SHA512 f1803291c31fdd24c082edc187948b52e382d570ad37660d7176598003db4f0ba417495f99e88d617f0ccd15bd0f8a83c8a07236eabb5c0f46d1a52a1a337746

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\8b04c7aa-3e5a-4cf8-a7d1-cada7c9ccf54

MD5 5cd5347ec172921a4f14fb343ee60e80
SHA1 dcfd47460c7c935e599d6f85c5168a2a774f2f40
SHA256 f2ae49a860415965cdb8f23c903a370513e682e41fa0e3f574c112ad17333c60
SHA512 bc8b21f8ceaeaa95385683c9f3b88bd87281b990f335316352205cd800611aff508275f62e7bdf709b95f5f328cda68d518835b374ced7ef01f6627c62b924d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 a472629c30c540bab7ce2f6648fc2506
SHA1 2cee5948565a891de87a6c02a3fe349db98b542e
SHA256 b65118ac0e479256ab3bb9f448f7bf16706844d87dafdb72427655246f388618
SHA512 2a19e156917a81f05c26f253b2cdf261522e9b31766a0c8fe38ae3ed26ca9d4fe6d72ea67000cc3246f0112e22391dfa121d4c66afe4c83ce72327e2f4c5b657

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 48d4b616153219e65eaec67e1d6ded53
SHA1 2f89dfc3a61aa55216719cc516bf500ae156655f
SHA256 a61c4fe53de1360f115af46f5ad1e2ce6d6dfb414e9327f9ac8d74e553b4f65a
SHA512 89e66aca6bbf43f33e378f8050d5aaba5504d67a764036097c0a2548fc1cb6763ca6204bae2e9d0ea25cd6ddb7c7b54ff727c4fcc61798d9f51484bb1ac59d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1eeb46d7378b08473f6c5c1a9701fa2f
SHA1 f61424645c5324df9e352c9f39655fb81ece4ed7
SHA256 8167bdbfe66ef9da5c44191efdf78ac9217e8811c970253d6d0197fcd91626e2
SHA512 24ea1170bc926248c871fd4bd6ce81b9f9419e7d111ed21135a91a22cf70dc814df32e0cc45497ac1d55ac9d217e5dd86c9cb2fff75abcf3af5aee63511fc592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 4fe528b43e2d27f36bc50ded690f5b2e
SHA1 59155bb5c6c577fb2f27b13a95cb20b9ffcaab99
SHA256 7e53950ab4514aa82fcb32737106f0d865a12ac1dc39fd5fcd721df9652d76cc
SHA512 ab5ad6db3f1c91ee584cfb65aada4528076702baa79a6d88290240d5e46849fc847097be869d26ea71e5a5ae452eb757c0dd9ad74f44388557b050e9ba165a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 cb8ce58af3209ffa4df23335314ca5be
SHA1 dafaf602ff9d8475d53db45b3aae2abe273886e1
SHA256 9478a2e7791ac31cc8f366a1bfa8b003369393dd4066be755c5dd8703f2b2db3
SHA512 60c6544c0644c51ff2145ec4dc2afee6455fa093c675b442ec29d878fb0688bb426271f09c9dd003f244115c775219af2d8496de821413ed925d1e55896dd40b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 401b26033d643e6a82d094df6b449c0a
SHA1 ccd9defb2ba41a5d88bd6271089480758c84d3f9
SHA256 93766c5aeec337f8a8c910974a7c6a3ad39bb7bdee7eb6c40d840968037cd9bc
SHA512 39857c58109e7846f0798b1dfeeedd229805226aaf736b3ce1ff4c85e6f51e96871de5dd30a0a0ef4487a48975e10ea1420e8fa19eff61a1e32abf65f3046ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 8073661ed5cadda8a4d347dfe306b2e1
SHA1 6466cb26bd7b0b6133d64fb4ffad74eb9261baac
SHA256 a4c06fdb7e4c2633624d75ab1fd87e514446a89e83f562b1cd55419e788e5152
SHA512 4aa07d916cd92dc0f559a298ec66c00d202abcb1b03a7d36b8617dc68cef1c08d3d63fc688e6e13f5de1f9357efc112fad7812d24271b68f4f623abe03bacf7d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 f132c5f5fe0da3027c5409f4e7bf770b
SHA1 514f5824dad61a582ef3c5d759b70d879a1eaba1
SHA256 21173d9e3c08212af4a6c46ffe015cdd103d6c091e7a1623c97651d2652bb601
SHA512 2f435bd42431b747c800b67cc7d8021f35f9c2c42b9ae9a1c8f35a7e65bd21b6974b39fce770bea325f1331b8b81ff5af095ed39125dae651d4635887bbdf8f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 52100a2b05f7960339985557f2c61569
SHA1 5be7c8deefca0cc76795fb24f879c7d29f664d72
SHA256 8360f6c3cfb69e491650a6c3654d59eaaa17b1d2b54963327b6a3460590b4dce
SHA512 63dbd5ed6b734a3e7d2711c129996c486ee644d0596840e28ecc814b88e7be67e897cd6cb5ca15025ae02a836e03ee2ed2b01c0c9e03033e03065070648a96db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 2f5a9e543c60f65cb268bff865bff754
SHA1 06d4167c7757857ab671d12351e534269b7ecb1d
SHA256 9f7ff5d6c0ede7310b1188c11df98e63355f458db44c10a77f90bbb416fad0d3
SHA512 77b7f270473eeb30fcae7360892cc37b18f9a0c9300f06a54bb243739fbd609e3b239af40ff74e3ea8d68784c105d610ff6c1e87f5bb08dcf46cd89ac5629d63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e6ab128216e2e086c0a52ad9fcdb3aa0
SHA1 7873b4e3f11a0927dd07a20561d43c7bdb0fb545
SHA256 4a481ffd1305829c5aa61d94e98ce7a470a5b607c8aab20b9a3243f072e32a6e
SHA512 df848f65da1a652e1fbbfdb3352e80dd02d03e19ff2059c7e6aa1dd60ec4a4ba2db2949caf9efe5dcba5a391937a3ff32de7395f8029a56fa63b029d530cc423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7696d3.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9615d78087110d6c3976f822886de54c
SHA1 137bd47eb172f9ce3fb32b77853ff5f819fe6bec
SHA256 a29d1dc250ba5f28a4e66b9434442785fc4cd8916d3264ecdfb0ba4c134699d7
SHA512 d6a75a805610137247d5c619e3c1a6b105f2a5b41d29e94615007154e6ebd9dd6416a24d9d32f89112c5e7b3e59d984b75fc03ab680d91766ee20f2530e2ceb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ee965a7992e8e5b68e60c7f530b19667
SHA1 6596df40d80803a1f21f7f82ffdc44968235829a
SHA256 9801e6527e2be8d084fc31393c66af69456ff1093ac50957f83d1fa7711ee866
SHA512 eba87a1f277adc3544b225b306806aebb1409ee9bdab9c862ba84e0f6df7abb67a48868c439f46f99f31f96c75fb883a6b13f36235494106e3615dcbf0c5f23c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{9f415435-2cbc-4a3c-88d8-0409f52c3c9f}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\2030121802yCt7-%iCt7-%r1e7s0pao.sqlite

MD5 b9aacafce890199d5dd081504fade19a
SHA1 ea2905b8b289b3b2f317985935980d5bb5d268b5
SHA256 96f954d2735b7c62d01ee44235969c5d755ccbeeb24dedcef353bfda39806f0b
SHA512 28cd271cd41fbb605b38dfc3ec6003716e153e6126259711aa19737ba4bbbc39af1577e803192ddb6d4028d39805118a71541fb8be5de393ee3c0992e04721c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 84a5493a3eeca0fa8dc1e3393613850d
SHA1 9a591d13e8b771452cd6c7d030346190774732ad
SHA256 70b0e020681e9da4d409df37c8d065fe15caca487f4108fcad71a0a616ab730b
SHA512 9d775d1df620edc6e00a5a54dd3b110ffdafcc0a9e8efa09ba291fc05eb1bc5b00f9c0c860c469a1978f9295ec922dd9659a6fe8588cff03ff4ac9a266dea9f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 bb97b663db9d0f62ebf4f0a123d8782a
SHA1 fafae5972adb3ff088922c03b72a3006ee2be3d2
SHA256 9961053cfc871b848b16318fd0a0af9cba04a78b0babff0837a057ff26f6826d
SHA512 a3034e423e55fa84884528c7d52da079116630ce6ab2a8001f955bfc6be8e21e4767a35d34fb3333ce1f0075a640e0faaa8439a56b85fb6137bb7fa8eaa4b3c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 91245495ed40b8df48070aee4836cdd3
SHA1 7b40f44964ed975c14258a9bc37a8af04059fdc1
SHA256 a429d91daed253463f17e0e5fd9de0b818fce2399d4a43a94c4338846815b170
SHA512 b4b2cdcf32673cf6212487aad6040f86aa8da995e556bef9b760573c7f60242c8063d03d920eb9258fefaa2312287dc927cd3d178e4f89c4294df97d8880f54b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 59f04d036c6fdefd6d13a5f7d38588a3
SHA1 efb1f88237a684257870de38c4db0764fd16e5f1
SHA256 313072ce4de4238848534f355e5635a9ae286aa7766eb2b730197631aaf7776a
SHA512 2f90b9d1f2803cf61d3e8f33a4ed5dfd06f7fba89561851007a46c4e67397e032da6dbf8fb8717ed6927117c1da33d558d326d6898e687b10e0c9f4a79adc0fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 e2ab3f8018d2f3b978d6ccc51df91584
SHA1 cdd55ff57b5b576bc6bbd455b0f426d2b463c11c
SHA256 bb6252e2c77868da79bb9bec452f5ef38705d4557b237d0a0a7f94f10d095e25
SHA512 f01822936e1b38e45f4b0c165f71d8279945dc237cfe756d90a321c4f88a87e3a01028a0523f3245cde0800a7fa02691eb673ea7d6b5467aa29918b351292c7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 598d018d64b523a183266ec0bfe899be
SHA1 79313e98fe09ffa9f52ba5f46825d964ccd5a5d7
SHA256 1bc96707d2e7c7c72ed3be7af85103060a989f7bb1de4108acc8a8e5b356bcc4
SHA512 64386974d25267cd74cd35162e331e8de3790ccfc7e14866e027203cf85ca7c000d322135b00cb5c1a0b83bdffb7712cbf1842bec1a87395c52fb37865be2a7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 0bd9c95cb4cc68347348be40a3894b95
SHA1 b2e76ae9211d4336e12dc5e1c18a93d9f15a2c54
SHA256 b787326d199bbb8413d40d4ce4ecfd8711430a8ed37a74d460418925c9b89008
SHA512 b3a4148fd817d38e335db55d3d4c6364f57fbd9fc409991d7df8dbfef0962bc60d852fa925022058d0bfd2d8ea994f99b2a1d96c0ec13c941749a2a889b8e98d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 275e592b985bf97807304348973a7377
SHA1 94d24e61db239fd0785a58a52d4058327fe7add7
SHA256 08e8d437b846c45420c3870e371ca4feb7eb1e737b9b7ef372ed737a16a02fa3
SHA512 305c52aeb1029016909257a8ad34813eade2099547efabd589b67aa262081fbb2a3e81e40bc8ec56bf147e8686bd6ce51106433568c760011d8946f5bfa6f660

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5a4be4e2a58057c3fa69820b6a2e795
SHA1 ced7470326156d57026eb1973cbbdc875dacce73
SHA256 ff351da58a5277ec8fc8e82c3fa1ebd617ff9d016f851b292f83a7ccbde47b42
SHA512 da8a69750d45f6bdb7e07bdabd4feddf4e318e1f41bf7d4d06c0a426d2901f23d0e3094e03b93a6e1b826910ab07d894b0b89adeced6fc4da1ab883f721c6718

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 6744a9a8bdde62dd2588394292598fca
SHA1 8b9930deaabab66f6abb1ac63df6ec791210bc22
SHA256 4d63dfdd0fef6aca48c8d08dd4b0a8b422a02b50c2f237deaf3d07431935fc39
SHA512 111434a5b02fb8e3f3796ab6f489bc992fafe9b359ca4adcefc90b5039df2ffc4161e52b4a5a7e7c39c8a86bfc179fa4ad7a2194fc197dcaa2e2fa72179e48ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4493e00dfac8dc56bd7138cadbaf29c8
SHA1 1b1ebc6f2a672c587981aa596e04407bfd945e84
SHA256 8a64c96fa8c6c471020714a5e953b58face62d0065ccca6b66bcf080830ce97d
SHA512 20583c96eb3786a187a910d3a012cafb0e82d9ba894e2f93ce06c6b2d3fa0572391dec97256cb20aab1390c0e9bdfb46ff18cc7986dbe678944a77a64a3e920a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eea2ea89-790b-4479-a41d-1e962f301a5c.tmp

MD5 8c0b1ee22e463a71b5f372d8a067724f
SHA1 5777dda8510e319ac3d80045d3320b8fec348d19
SHA256 ca45fbfd6cc9525cf4f22b06a768cbc11024a7ac1eef936245f5ac2a0ffb171e
SHA512 8d8e719e1fd286e4bae540145973bb93da797a06ecfb58e389567a6b3c0c497c47f1f48f7e07ac635710712ae1d60bf0bc45dfadc0f7280042e1f0c2d96ddb7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 f4220adbc71856ac7a0427b7036fd16c
SHA1 56d4f56c846d04e8088d3b67b8d2730c59d08b0e
SHA256 1fea7bf53cb6cd7aeedaa1f63bbb2f3447fd48bbc5baabf17343f50679fc7cfe
SHA512 3a11b0ee87c4628c84ea4cdec0b9ae482b503239a370558968242cfd3eae87b7957e881f1544b4a6f65c3144f157368af3fdad1e497d112b43f7ce59b473f7de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a7756dd38fd0b7c4a7602630daeeff5
SHA1 5492145a1214112e82fe7b6ad19119fdbcfe943f
SHA256 c5e7c4d02aa486536d0b440f93325fe048b790f21bb4262261fe9b6016f498b3
SHA512 a2af33081fc7119cc5a9e0d1a15b7bcb6d89331f0d55625654442d2e98e34f16fd61a5213faa45afbe022002a6b216b700d7403f20877235793d0a7cd142591c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee0945f32c6c41d2206da583d85a19cd
SHA1 76a90b4781a4465a0ccd9cd8d5a0c16d04b089e3
SHA256 eb20176a690cc64beea79ad15e4ec6c2a1b18865f7b00ac5fe79497d57e6a718
SHA512 8de03a2f6bf6aab851f68d108dc340120240048f438cb86d7886eb2e8f9256e0c94b3c38f69db82609cfb6ed299f1af82d806402ed85a5cb1e2de9d77a914d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2cfac703733defaf49c930c582f9b78f
SHA1 de8401f6c9fc1834287b0348c88eb7b1d4a69350
SHA256 a94b461692bd2db0a86a058be6a905c95a0ccba04e75b3595c8eb53b32c398d4
SHA512 4b2bfe9d2b59637c0e7dd7c77cb8bfef72d0df111ad9a12474fe80576bdb74a3c313ac091dbfe50af0ca85ea45e3eb70eaa4405909c95a25de526fab42919f67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a61744be86a90e125d5b98201418f0d
SHA1 df88e691441b07774dc16fe1f11ad3404d32be77
SHA256 a1536aff39f5447571984c21d9a33ec9ed63f7667abe962c9227b953d807053f
SHA512 8dc01e13663e868ce5def4e56d0fc62b3a7e06dc48cc8ad0bde8c28f108ca08875a6474c8c7f8f3ddb9a630d19af42e59fb52f56072c7f111bb2b34913bfea88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05c015643bcca43647a564ce2d1a1450
SHA1 5f1c71679038a9a1053776faa56a9fbead888174
SHA256 db9c09d78998e2c8182e9d09a60cc1366f119b4b6e15d2551ef060b6aeb89e36
SHA512 5e290902bad98c7c0b935a6c80e38bf7892fa79967fbe6282dc31b1016e7546aed52516c1b934b7053488332cac2d69d1c00775122cd374b6da6a4622b307911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6836a36c1cf0abfc3983427c02b51d02
SHA1 7abc55aa8b0f79896f82c814006d965ac3177194
SHA256 e1ec748c07a1d9de9d62c934109dacb3bb5362bfe394712633024c48c4ace463
SHA512 1ade5bf5d277e35f22839594134dc14f17f8718b753d77e6a9210e8854b957d3f57180d457887c6204f67d96f07de6e36ebcb35ca9541b8d2fa9a7689cca1a71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 423fbda1be7a5dac2467e007b6b26a41
SHA1 af2cc0a0db1abf5dcbc2cc19f26324fdf90ffc08
SHA256 834508258dca249e63f6c1f6e577084c75140c533fa17c5db9cdc80d52198eea
SHA512 dc9fb10f4ae1a260c45e5aa1f8cef93f1f0b80fb81e54bcf91393a06aea61514de7dc2c1d7f8f372c3602ed1ff1c7a816b30a737ae0357e3f1f00d9cbfd3f2e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7b742a77ed3f46ae6690b546a9da66ee
SHA1 b0ad9f07089b8da19f2c407487a898f4e42ff060
SHA256 df9082bc83dadaf93c018d5e09205a4b32048bb27bf5c7c158fa918516845b0d
SHA512 1014081f2536f45b61301d0bbec73eb967bbb5b7f7b1bee67315cf997d681e31c95654f3bdb4448aaa68ec593e4b7a19fbb498e36fd947cbb3ffd29d9ddfd11b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0805d139714f1b29e1dd5fade2205a5e
SHA1 2a10b1ed8f92512ba8f6b193edee4ee0fd53ae62
SHA256 6a6ebd4d2f8664063a0df452795ed7e1ad69b9b597f6eb0ea938be2b9b1bb82f
SHA512 50593a30e0a05330a40293ae063740426ef9a7ca244537f87bb611fecf44b204e2d9a683b7afd31e784616ca89b6358102d3b94d333b8a3dfef41c7a7d8609a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6a409e2563d1052f5335d9526a6f119c
SHA1 bb0b7ea0b1a95246aaaa361fb67b0b611bc7f6ef
SHA256 dabff788442d818faf9a99eafa6c87a1912c12d9891960aff3191cc4fce208df
SHA512 001da954c51007ada430a444e93f2936610dedbdf5ecea687bdd8463b78e4c708434e4bdf16b15455c3da2fd14e250ae4d6798645e3f928fbc81dd415d59cb1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3dff7a5a7dfadee051aa4eab0b1bd62
SHA1 13363a2ec05cef016665e033f8223a17d8ab4b59
SHA256 dc2333826892e8654045326fbf71012a7b1c7fb8ed04a68952017763e9dcc4f5
SHA512 4b1843cc3b6f14fd465a5167f85559de7df1db36e53b232a114367d530f04a2b774c9c456e5b3c33f72e92a2847fbf5c501ab047e83e445958a5e6f5dc90dc88

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 760a22da25eb5a78d5f92b78edd155fe
SHA1 87454681c220848ed3d5844e9378052b5c92db27
SHA256 2e993caef0b0d76653f38da5c8684ec1e209c6122f319874af668b4945239f19
SHA512 02514694467e8c2f71b7a4977528923159a6c10eddd8eee26d9b17eb92be920eb019e602e70b6b7d6428302749865b640e437d165a051f9fc30cc0535c3817fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 547cff6939e2a1c8894402ad4fd34d06
SHA1 277cf1df1ef2cab2f1c823c4acd77a52d9b5744f
SHA256 5d384d9b7b5915a34aa17cbd5fe8b411013d8c968b51035de20b476edcc96a10
SHA512 3b9edadf5037a309c6f39a919979a6620d2be2df6188fb02224f79694fea51b4a25d69cf756782950e4fcac713b906a798aec070f216105ff1e03851f501ed21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 a16b1e52221e0e86054a193915bbdb0d
SHA1 d67928d4356af10a9bb46a4589825d3da9946fb9
SHA256 dc114ae3cf3e3c7532c548c21d88c49bc8ba6c2ee19adc5a562484786911cd74
SHA512 6117202e9971cefb44a6b4946d16ccb279c8cb34cb374f7deaa0a1b545e03139c857d8df55fc8217f0f844fad03b1a1a889970ae32cf6851fb4a68050cfa3338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8599be656bc7730dc6840aab2745b16f
SHA1 334aeac625c792512f3ac9605ed34446002c1c4e
SHA256 14ee526788e1a965298cda5f95fdbebf926d255401008184ca1ba6fda3972b00
SHA512 44e6a34b551920d723e2d79d8ebf37a75b036806b3a221cace5e856f10282098e4b045a5219a93d483273b13dd752bbc40ce59684bbc6f41ef8e014215438a7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a3c0955ec16e8d972b1bc7073dac67dd
SHA1 19be3f271cf8bab8ffaf0a4f7feddcd0c394b124
SHA256 934e4942f6231d84401e65b61d536e161b1d64b6bbb70952f8979a5b3b21bf51
SHA512 07c898ebdb80fa6624538c60cb17926919b1f447412ec5568d6097a4236b1cf413d681177c69758b21e55cbd28daac34067066d74959fd252c5935e3591332a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fe8d0ea2bfb4268311901c50683ecb1
SHA1 e2583ea47bd73c0e20d3ce9be8e50869faa737f0
SHA256 32e18c20eb865d59b03d3975ec49604367762c3364036f2a9c7af5bf7731e43d
SHA512 379c85103f6f958c6ad4036484a6d20f6db035b1849713aa04d8ffa91566a20dabefb1521a4237c0a08bbff2285b2b75ef5596b85b0b0833c89cb2b92449f373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b87546324ad8bd5bdd000e43613e07b
SHA1 ea97620ffaf5552f5a058d702fea2c051027307f
SHA256 eac69dd23bb8d231589d49116f6c2ff7c40dfe495a18b26fa6a5f9d4fdfb0cba
SHA512 791aa52733963adee8ad79acdc0a2ae03d1ba22b2c54370e0250faba6f43e98ff5d66e581d0872e990ee6b0b92233756aa71e61c7353761a6a16333c77955ae1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e85c5c4aedf4686e20d872855ea2b0be
SHA1 e12a47d102146f56a3db3e573c0108d7b568ba9c
SHA256 d6359704fbc54d603b214785ed63acda197f2e54299c189b8e46927fc8173a9b
SHA512 d8a8e6dda25205504b413fcae3a83be715a2a6b610c0ebc943c256879241190ab257d7b2646dfaa1def55cc6ffc4df637e3ba94431081a9253b44c7790997f65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4594159e7953f7f7e34d304d0b89ab01
SHA1 c72a12223930e4b451c39293ee0268028c5b41e4
SHA256 63150415e72a72919ab714f90d007016e06dcac558f8ffa0bfeddfc98255256d
SHA512 4c0862321ecb9bd35e4182bba723a52d742c3e0e8be799b562098bc02a7b02902d6f0f684e99afa11fa62cd6e1268a3cfdc24afcfb4e68dcfb190634bd321517

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 aa5abf0d3c8938b4aa45fb0089bdcb79
SHA1 11916b3d3019904670e946a27fbf04e57335a787
SHA256 eb346b9f986aa7bb8bf4b2774c2f464340bdeb1b8380287ddbf83258d817ddef
SHA512 0e6397a2bc778976fb9edb4b4c7cd72086ac7eb2946fe540a381b4845f9c68c3587b079414c7b65ec58f1398641e63904c8afdb599a1e241a59776ce1f21b92d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c90d14dd8d0403ceb4c4eff089a9df4a
SHA1 4902a37673dd8be5f58c77cfdad47ff25883a747
SHA256 9631117ae1f6996d574b58a0981c212edab67332b612ecdfcbce59e227d8a2f6
SHA512 17435b8feff1c10d82d97dd8f10070ed894338cd5367c3cba0e4f59531e8653c7e5fde690ea5994d5c8585d1a7dd772b859134a9c206d2a277d21bbfc74d8f31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d43d5ce400ed888dce12f93830df4cdd
SHA1 100d8b83fa522efa298ea20bec47aa90edc2f67d
SHA256 da4f9403411023f3f345b27f378ecd13a6a4946c69251d33e6a502c6fa886c17
SHA512 bdefb69a8e7189d5a316e3ba7eac22df94782909005236fa4bc5099d556e654f382d32b1a6baccc50accbcb1e0c22f040a19de862471efc9b35824a32c1c07c7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9e32288f5c552f3a08833e54fc5ef448
SHA1 ff5a0994679cae9393b896e9e9e216b6b9f286a8
SHA256 80faefbefc0b75d3902526c26f2c6bf6d61682f11df8bea311149003ea803d21
SHA512 cffbc3848a23c0a5db4fca3b0664f70e2f84c6a184265a3ef27e46409aae5f9670ee5c730d04f05df4478bf0045e0e068377e5db2c9f9d3ec141478b40fee9cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9b137f0fce4b6fef0abf866fb863ae58
SHA1 16faffe8f9b7c421a6116e81d826176ed91ba98e
SHA256 cb41b32c51ee5ea35a9575b72d22e113433e17063278ad0f74e03fbd3e2d0bdf
SHA512 fd05c9d07e841f084fbe1131fb99899f25d6b73114f900d94dc97d8cd5d9f1a9fa359c24973b5df4f933c843e6cb28710dd41a8e261f18f6795de4e371084c8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 7e39d58c5d1bca243023a9f2ee1da34b
SHA1 b316f89ece997ea1621112e128334161fe0e53a8
SHA256 387056c08ad97afcd2c0bfeb8b8b1c4b72727417d84e52114d736341f1505e2e
SHA512 9528548a2959526c108b7c2f1b973f17503d3f694b30b3e1e281f9420dd2c7ebeadff82ce8e523a400d58203ee4d9fd227955693c293040b77541ca2e587cf1c

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win10-20231220-en

Max time kernel

299s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519107405817869" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\go-case.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 16c7af3beb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\go-case.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\go-case.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = c01651829a66da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fc2b743beb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\go-case.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 107e6c51eb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\go-case.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9412fc3beb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 2168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3860 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3060 wrote to memory of 5884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3060 wrote to memory of 5884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3860 wrote to memory of 5976 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5976 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5976 wrote to memory of 5956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5976 wrote to memory of 5956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3844 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6048 wrote to memory of 6028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6048 wrote to memory of 6028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5944 wrote to memory of 5140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5944 wrote to memory of 5140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5944 wrote to memory of 5140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5944 wrote to memory of 5140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5944 wrote to memory of 5140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe

"C:\Users\Admin\AppData\Local\Temp\a7d348aa1ef51ab6bf024d58b0fb1b27d45afb53c4235d0e6ae5441180f2d99a.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcaac9758,0x7ffbcaac9768,0x7ffbcaac9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcaac9758,0x7ffbcaac9768,0x7ffbcaac9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcaac9758,0x7ffbcaac9768,0x7ffbcaac9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.0.2092024395\153206656" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d582bd8-3710-4e5b-9125-39f303e5a3bf} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 1776 1681cad5b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.1.217135104\633747086" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c7e231-f794-4729-8809-2ebc7e513a69} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 2144 1681c640158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.2.1177049174\916907645" -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3b04f6-4117-4682-8176-71beab5363c7} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 2792 1681ca61258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.3.1742969711\1428565411" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d396b411-bcac-4db5-b20a-9f57797962ba} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 3484 1680a868158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.6.980593301\54879777" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e1dedd-d638-42ec-9b53-c29520fb2793} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 5064 16823803b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.5.1321811158\1183009104" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {180e9f24-1658-47c6-abf8-0827664170a8} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 4748 16823803e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.4.3108015\959778609" -childID 3 -isForBrowser -prefsHandle 1540 -prefMapHandle 4716 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da4f171a-a7c4-4401-9467-061ef467b112} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 3924 16823805658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1844,i,5955219442321928893,10284794474662516886,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.7.1378884206\372532759" -childID 6 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2b77fab-d605-4034-9180-fe5cf4f79080} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 5284 16823c93658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1852,i,7759743510303626127,6562165350794876986,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=500 --field-trial-handle=1852,i,7759743510303626127,6562165350794876986,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1844,i,5955219442321928893,10284794474662516886,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3700 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3380 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=500 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4736 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4884 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.9.808553199\962778838" -childID 8 -isForBrowser -prefsHandle 5724 -prefMapHandle 5728 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0b1f7a-e985-43fd-a718-588dcd0337fc} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 5708 16823dd2f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.8.1894556655\1088052015" -childID 7 -isForBrowser -prefsHandle 5532 -prefMapHandle 5512 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51937810-a3ce-4d11-9877-3a3ca7d5c448} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 5580 1680a862e58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3116 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.10.577098512\144164578" -parentBuildID 20221007134813 -prefsHandle 2992 -prefMapHandle 3000 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd29e81f-f07b-426d-8a2f-21d89d00ec0f} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 4032 1682326d258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.11.1852277147\1453481691" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6140 -prefMapHandle 6128 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f1a722d-b8ee-4dfb-92c0-54ba1d2b90ce} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 6120 1682326fc58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5140.12.716096634\1423572235" -childID 9 -isForBrowser -prefsHandle 6520 -prefMapHandle 5912 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd74a98-ff58-4118-9f37-acc0bbb5866c} 5140 "\\.\pipe\gecko-crash-server-pipe.5140" 6524 1682336d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 --field-trial-handle=2016,i,18276800019763098353,6015644700450264672,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 go-case.com udp
US 104.21.17.146:443 go-case.com tcp
US 104.21.17.146:443 go-case.com tcp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.licdn.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 146.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 code.jquery.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity-a.akamaihd.net udp
GB 104.77.160.221:443 steamcommunity-a.akamaihd.net tcp
GB 104.77.160.221:443 steamcommunity-a.akamaihd.net tcp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 104.77.160.221:443 steamcommunity-a.akamaihd.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 162.159.133.232:443 media.discordapp.net tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 detectportal.firefox.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:51463 tcp
US 8.8.8.8:53 rr1---sn-ntqe6n7k.googlevideo.com udp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
US 8.8.8.8:53 102.28.194.173.in-addr.arpa udp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
N/A 127.0.0.1:51523 tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.146:443 www.bing.com tcp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 73.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4272-0-0x000002085C420000-0x000002085C430000-memory.dmp

memory/4272-16-0x000002085C6E0000-0x000002085C6F0000-memory.dmp

memory/4272-35-0x0000020860E00000-0x0000020860E02000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ea66b32c3237f2205f84f1d333b85ae1
SHA1 dbdf7b5fe89fa72d21ff76f0bf38f8eb1536f80c
SHA256 b9e9a4b522d3a0381c67ff99b9b200da7cb8f60af8ba89e12f9774fd1d95093b
SHA512 d832782f7e55a5fa01ea8f294dfd1090a88487b8113ee6970d918bd00b31e17a04430b42ef27007517586662e2bd0416129750fdcd3e8b0c9b08ad3b42db6546

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 351fabeabadbda07f80f20d56d26f20e
SHA1 1d437e1dd5374029086d192319fa3152348daa28
SHA256 5834126667817802df35662f3e5d1cfbd7d2fd18bb8a42ca2ebe916b573fcf57
SHA512 ffd4be656ceb306641b336c74bbf46edb11bb23d427effd103fa0a2643d08dd0a4e0668f89f8484e5256071c2706bb2212e56cc4d2c771e736a91f2d2c6c8679

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c5015ab53cf6171f0ddc72b39d18ddfb
SHA1 d82d9ff1302d18e7964b45d87e3861e9e799da31
SHA256 96a8f80110c1cef9643369e631fd428b6b7f81e4a81b935c1a9a3381f5667902
SHA512 55981aa60e62f6961150416ad55b08fca6fd3dfcdc25df5aab588cb8c563eb8b9c7d7ab9a2234fba4aee1a60cd7e8280cfabb4f05002b8f1738336d9c6e401f0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2CH8RMAZ.cookie

MD5 aeb6fd876afa6a7444e0621e6c9992de
SHA1 8296a84b4ad981898b75aa5af4e8650301479015
SHA256 31ed30377684a48d32e7163e3f37c13ee615207aa9a08dcf9ba5dd16a9e6b89e
SHA512 0495dd872e27aa5d54c3484d9deef3eb693d6ddab8c43bebf863eb37e0f4dc1813f10c2509ff4a292f9385ddf4fda263261468de6939ea4f82de8551c496de3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K0SR3NQK.cookie

MD5 376b6a13b3d5548673731f263c7ccb0f
SHA1 7b55b8b496ffb8006469a03b99b2bfd0d728323c
SHA256 3b31d37c1e6f820c163d4fa652c57d2ac378986c0a3d4b7b58fcb45b850c7b53
SHA512 2bdc307afcb1468efaa499855d36d4217292f1b60bc92ee2a339c09ce9b91a01b8bde155fde100c66323bc3e7fbfa04d622b34612e3f8c2a2711c17840b7c8ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RY0GEI75.cookie

MD5 191ac7d210e934b10970de963c84dd21
SHA1 ac883f2fa56bf0c3d7ecf46de9ed4e15cbb4c5b7
SHA256 d11c1eadc32c7953c9357344fb305cbb7ae3fe28bc9f5aebd9e36e9f977f8d04
SHA512 1dc60fc5970f82c790757c0ca9e83a1cc9e260327d378df7bf121feb2c80b13d741fcc7f59599b116bf919bdcbefa0573a4c7696e500954788f7812ade040319

memory/508-146-0x0000020791CC0000-0x0000020791CE0000-memory.dmp

memory/508-159-0x0000020791940000-0x0000020791960000-memory.dmp

memory/1800-214-0x0000028BFD790000-0x0000028BFD7B0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ede3aee5e810b5966a079baeb241243a
SHA1 152d1768fbb8f7cb4afb11d71822454151cc2484
SHA256 ac90bc68cc7edbb5c5b0b9bd0a2a07404040bd25c5855808e94f83202b71bd92
SHA512 6a56d069f9ff8bd7fd143307952bf95fd136a1ed4d7276fd9e50d1f684ab7012ba2525a204ec22ff0142a377359d227183cf6c3fcc4c25976573962deafbcd7c

memory/2612-312-0x000001775AB00000-0x000001775AB20000-memory.dmp

memory/2612-314-0x000001775AF80000-0x000001775B080000-memory.dmp

memory/2168-377-0x0000027D4A580000-0x0000027D4A582000-memory.dmp

memory/2168-385-0x0000027D4A5C0000-0x0000027D4A5C2000-memory.dmp

memory/2168-390-0x0000027D4A680000-0x0000027D4A682000-memory.dmp

memory/2168-459-0x0000027D4BB40000-0x0000027D4BB42000-memory.dmp

memory/1800-469-0x0000028381AA0000-0x0000028381AC0000-memory.dmp

memory/1800-474-0x0000028381AC0000-0x0000028381AE0000-memory.dmp

memory/2168-467-0x0000027D4BB90000-0x0000027D4BB92000-memory.dmp

memory/2168-482-0x0000027D4BBE0000-0x0000027D4BBE2000-memory.dmp

memory/2168-489-0x0000027D4BBF0000-0x0000027D4BBF2000-memory.dmp

memory/2168-495-0x0000027D4C710000-0x0000027D4C712000-memory.dmp

memory/2168-504-0x0000027D4C730000-0x0000027D4C732000-memory.dmp

memory/2168-509-0x0000027D4C750000-0x0000027D4C752000-memory.dmp

memory/2168-526-0x0000027D4C770000-0x0000027D4C772000-memory.dmp

memory/2168-535-0x0000027D4C780000-0x0000027D4C782000-memory.dmp

memory/2612-539-0x000001785BF40000-0x000001785BF42000-memory.dmp

memory/2168-543-0x0000027D4C7A0000-0x0000027D4C7A2000-memory.dmp

memory/2612-547-0x000001785BF50000-0x000001785BF52000-memory.dmp

memory/2168-554-0x0000027D4C7C0000-0x0000027D4C7C2000-memory.dmp

memory/2168-568-0x0000027D4C900000-0x0000027D4C902000-memory.dmp

memory/3844-580-0x00000247727A0000-0x00000247727C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RO2U4UUX\m.facebook[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3844-643-0x00000247722E0000-0x00000247723E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DTQU6BZA.cookie

MD5 02924a4f405ce65f044669b62333865f
SHA1 4a558d2a65fda13f0546ef13d8568eb159910707
SHA256 db4362970151700990227682992bbe021ddb473f936731f1481b82ef3ce7395c
SHA512 b585d13baa3547e042aa4fb278dbd9b6c22d29531e45892e49105cbe77eb648d8f037aff169b8f1b19c6eb866aefe291a194cc644fa95a0101f5b3aed38fb98d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 47aa3a162697800537da2c23cc932c0a
SHA1 58ae5492f36c35319d97f9a9b65032b7036228bb
SHA256 4f6d4e8c114752477efed4ec5cfb9474467c935cc1b6d026090f18213551a0fd
SHA512 d206c6f5876c0a1addbf3f6bb490f0ed1dd7ee1e180ebf223da5513b21bc478afd9da967ccb307d29ada8522d506d91fa8036a45e2b99a9c8123137f711e48c9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c50af1e0c3134f2a5207741fcccc837c
SHA1 cf76851a4a700e20a7dccea85eeaec5d4a0419fd
SHA256 e75c68aacb589c0716bb41b3805c3b6688c6872a4ad41c48e9fba2a4c2b4d582
SHA512 4b8b0775597ece8e5d2d1be4fe41e557853372ec82de4680213030011805ed2f2d752039416b7efd379663c3b38b1d34cd357feca8ee94d5660dc92cb59f4d11

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2QNIEW4R\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IG9LX2IV\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\2qvqnyu\imagestore.dat

MD5 2cc705de080647bd5b5d8282aacdcc40
SHA1 3d9365911531de92a8b25837c88b1fdd25c4ad18
SHA256 170132536f724754c17a5e9e52dca37a5dad64d2751f7d33207cbf951bb9947b
SHA512 0f891d4e9dcbb3426b5dac8b749abbcb68326dc67acb97db814f3b12c3d8e3f6ad157747677d6bdf051ad00603c2f6e87de13675c2acda8eff57605dc7a9ab2a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 6930c94ee2337bd8da2fe191672f66fd
SHA1 2cc9af84eccc2486be358fba9ce3c4e80ffe5762
SHA256 da697a3c68e265ec8686a71e9b88e765e546ecca4170cdb000e011e86dd4804b
SHA512 c6f5fd05f5f0aaaaf2792f00620d10e9d4d8b39edad73d96fd6685a3cd855674cbe4646376844269146b4ec7061669d5673926bbb23b7fb40f45fa233b85bd25

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y6837NLP\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IEC9T0S8\3a012c1a689ae3df[1].png

MD5 96f113126e106726f8b834450192c44c
SHA1 4581411ec3fc7d085e4144acce9fe96219e46d7b
SHA256 ecc260ca82ff2ea807de78eae5c96a319140717ae737cc58c0abb52fc19a2aed
SHA512 4e1c2aab1cb29095c4009e02ff8673c990f04e519da18234c24c64dc6546db97db7daafd9d9a82d8387b275d176a031bcc3bafb1ae2c37f6b4a1d06b4defc253

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V3LWI0KW.cookie

MD5 9053e66b3bc51bc45e425045dc9d3af7
SHA1 5745dc628d1da20363281b2a1ab9af4995baff65
SHA256 f9cfcb953d579e7b92805326a3e384872dba307b2f9c2c5253f24ff60e7ebf32
SHA512 57914ab8cf74f75047951d25286adf90f95f42d177af75c91f43c3681f1b655db9aa32d4a631bb2f137ce0e0914a5932a723faf0cae604b11a0e0c9722c3a563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8a018f5df0c818f74ddca85878733868
SHA1 c449236141dfcb55f3b4033c79732710bd97298c
SHA256 e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512 ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\d90ee350-1f66-4bf3-ae22-5c21131d88db

MD5 658cb45e1cbd51196c81df9387aabf4a
SHA1 c44227706d50ad03372087271bfe5a05004500b4
SHA256 cc4393aa8fd0fd9be89637420c200643d2c5c21c3c5ad7ea3c7ee2d559fccc62
SHA512 51965667d28c0f603958844913135105153969618c4ff9710f12a3a0643347a4345dd969ebea2929affdf97ff8c86f69a3e88b2703aed7f9eab64f2f80cdba21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 8cc689ca4be6158d5e47d53ed176586c
SHA1 f78d2c11d1550f590d5043a987f4c56ea23f5f0e
SHA256 d70d5739cc8fa24b1896d17a4cde1c814f5d35194310026ac4304d37986bc4fb
SHA512 6eacd4abc057f5f232eb7ffddc27fc731236b4b2fb95e7ad9caee3cfedc710f5a39bcadbe9a77603bc3c825f863e11f953639d372afb706b74d942c586351e0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 82cbfbe61ecdd1664b800cf3e5bb5491
SHA1 bd21ad6b7159af7bcf9cd77a5bb1d778a8f0a9d3
SHA256 404345c3244fc001c4ed3b327b753241b2f8ae19a5ef1718addd8b54effa8e93
SHA512 25be0040564d28afc9cf9bc93b6ca1a546ebc0040769409233040d554a72319cae948bf54d516e3b7e35d7ee352035b25914db62d30a8fa38db34ec4d381c912

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LEIZ539K\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 9f48e46c98348107c3b225c61bb47379
SHA1 3c50774d59605f9eaf65e45b3d6062f46d9485b5
SHA256 bcf11b87d6aed9978251dc0ee6d2b0805c9f8a6ed0caf270d08f16002de8d77d
SHA512 e506daed10216ea7b4d16270532811966bf4c0aaefa0f4baa185d6efe8510fa97ceeeb2358c154c7a7075c0c37d1bb23baab66540fc5d3c2a2d86994e302a5d9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LEIZ539K\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\desktop_polymer[1].js

MD5 677580dec1c7bc3ec4ba01a7247a8c1d
SHA1 1cd10ee19e296b8d40052e684b44f7319465544a
SHA256 0d23f060405949b51b29be9b0b5cf30961cc894439ef457a210345bb06b2f75c
SHA512 53ee05ac3e6a984471c5ba98c739fd4071e928a8f0bc10957af4bf70e22d65f126148ab55983b983ba8846af4f29b2db565faf52b9527eff8c1db9113c0c6a28

\??\pipe\crashpad_6048_CONWXPXUWTKGXKGJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 4c3708c943cee705064dd7ebe0e61c57
SHA1 9488cf0c55d45dfd4e65b752cb13d848817bd09b
SHA256 67dc43b3993c03d29803b3250b1f9a0d576c22a39ae85cb7ce05fdda8d263838
SHA512 76bba0f6e135e069e4cc92800c8a4f8ed787a43f22b36a80b855c80035f06e18ae9dd5b1b4aaa6ddc11995e260196a9474c15765981b62f281945a3585697cb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49c6f0deee042e4671ba58ff84b3c639
SHA1 ccdf9ad2d8decd469dbfece48adadc5bd0cfe037
SHA256 ef7b250ab9ba4d9147ca7bd0159cb5a9c9c1b4a5b93c5abd624ed6eb45783a40
SHA512 631bcac214e019d1b62171982dc92b436f7443fa2378f34b6d3751ea546e2be64046422e52a8209e229e27291f366648fe8c5196e850bf8beb8873b344daa7df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df36ed79fc0570c05148bfcab8c1844e
SHA1 230a8843024a68fed489fba345752528fcfdc2df
SHA256 77b4839fbed28e976ada980ac417f2170c4f14d7b6cb55c6ab934cc38eaa4b72
SHA512 23d5a35aff35df0835310f259f6ff69866ee32371bed674239bff61a225a0ab50382b08eec60c728773e8ff88fd8d1a97ff425cb1c18e4dc35872e8282ed6dbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 773111ef079a44409cc0d0bbc960195f
SHA1 ab27da09d3e13942f9fb0e1c058e54f57a39d138
SHA256 cc89cfbc26d8051854a310c8e3ce06a2f0af03060793779d36d428a1d9e8af7e
SHA512 1606e83f1e0f467bc2be343308f927d82afa543f5abe1d2301f4d8576df4d59cf70d6caaabacc7b3927c97c57475cec2ccf714c56581fba327e86f25fa21f252

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 cbd8dbc0fa4bb19d2c457c40e576dbe1
SHA1 b3406be81cf07c0b57998ebfd4ce587ca8498148
SHA256 9c914c1f2893b9000c8edb6ba7a2f046fa623d89b76c66661e293f41215fd947
SHA512 95abb10a240cf2c5b19bdcef075eecde6d6ccd28aface27beb5f71ca39ac53e04a715b13253aa33fda24629fa646dc262437609838d99ab86f0db3e4d3a49902

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 77c837aa6553238b1cffb2550d6103d1
SHA1 63d39d19128b453d37db87e3c2a6742d6b14fe50
SHA256 1e766b18f84ea0d9849134a8d945f21686d274319956a4519a24b0b8dc09f491
SHA512 1f13f32f6e0e8576ab5374835e9b357e4ec75a2cd65d71635f7a3645b7eaad72d53fc374639b366387900fb00b0c0675dc9a4c3b2eaa2316bd6a6bc883b924c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d1bfe8908539f9c2116577e5c6bc2a3e
SHA1 738d18e5345d3b3ecff575e78dd2cdac2db6b72f
SHA256 93d96b7a07361adb713c4c949122beafdd42184da84a12e7067a7cdc3caa50bb
SHA512 80442dcdc17e3e6eb89b1e18dd488a11572df47a97ef57d5f2491c6ff6d4fc949c65184f74bef9b458f432cf1d1615ddce75b1bbeef69c90d4bcd5b7012ed5da

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JDHHD3FG.cookie

MD5 54ef1263c3f36f515ccdd5d5b8b3196c
SHA1 580bca11c6b69dc49a4b7c807fe858a1adc18c1c
SHA256 3cc1f73d5f84af04efe6519cb1c83461d0ce1f8f7b9ec87691bc9e3dae2717b9
SHA512 e6439c3a673473953486f53122ab970935b557ba22df637eae947456198ac12a154bbe72309842f9a3cabead948a3cbced2cfcc65d5d011409b3f9aa02081302

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c76cb3466802488c635efddebe6a3349
SHA1 56c1e525b2d646c97b074dc25efcb496a8bab53a
SHA256 08cff13126225fb3743d034cb1aaf36c9bb25676af2f8f0ffea220f9d4e665a6
SHA512 d689b2eabf2fe5f391788806fcf37bd3dcd9dca168f82e07e2e9962fa75cc61ac3300981e33406be55159bd4d0fa511b2dbacb4e1cfbf6cae9a1a54c59ecbe62

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\54V5D51X.cookie

MD5 b12f6e0a632e441e81bf52f8217c40e9
SHA1 972137f19d436cb151726c2da859834dd54d47ae
SHA256 80e8046b4b41317f5442d83e18105dcdf8389e75c92f0cf99de7155cd1e4d386
SHA512 7cd52f94385e5ddd16770685001906a3c05a35d40bd671972a5da8bcec200ecb926fc035af8b167a32cecf6cd472be5d8f0eac3f1b5a9f5c82ee30f5e2ad28b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c89ead3d2a1602823e93d0d2e78cc955
SHA1 6b73334bc935a69ca95bc3a5159a2db7e11af9a0
SHA256 5e4307c4552d30e22a0e515f4591238ec71fdc43bd44d6c0a76bec5b23be1ff3
SHA512 b96b94af0c21c30a39c26980f37d612bdd88d4e6eeb8dcd4a60b67145904cf7efaf893b317e747837294cea59385992bcbf7b549a49f44067c9faeb094e0f5c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 a5e50227f9dd80268cc90d8ab02fa6ec
SHA1 df5ae764f30d1cb61259ef26b8e56bcab33382a5
SHA256 5cfb00edb883c62019a8f1a7d006a3839a169be1e9356e3f2e908882c6ef4747
SHA512 7904acc7a66c6ff8f9a59de66372ce7574cf1987324a8ac75239a17eca8dc74cddc5e6ecd4a0fa307d3fe41f2ea708a415ce3599d6678aaaf3aa4d28c23ecc0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 c94bf6c52eb842ed5b29e3e5e802b080
SHA1 d85fe2a736b7638dbbb2713bf0ca8850f442816d
SHA256 19df886c1ddd99c6aee69a0a9ee6d3dc8846ffa78a6ffcb3cec6a0b8d0046cd2
SHA512 b4b132bc061845cd8ef5216b666c51b83d00358b056192d0242d974bca84d48f2698c441c088ed345f7327daeb2ef43f80ba6dde484f82b02dcfd388d92c8832

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd3b194f147270d5d3ccc4dddb927d33
SHA1 0aa73c882425bdd81f8d784402bf322a634ec121
SHA256 a13c5be3bbbf0780211837abedcdcd6941c99c353630d6296117b67e99e0fcee
SHA512 3572f3cab189486bb765af210ae2f383a058ab00855dc7f20b339f778e82fa5419bdcfac129d9cbd3b8fc47a72e3f1ba376050b81f7452d8c111e6ae24711d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 84a5493a3eeca0fa8dc1e3393613850d
SHA1 9a591d13e8b771452cd6c7d030346190774732ad
SHA256 70b0e020681e9da4d409df37c8d065fe15caca487f4108fcad71a0a616ab730b
SHA512 9d775d1df620edc6e00a5a54dd3b110ffdafcc0a9e8efa09ba291fc05eb1bc5b00f9c0c860c469a1978f9295ec922dd9659a6fe8588cff03ff4ac9a266dea9f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 91245495ed40b8df48070aee4836cdd3
SHA1 7b40f44964ed975c14258a9bc37a8af04059fdc1
SHA256 a429d91daed253463f17e0e5fd9de0b818fce2399d4a43a94c4338846815b170
SHA512 b4b2cdcf32673cf6212487aad6040f86aa8da995e556bef9b760573c7f60242c8063d03d920eb9258fefaa2312287dc927cd3d178e4f89c4294df97d8880f54b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 59f04d036c6fdefd6d13a5f7d38588a3
SHA1 efb1f88237a684257870de38c4db0764fd16e5f1
SHA256 313072ce4de4238848534f355e5635a9ae286aa7766eb2b730197631aaf7776a
SHA512 2f90b9d1f2803cf61d3e8f33a4ed5dfd06f7fba89561851007a46c4e67397e032da6dbf8fb8717ed6927117c1da33d558d326d6898e687b10e0c9f4a79adc0fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 e2ab3f8018d2f3b978d6ccc51df91584
SHA1 cdd55ff57b5b576bc6bbd455b0f426d2b463c11c
SHA256 bb6252e2c77868da79bb9bec452f5ef38705d4557b237d0a0a7f94f10d095e25
SHA512 f01822936e1b38e45f4b0c165f71d8279945dc237cfe756d90a321c4f88a87e3a01028a0523f3245cde0800a7fa02691eb673ea7d6b5467aa29918b351292c7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 0bd9c95cb4cc68347348be40a3894b95
SHA1 b2e76ae9211d4336e12dc5e1c18a93d9f15a2c54
SHA256 b787326d199bbb8413d40d4ce4ecfd8711430a8ed37a74d460418925c9b89008
SHA512 b3a4148fd817d38e335db55d3d4c6364f57fbd9fc409991d7df8dbfef0962bc60d852fa925022058d0bfd2d8ea994f99b2a1d96c0ec13c941749a2a889b8e98d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\53\{f7c05a3d-f078-405b-934a-ac2ad9c13735}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5d4f66785e9d4559dfa93587b073298f
SHA1 5e5b892f5fcce3a1e5c444ac440352dec1d8755c
SHA256 1e60c3b00292bbeb0abc030d2a4d903b38609946df7460ead97f56e9493ac20e
SHA512 729e48f1b4c3c23fddbaafb265522212b461b22221ab2c374281e77ddafe556eb272acbbeedf73b8ad96f1ce421cc5002facfb4a546f2cf5cfb75080a5ff7ca8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581e80.TMP

MD5 6820f25797c8415c523774779236716e
SHA1 5ba0cc1dbc67b13607c23cdfa8f53f1679dbd680
SHA256 dd30e8fecd2203cdf6e79fbb89cfa54806207d08a242fdbd4d9fc4c6fa5494d1
SHA512 e28f5de12ad9462512d13cce3dd4cca53394c04cffc95e81079677596cd4bac446fde9f29e6f4acbf92600f0b7446595be543c0b210e7b376d8b0675883ec103

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d538aebb7436ce5bc26b87886f02dc9e
SHA1 444e6824c8a84ee248e7bd09c8dd19d67d83dcc9
SHA256 183fbe0591bcc7301e88d1ebadb76360541822905a0157909a2782993ba22115
SHA512 c1aa6f8747fc487ea222045d5acf2f2d52eeda336f0f5135e55333637d67cdc60f2122aae99a5efa30f29b2a1074d3113298b8f95c5323a083125a3a54cfb314

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\4294799986yCt7-%iCt7-%r8edsepeo.sqlite

MD5 b24d74977f474e93f8075337c3b862fd
SHA1 57757fadec20469f0e89854d9adedcc54be1501d
SHA256 8250acfdc81bb207bd4f29899852bf6d0d24b95fe5ab575a642dc398bd75a3fd
SHA512 72aaff89953f5fb4a7a9182008e334d2ffae7af2c0247ea1a0219eb2bdb63b45e19ff5d2b1fd49eb98a5a0911c09017267736a11693ba57960e2a41854591b01

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f3b35c44db445c300337e97b66b92984
SHA1 b9eadf6cc605e8358116a5b471fefd2951f9f5b6
SHA256 725807bfd54d53283c0b64a4b17497d080e4114dadc1a1786dc0174ecfd95377
SHA512 ff4496b01414148165772a0b740054fc4bc6bfed0b568c85d7a2f81041c6b307b8fe216794f6792d9bc63086ca9a42dbe1d2ce1ac82b52ae915aeaa3fe368716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4cbe71d7e7dd2c9c5308cccb7481cdc5
SHA1 bd8321e1e3091d33e6beed92aa569da2501bcfac
SHA256 09ee3e619448f9a7a5436e79e37ecc13da642ef0805c2e555a92bb32bc867883
SHA512 b10a4cc36438d3530d8e4a0257ad1d39a7cdf4a6d02e22d6c93308db401debf03c1627b62329ae1de2c73e380b814068166472cbbd5f9597bc6f23baa2ae5fcf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 71a252ac2c50838bd17f37e2a38e7735
SHA1 fadc99f6c841cb293c850a65dfc4437924390bc7
SHA256 bb6d4fae946ef1c2e2fac899b8c1c9cbff05d409060c1528b239f1e040dbe849
SHA512 c49f80793d90051f01111b4455884e928a6c6db8cc12a6e94ae3060b3f84ea8d605abee6473b7cadc4b5c090ce580f0f9c5cb7219be471d222df322b2b71aee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 31a3977de02f4d3d29772de6a660de50
SHA1 7b05dec070bd1c451692ca6145a0f138a9b12546
SHA256 b2706dfa0c0aa6448952cce77cd2bd9e86d4c7d456bc5eaa1f210dedee73d2ec
SHA512 b3d8489a29eec41205c7ed1473d672ff9c2a465fb6103c597c952f41b420649af364e51ec2444958c673ab54446d3edeca5d3a19059da1567484eab7807a6852

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586d0d.TMP

MD5 b08d4a15797c1e350400e0ef019b4b3d
SHA1 40ec3d89e3377741afd63a3119f33995cbf48e65
SHA256 87703faed91845c0afbb30a45853f4ce6da9f415ad2cf836b3d596a411b36f3f
SHA512 fc9d9b934546a353ac346926cf910e37033eb326b5d4b61446c3b0387cf7217b32e7df7e14fd33f9a2f4280bff51167a2f01cc7f4786c6042b5385a7bc1b9345

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2QNIEW4R\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 c9c75090db413899fd8a616dcd7659f1
SHA1 2f1766f9c2e8be0b4bcc358a5632b90d837ebf36
SHA256 7d7f360eaaab2e7b84e2282352240bb445367f36254a591a2ce2f24ea97d5212
SHA512 0da1758f53ab8535e83f8c4510592318d3939625c784f50526f6739d85844867ec98e714a7ff5c9e31c845bc34d82b84d392581d8fda33cabfe3cee4c1e9319b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 827ebb13a58274b701042b279f366b0a
SHA1 9e8896a5fdbb9479f783ed1caf187382e96f910c
SHA256 332d38e285bd9ca5c5da0bf674f38d2d745c6d483fa640fb2e1cc1141a3ecf81
SHA512 db284cc690931c275703cf8d3add12917a5f0a13b5ad262b46c8d8dee7fa748fcb64e4fefcddb9c1774004379839d4b42991df1fdc8c99c70074c45008fe51ea

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 e7b39057862468f46d097cbe7b2f9ad4
SHA1 1ae3dc046080b2b900ddabdc3c308f0905e9e3eb
SHA256 fa4bfd42fb33d920cd0a91905206bb140098da4d39e16f9e18b07dfd05c88694
SHA512 661701c499607762b3df7de9e579e23828c0cfc5cb3b1a73d5a5ea69c8b80fd5ceedabaaa4887b33f1eee8aa388bf4e4f5630a8ccf6a3d15856f59f9f6292881

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33296635e4d815b0937448bd8bcd13cf
SHA1 9d02cc28e6b4b18e70e8c931bca94e5a2d908cac
SHA256 866ed366d33630f70b0b837353b4b14bb00813a86590037fac27c25148e4c921
SHA512 5c0599f64a5b94fae0b910700b1c4157fab18a157d8ad1f3260aa00ed6631fb3f583d2491fca2eef7e4707f2699212c9d50cd62adc39b1ba2b1a0105821930f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b48576523c4121422fa262631e0cec08
SHA1 9df39a7fe855a40b3446ab13f5fdccdfd57dabd9
SHA256 6c41780e7e4ced104d235e99c13a2a6e9eab848e06398acf722d42dec46d7883
SHA512 2b06dc3ef96c6c9c2507768a599eb41a5ce3217ec5121d976b618789ebdad18a364f49e4f8c2cfea49be1bc7eb93ec89e5354b119dffb0640d6cda000acbb190

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 de904bc799b5cf2e15b3ad3d4cc2bba9
SHA1 d67c466e19403db26012f167059db939458dc0d9
SHA256 631920cf663280ba56a58ccfcebccb4b3928fec3098783b40db278a0cf064e22
SHA512 9b838285aca693b96f625d4deebc2058d1445db3f867cae1fb6e13fb646efea9f851801dfcd11f52e4e05891174bcf35e48e6ee5595a98e3c309d4c2938ecd48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bf6a7e6ade88ee0164171ce99c507d2
SHA1 c48ea4f33e64188a27f22d10e08d38fb48200f25
SHA256 2f8260b5a1b20a611b0b28a434125973cea1980413c7842817b1b31914ccddba
SHA512 42bc2c9d6642e61060d6d1b08070367d8d071f0f11e2f8903e86f63735560e5b170c844304375778b8dc14e54fccd81e23e44da13f4d440234f2cfb5e4fc01ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2079b221fe3dcb8d92fcba766a68c53e
SHA1 724e24b1e66b36f688ac3569be6397439115d0bd
SHA256 df8b706add6d71e1718bd51a4b764f21c4a306b785177cb692e4bc7a70166705
SHA512 d17b3133372ddcd3b5231fe5d32315224d6e6c095cfe541d0de87d2f8b9ff198e6d309e8dd5a8114e3e6aab164f9e8b60b2bbf56d6d60e5024312cb0f46ddefd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a77ac37436501182e8f210635879324a
SHA1 6f3ef687e8ea4466c49bae1587879c71cbf06727
SHA256 d932b471b7b3e867726ecb809f116b39fdea1b1ca8270dc64fd3151c444c180c
SHA512 cc2691f30de613aaa5d98224df18d9a9dc3180d24ccbdb97df9730dd4d721968396e9f286aa0294880b399e90cc61541bf7ab5cb0775fd8e150ceebb9361a23a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8e0f14c923cf4be693a7d3d4a5a5f86
SHA1 c73c786145b7a871687a072a4da850fbec2367d5
SHA256 db0cdf0e8ccefd767d96ba7bd09e62bc27dcd8c8eacffae0685306cd47eb5918
SHA512 b65dd60d23ca5fca87ff152dff94ec4d579f3f8c536fd7672258be3ccf0f2b8bb8ab5e80e93ab3beea3588cff18b0cbcc5d5de62d80f9b965cfee6acedc8c8b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 86680d5bce1510a7af24fb3b5d701f56
SHA1 f15ce77dcf7fa205bd2ad6781275b2cd548012f8
SHA256 e1e5603d024a777a904ff58a26188f57ccb12e5652feb2bd0b6d79cddd768839
SHA512 b89ab155a1e2b7070c46b6eb9fdf39276ed0e143cbe05da9c4b0d5f579d6fbc513b36a74574838911d26d322f31a8aba81abd3174b755ee280131a4b711c62ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 390a2b79585c0fc312ffcf7529f423ff
SHA1 c2141a8701c685c6dd77317573e29f67c6934805
SHA256 ab892ea6362d5291783d958510f177a59bac67ea6d6d0e8a1128d27450ebb0b6
SHA512 9a8eeb7c91d755a39aaa2b823fe9e9df8031ae7e4caa2aa60ab124eefc150243bc654b89b387313286ac7abded5f773447dec06fdd4b4e104dfa89311a744a06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e7e5bf8717920e58419223844341bb8a
SHA1 b9e515dfb70a8e47af28fe511b4d7403bc0961d3
SHA256 666b55cbc453d05c83725a6db855dc1b44cdcd7fef1a0e6765736c6bf757191e
SHA512 641500fd90dfa761e5b2b19c207a5181445728ae1de0f3423ead5613c00e11ec09e945b142be8f5561b7660fc6a372c8a03b6a8e867ba9afb1016a8d36b3827e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c175e1cec12b9f696b24b89e8b3ba9bb
SHA1 bb094dd05cbeab77303d8c8a82e462e2b474f834
SHA256 aa0903b4953636df682c8ad9611ac1edbef771e9a9ba9e11a5701f9b299dd970
SHA512 547b3850588348c87310532265d150800a325f385ed81d48eeee03478fe6e6970dda2c2bb12f1d4670b5eb80cf9b26779ddfee83beb82131e8704ee069934416

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c1c2364b7b25f10a450e729fd51676f3
SHA1 cb916c8e1998fb436995b80d2300eaf47c154835
SHA256 761303a54d090ce72108d5b1cd2482d9021fdecb0d110acb56335481ec113278
SHA512 9772ac7c1c72f60b46b1bec5283bef96d7921da398852b6bbc5a001233ab7828b282cd9e780103b280dcd329aa45b633c72e7188ea2b7b2f3564efcc091a6412