Malware Analysis Report

2024-11-16 15:49

Sample ID 240209-abpflada4v
Target bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283
SHA256 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283

Threat Level: Known bad

The file bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-09 00:02

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win7-20231215-en

Max time kernel

69s

Max time network

288s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{853E92F1-C6DE-11EE-8DA8-6E3D54FB2439} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{853E6BE1-C6DE-11EE-8DA8-6E3D54FB2439} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413598820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ce8c5beb5ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1864 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2112 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2112 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2112 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 3016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 3016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 3016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2512 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2512 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2512 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 884 wrote to memory of 2528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67c9758,0x7fef67c9768,0x7fef67c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef67c9758,0x7fef67c9768,0x7fef67c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67c9758,0x7fef67c9768,0x7fef67c9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.0.259731834\296653616" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1168 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c6dd1d7-5cb1-40db-8dfd-4eb42716f831} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1344 10ce1a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.1.1833533276\81448962" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e5fab0-411c-4606-8a20-0aa172c54a28} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1548 e72858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1256,i,7514522711804943530,8576591830130715912,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1312,i,8864674165591194220,14079237070100627868,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.2.2052235408\152819957" -childID 1 -isForBrowser -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9493d43-c2e9-41d5-98c2-96ee31c6844b} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2372 10c60458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2632 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1312,i,8864674165591194220,14079237070100627868,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1256,i,7514522711804943530,8576591830130715912,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2808 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.3.546506475\744666057" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58869ee2-7de0-4f44-b21e-611487cdd58d} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2920 e62258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3208 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3284 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.4.118055406\1027347655" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ac5198-7b69-44a3-a616-cff83e051c04} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3744 1ef89d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.5.1530387728\609090765" -childID 4 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b665e787-3a31-44d8-88ab-76e6bdfed884} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3848 1f571258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.7.902619202\1555904851" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0692e0b2-ac43-415d-bbe3-ba84e8735be4} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4188 1f574b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.6.54649703\1067426243" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7b9fe72-0de1-414c-b073-0bbf1007db10} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4016 1f573958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.8.443619872\557733690" -childID 7 -isForBrowser -prefsHandle 4492 -prefMapHandle 4496 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f171701a-0e42-46fd-8a48-68bebd7f5b41} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4480 22491d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.9.2061467107\1860651010" -childID 8 -isForBrowser -prefsHandle 4636 -prefMapHandle 4640 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e772c2-5bb5-4f08-a9ae-4baa3e43fec5} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4624 224ba258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.10.203849208\10568636" -parentBuildID 20221007134813 -prefsHandle 4700 -prefMapHandle 2044 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dbbbd70-088a-4c40-8871-ec8f05291d52} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3192 1a22b558 rdd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4260 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4376 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.11.2030551374\1678215785" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2252 -prefMapHandle 2876 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac03fb68-26c6-4e6c-885c-6c874aed4f2f} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2240 1ce95b58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.12.1899572544\27425977" -childID 9 -isForBrowser -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f52e16c-9979-4b8d-b089-76ee214681a1} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5064 1cba2b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1244,i,3353044244380838932,6348091114169021421,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 216.58.213.14:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
N/A 127.0.0.1:50122 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
N/A 127.0.0.1:50134 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 youtube.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2512-0-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{853E6BE1-C6DE-11EE-8DA8-6E3D54FB2439}.dat

MD5 608151e4814dacb4b1443927b0a6f937
SHA1 8806fe4ee75c6f8685c375943f8c30de1bfe98bb
SHA256 b61923b33361ea0fa4b565c9af4ada35ea0d5fe0166ff1a872303d82ec6ba43f
SHA512 8f0d6628d53992114067ff2c3737d370d93c6d62883464c48d9d0c13e5cba94d31e49deadaabb05162572cbbaabd65506af79ee9921c75bb2ced189197becdee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8539A921-C6DE-11EE-8DA8-6E3D54FB2439}.dat

MD5 27df682849aa7d999810544eb70fb0f1
SHA1 6d3b3e5e3756f107b42dbb8ac767167faaa1b912
SHA256 0313d35989aad4f08d34654d9f3be55f2334c8fcd226710597455053c5fe0ee9
SHA512 edbab2c0a1f13724fc67685459e1b94f111285baec00f5d5ffe63747974a6c34bba21e643c44c5ef60f889ccfd37b80992a0c4b17f2a033588766c6c4b48a7bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ba654160111ebd6ce3b4659ef6093d5
SHA1 9bee1489844704500c645a617f6b523208bc1a87
SHA256 5a74401ffa036daea3f1eb60eee3fbb2f2a28f984eb5a7ee5c836bf97f391604
SHA512 4e3cb3045bec1e13b33433a6c2344a70bab21095d76ca29728e37a3c927d7af09452bebab05ed2df35be845001e44d4df9547ca4e6da731ea2834f6260f2cc8d

C:\Users\Admin\AppData\Local\Temp\Cab14A9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar14BC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{853E6BE1-C6DE-11EE-8DA8-6E3D54FB2439}.dat

MD5 238438811b4145c68df2517b4d7d75de
SHA1 73c54feeac0f6bdf3440a62a30eb9ad2921096c6
SHA256 e55c3912d484b97a8707475113d67fa68dfdc0dfbf0d4d16c4070af41773f0e3
SHA512 f0220409f0c0f89c09c9e2ebc25253ab1db9f4e295672e31c2844468f37b31e5064570194c6d173592265fcf45b9c888cb20ccc603b31ec7053dcac25b1f9e8e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{853E6BE1-C6DE-11EE-8DA8-6E3D54FB2439}.dat

MD5 ab9aa8749ce3a45976b6ee74356dae2c
SHA1 6189069da74839ba9896307f048ad52e7231a7e6
SHA256 547b652dd3981c68cf167196202b9845429676f45e709962aef8f1340a73e933
SHA512 aa69a4a7e5e2cadf302424b94fc8e3728569a4b96b7cfd823b5114c52b77bb539ad61c1316512be6a90a0f4b27429f6af4f63b1841d1006ff79e3ce5e4010c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac55494c8bdddd25b45f0562959badd2
SHA1 f2046f1f6805ae10121854fd531589d3c78a97d7
SHA256 608809156c86591db34c1d3408c41f5cfe6438dfbbc7a0ed22db1f23ff3a403e
SHA512 14bc2494058a745953c26b09cf436528b93d627fac737dc31569626a2e4cc7c8e574bd6133694577960a46b31b3d814806e98cddadf57edeb4e8b269a4e17568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 841d2df0260127f7d97edeba41d6d64e
SHA1 582dce919728bda44cc87252be1843c582c0652c
SHA256 ca07b48a7388f690d85feafa9c2f486a11695b9f6a4ce07a92f5e0ba0ea01b57
SHA512 306059ca514d4bdb3c2e02d5ff242525b65011ef9a8962daa2fc18a0deb9b9d11e6f1da5e9ae4859185235acb4f8e653bc8e055112a8b91f8be3ec18620ab49b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 25a7046064b9a95b68bb255fdd80f6fa
SHA1 92d357feec45b7f91e7cf2248643a2a11c33e87d
SHA256 cc944415be560ed01371bc111b48526ef2f792271eb039ce7d3880601e58caab
SHA512 144dc38e545acac8d2af38ea1a68941825fccbbb04171ca9b0579b425c4471d4da0820e87ca566a68a9389353df5eaa47035e63298c31648aa69b062b9d509e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b892493f91605462d6212a19df29913c
SHA1 1cc9fc5e4a8d048904733a09de4fb698b394d88a
SHA256 da56ceae42a89657798925b0c3858b5d1107e68fe023bdf682443bff5def836f
SHA512 44197e19a9730ae41cd8708754813d4eb0f90eb37b9b165efd3398f35a69f6e458a4ebcd33dcff25ee237a3c71ad3501a9922138e56b74a1626b6808848f3591

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6546a31f984072b938f398677245366f
SHA1 b24a0c18dcc483800bcdabe85557039a4fb486f2
SHA256 4a0ac112f004d37ba1b41f0912317577bb38e4c7d23229b14bed43d2d25145f7
SHA512 f9248600367e61548e62ef060055cd93defab572b73ed88ec23eb0b8ac58fd76c20c04710d26223edf6bcd0f6e9f2993be5a3703635b50a943eb6d54b92a23c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d259ac54cca64ea2d7554d567216f5
SHA1 61554d9da1793eae6a3948d9be569a260008bb8d
SHA256 d01bade3af3373ab987363be24b7381c5df391b85b0b8dd4887c3871310e7f91
SHA512 84269f8a7916b1d82887949867f68f14783aa388c194308bd47e5bf643f71ee4c48313ccc084dec3e6228a2188ea70b74ffc10126d41f62f5c6e5322f8a500c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ade7897be16ba9e0e8b087b7b3a93b21
SHA1 484bb16ce6ec7bda7b2f8aa372f5c450c09c6770
SHA256 0991b8cb3cddc9a26090ba26348666e3343da569a7a58296258b3f41dc421289
SHA512 34bbd7ee77841982675822549ae614a30e94b29407addf0d61d2850a104bc91b230101439607064be5eaaf0ad1e577e0bcedf25076bc527b9a11b39ceec317dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 ce59be0e9121479bbb0d6249e3933795
SHA1 32da15fcd0fad65d024a49f840fe8ab7a01209af
SHA256 8986548ac4ede6cf83063db10fe1ab2f17d06be5109f0dda2adbcaea8538e85c
SHA512 11f97d51ffeff530213f5c5bb33b8f8387a0e5abfefb3aaa2e26434241c21d85762981475c84fe486f0ec19f7210c88ecd28571089d09f04668e1b01fa850eb3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UR8023RV\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\957KWSB9.txt

MD5 b97b9c4534d67accdf8a093d1a199adc
SHA1 c485bab9034097f1b9d73aa3c07f1c113a179c0a
SHA256 a1138019646bfd4ea7063753e3e4fc040014bcb3a9caeae3d8407f937742a4e3
SHA512 84f1deef8d4ee02ce0dbf53ace1f4b0a0261ed70764ffb2474de9f07888e76123d4c22de7fa45a2440dde09fcd71278d2bed89016a4dec5c6727a44c30233729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9e4637ebf885ac866bb1f5484a07d84c
SHA1 a91728837f7caaca6c49c5cf0b89c29976104622
SHA256 92313f63b1bf5193a66bd5fec7f33ba2d0d6b768f06722674de22d126115e6cf
SHA512 32005a14276b71c0cfcfa1c41b91d93a9c6c07e5977e5cf4a1ae4b3a97889ff6fc0cd563d0393b5752aa3d66be76c7b7c2934f5dd72b6cbf2b9c923b7652f940

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 5ba4c0a10d0ef9ba347e0728cdc82d01
SHA1 47d9d9dffbc59ea929e4caff7ae963d401780fa3
SHA256 bd64445f4ef9fb653a2ae6c3483c073281c9317f00fdc68cbf1b1e738457322a
SHA512 e52d1290895cad7adbf9651709c259fed489223e7c4f8a18ac7d239da6eb44c2575e9c5fd9a5668277ac59dbc6e8913a5360eb92c8b150c94ad3fca342e588af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 5c9bf8b363b7a56f493980dc910c9788
SHA1 39936d71524bfc6c3c86451e7f43d1127770cd33
SHA256 9222bd741cb3cf1b4232c3911f5c00fbf42c7639038d9e93e7ec762c8da99b90
SHA512 14787e748884d3620fd8df79af7fbb8383da62cb0225873dc5b87b5b7f5294d148dafdbe76c2f2ea498311a14ad4d5ed39667afc653ffb877f6923b7b2280569

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 baf807b245f30edddf539659e9a91154
SHA1 3712660c02c871964b2716776891ae7c37391fe7
SHA256 59937e7ad8e8f23f2962b87c5285cab23e38d85924e4dcb8e5828c1d0b7cf902
SHA512 f501eb1bc66f6e39eea9940c22a4b64b45b4758cf75a0066bef3c7900a262ac71e466e345dad0fd46e707c67c02aed85b5f37926baf238dd65c44d1173209917

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ecfd71dbe818800962eda00623dc0e5
SHA1 ef00fbd78b8143c1d6fd8a899069cef7f8a15de4
SHA256 72c6cb89638bd3408fb8f6553320bdf60ac480f87414488e86afcb9635d151f1
SHA512 b6e9b98a8eb0abc3a3e46533d8da34b59fcb9dd55e654f4bbc4cd69931549eed48c4fda7cf37916af04fc218352e831be01780b7d34ee212b4bd9f1d7b844a44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b7fe3d2292af77d7d234c408ede44d4
SHA1 28ec318b086aa62721dbaea8c7447cc70a39a940
SHA256 014b87882e0fb6b64f045ed048c447e5b1e6a9e9faafe5dc0fc91dd29138cbd9
SHA512 2b431fd30df99037deeb7b78d432b01f56be1743ce33f80a90c925680f6b4a3c75a50ab3dcf38b1c94f22e843d959fc064cc45dc1f29c500732f488a76204a1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1740dd99963848c3a162db63ef8927b3
SHA1 a8c3ecbb0d9b59de63ab0e1e29a66bbc5b21daf1
SHA256 15742560a7b81104c9498f5c37862bdaa72a8d547ef730e0144dd99c7ffc1071
SHA512 04ab1537ace6bf15a2b81abb3273a45967a42da83d05fc1cbc9cfc4e098341177d1408b7a1976484a6e8e8bc2e261da6ea041c7f8fb85e6a5291697854ce4dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b660fa3ce91a8d3747d62a40bf23bb0
SHA1 2c190b8d34424e82fd2587f8dea79d4f9cada12b
SHA256 479756ee537d0d2b9f06b9e435b31ba967d9a443a2d0db1d0cd68fb51ac073ae
SHA512 fcf94d30b0a380edcdc735c44c68f522a5086d4d06d5a40b49f27d81c32e1401cd8d95897480eaf389253b0d19f9afa433d698883391b9858ab73b1b8dec430e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6eb7ccf2cde0dd63ae1314406162a0d
SHA1 fe035978d449eaa9b4beba4a9cb222b74b0636be
SHA256 e8f1e0390ca25360a659979adee0af42c0bd6d41491eb1d8bea548bc66993ab5
SHA512 a9a5a85dbb08cad791f5e57b6ba21a2590acbe43d00ae7a8557878d708e4213c4ccd28ce17ce38cd8ce82dd08c72736209334def6f6871d260f9eb390c242de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d334891f1dbf33277cd1cb84e747fb2
SHA1 0e53316dac07424bb191224abc6c6e747c84d5ef
SHA256 be945e3cdec19458ae2e0785f6b814680cdfb1494e54bc442be65a0907d5b734
SHA512 806eeef152dfcc319d4aad9afdab1a9ec58125445a616359a79c6b4b17e69bc9c309c474a7e27f168ebf9309bca7aaf3ee13b002260a8e8382de2b211f830568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a83b11fe6c14117c93f307af1063a4b8
SHA1 34176ea88bbc7384b88ab184e45413f9ac9ceead
SHA256 4634b1500cf72d0c6aed90baa41e559ce500e4387954ce55ed4738e398919637
SHA512 7c0862a853764102a526d520fbde34762bcc8157f48cc008502f97ff4507ed11d13683c82cc9a02f12577081c7641d6f9d507cedbc5b83589e8b506655d1fff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd5a2452c1620889ea63f8d1c2a5b2f5
SHA1 31e7422da3b597b55ff34ccd9bf9a7685be9a90d
SHA256 016a3a0991051237cd2cd63d319870f348ef9c2b0439948bda5d40d2a088fbe5
SHA512 5d9c6c2736bf211d8f37ef76c71d0bbc29df6b3110b86a0291a57d3c321b55483743e70d45bbccf8d56cafec515d86f84a0397484db6a1a092d471fb0a7a9400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e48c5ee3cc8dc838dd3a2ba5e8302306
SHA1 839442614d6a15339b825dd23f823915cce8ac9a
SHA256 91a9bcfa62ad4464ec98f63df6abe58a535b4830ba0280bc0c09a0c84193b451
SHA512 122df5c1a54203fd6c93c4bbaab2e16e011d3718b366e5b23d21cd41c0c27b7e291f46c0be96425c2952ab244d033d7dd0d028e78ee3936aff14a1a5dc769370

memory/2512-824-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2992_PKMTJAJRSVRLPTAR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\05202943-19b8-4098-9639-d81254497491.tmp

MD5 c8ab5a39e3b9b4f574bf0dc4428e6285
SHA1 0b92f337fdeec5d89df1ea675a71c4ef6bf625e9
SHA256 52700af9ac9af57dffdc51796fa15eff6bc60610bb7639c9359df687a6fe3041
SHA512 b101b7a526ce66ed7348acd9ba4d58749fdf892171a6bab0bc8fbfce0250888dda41bdcf825259ce133756695ab88cd7b11d952027409e48359be7cab61ee77f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\caad788d-2347-4ceb-84f0-262e69507066.tmp

MD5 c6d7b4396abce6bf8ea6f4980ddf5c9c
SHA1 8a4e1fa7a35a42e3bcd888f02b053e82888e36c1
SHA256 2c823576f502ea2bf7c734c2bb3a32b53b998d3d5d2c9d6102b576d6434d399a
SHA512 aa0000477096da8665252a12b06650ad528dd09ebaadc8062dddd5e7e0403621aa70ca0054f72b7687c4a4bb31640c778696a57619a3159765d2087c4d3d60a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 d7cb8627aabba2e11d5c67ea02cb0807
SHA1 7b4911325798c609b40cf63f3b3de7d988172a21
SHA256 a90bab65e04c96fed634d8bfb2a82e49c172c11c2f7e1d8aa9803c00d6196c6e
SHA512 ef8f64233fc2859fd64ae301ad0e7483de9ba8aef181853c0298e279c3fac82f2155757105bccc86bd11e6d3234e0fd8314e74aa0e176a0742aaa5aa779149ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1eeb46d7378b08473f6c5c1a9701fa2f
SHA1 f61424645c5324df9e352c9f39655fb81ece4ed7
SHA256 8167bdbfe66ef9da5c44191efdf78ac9217e8811c970253d6d0197fcd91626e2
SHA512 24ea1170bc926248c871fd4bd6ce81b9f9419e7d111ed21135a91a22cf70dc814df32e0cc45497ac1d55ac9d217e5dd86c9cb2fff75abcf3af5aee63511fc592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 b4c966298b47b8aedc97b6e3cedc3503
SHA1 9f0ca0a9b431118b99d074d7193f65972f500d45
SHA256 94387212c8662f9eeeecb0cb6517b98041277e26c38a3d01701fd27eb0a6a423
SHA512 3fc4f35b641bb9e6d3a17243f45eeae4c4d5c306a66b7449e7d3913c9243aa487e07cf925a9d21e593cc38cffdec73d94e9cc699fcdf106679e6dca6e63b7818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 4fe528b43e2d27f36bc50ded690f5b2e
SHA1 59155bb5c6c577fb2f27b13a95cb20b9ffcaab99
SHA256 7e53950ab4514aa82fcb32737106f0d865a12ac1dc39fd5fcd721df9652d76cc
SHA512 ab5ad6db3f1c91ee584cfb65aada4528076702baa79a6d88290240d5e46849fc847097be869d26ea71e5a5ae452eb757c0dd9ad74f44388557b050e9ba165a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 d72793fdf0d31a457e66ff8bbc6521d5
SHA1 a572bf7cfd89b7f328a48858a70c474027ae3efd
SHA256 34999bf9074b5c3122110a8c942f45375dffd81c024ae903c1d9058cabd622b4
SHA512 76a6729d84ef620480799bf1ebfc0393bbc3066905aa71652477bfcf048b6d18001cc6aea5057cce0ecdf0afb0cf9574d67790698bf33a35a0e58bb4dcfe35c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 401b26033d643e6a82d094df6b449c0a
SHA1 ccd9defb2ba41a5d88bd6271089480758c84d3f9
SHA256 93766c5aeec337f8a8c910974a7c6a3ad39bb7bdee7eb6c40d840968037cd9bc
SHA512 39857c58109e7846f0798b1dfeeedd229805226aaf736b3ce1ff4c85e6f51e96871de5dd30a0a0ef4487a48975e10ea1420e8fa19eff61a1e32abf65f3046ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 0708f2bc64ee82ab4cedfcfe5d55df57
SHA1 63a18437864bcb257bf2dc7b5cb7a9320b91c472
SHA256 a6ec5d02536354fc44c36d90f2695c97d233cb441bf54d009ad8d038233c7446
SHA512 92174a85eee3b9650e435d113fe8d8aecad689f709eb9f6cd182a5631a4b2aa0dd69118f0a91549f8df65281c85c8ee24ba6c1a3fc64a67090e204eda004a794

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 c6e9ae75d825d91c0314ff5aa649074b
SHA1 032828ba7a643789118db962f7c2f273f67ebd69
SHA256 3c047c42fc234ec7a1fae0d73a2a5eb111a592bdec9741ca3ddd29bb7f9f6d18
SHA512 5cc8d25a8ba0bda73291585058b1cb0052385c0b07f7ba3b604f73ef6ba6cad6577ba52f281db1e1516e700441535d78a5a6d65d064943f7d8eb26a3ea817483

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\011aa19a-7aa1-4c67-9913-2dd27117cd66

MD5 b9567491031270bc32c2d3bcf653996f
SHA1 03eedb39260385bc560e93a052782bee7c6ac43a
SHA256 879b156ed4cbef1909f68e6acf2aa8b46af68b27c63a8f1ef901de21fdd33b6b
SHA512 4ef8eef78685dfa0ee973c0794afc1832b6f25d1d248695f5352194e4bbb0021ae2b70e486acfb25730dea6f6c2bb97db0967015632596d303205c717aafddb1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 0ee82c77dbe46ccf4133e6a2eec81e69
SHA1 832fee7f43dc91364f9c436047b135f0fcd38d6f
SHA256 c4b35e0ad2054f2887a802f0e22e0b32cf5c6185ba2450f97ed534e5760eb8d9
SHA512 ba7c01af52668f0cd549cc9a042a6705a1a414b7cbb1127e9ffa89e62d7360a31545686835334dc335f32acc98ababde36204752648dfd9c1168e020766450fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 d943541ba692a432626f85044d860147
SHA1 25ab1ee4444e1ea43317d24f48c6abf877424199
SHA256 5b1b93d04c0eb7e06db4389dd25b0b55c028e137545f61dcebbeb0482787f25e
SHA512 d981af109f3ee3f2479d0ffd2821661317824714ebd29df29206db726908e58b41dcc793c5101657a559c87a32fae09e6242ead4fe61da35a26c587386ed600b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7772e8b5feca158da16185bffd742492
SHA1 e8d79937210795a3ee5900e126e1c35019397c3a
SHA256 e0bd301c3ea7ae27a4e13845d8ed76e2b5308ef3c2d56a0f0bacad5031d4c122
SHA512 4f199dea5a66bdc77340dd6f7d1c7453d5a50a1b7cc1848b45d69106b7618b862cb4067d49310149ddfc2a5e40a6e1c9801f17b91b080e7851dd71135fdbce51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76bb53.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab5b719f25c4a7db1784f7de972e67d1
SHA1 27541d35dd3d907f1414817726df5fc277fdc332
SHA256 3aa5b7d66c3a67239ce603e4ea200de92a1337491f950f5c423a17bc94cf67ca
SHA512 d10b2c947e448c82a64f1b8d881492db769b9d50df8c0cd514834df42ab8382827c022edb4613bca3a5fb97615e669515ab6e60f00c738fc5d740738c276a031

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bbb698b9042fb18359fac003658cf2aa
SHA1 f6bffe79cf394821ce37e9efc375ec23a62cd960
SHA256 a62b3d8a4cd612c156a2e2d2b3972952ba6f5091efaa6dea249ce583c668bcb7
SHA512 c31e69514492c057016d00cc9500ab96133c0dd854ada3b3b0ff986df301e92a9fa1780a199f0755dbfe66a025b6b620d1bb1d3a2885e3b1dbe9636ab00b316a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\51\{34aa60cc-5c4d-4c48-bef8-4956be174a33}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12ace7e1809c6a928a37771e2c84ef7f
SHA1 e1f2316a29b63ca907946022ab7a65b4e3232b9d
SHA256 eed4295ada4f3653815349c35205b0b51791b65482e8d5bc404654cb225b1cd9
SHA512 2a1ad23b6d38a4876be1c060fec24cd09cd6d36c03e09c017ad775aa3811f4b5345ffd286a8569fb6e61438d1adc816a6b6367f0f7491efd2c52f8fe0df141a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\3243450403yCt7-%iCt7-%raefs8p7o.sqlite

MD5 805a0b40b9d87a75e58a4b2322547994
SHA1 0970fc44d6ffa3e68d209afaf443d5d1ca7191bf
SHA256 5c7bcf0b4174716ce72a85e6d586d2d5f6d15e6ff2b6fedff9a02285ca6f3b91
SHA512 fee11fc9fec61d4d7f05631600f7daa4fb8736e46bf6e586a98e4d3edf2309a73ccae5b595255968486e035300ac23b9418d8c331f26c6bbbfbe514ff96c020b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 c93d09c82feb0bf9bb64a4310b3aeeb1
SHA1 b483255a3603f0d964d6e88c77fb539f38f1d8bb
SHA256 226b7ad71aedf2035f0a724459b92179ec0a989e7e119f1651a4990a096cb130
SHA512 2d8b5ce3a3591b5740afcec25a1a6ad88ba2e17c747a475dfc7c8fca127f4fd42639d606b962529d54fa710a0289eb0cbead779b82f8fbe8d49adffa0d4019f5

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5ef13b43b21c7e327ad0e67f3a45d75
SHA1 ef13cb2d52e1014c022990fd88b85a730d9682d6
SHA256 eebcd451d7d16bcb7b53885c79d02f5d1e6019ebd80aeb37c73ff8bd17a4d7c1
SHA512 75a59704af09451696a05a0febbba4c9e7b8fe5660c4a3b309d40da5c3ccc87955a05da066ce548a457db2cb212ef6a1f6d7a44725c43601ef26647add21a699

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ff87b93e8734cbaed171db5c30c3301
SHA1 5749e11dd0244811aa104adb69bd37b083309414
SHA256 cbaf19065c4cbd02eeee3b0c169a30c7905eb221b16a9fe57399c48f9e6b204f
SHA512 7ba726a0619aba0f50ec51bb0bb6cbff2732f7c49968f7b1d00d7020f6c20084e537662839d2b5744515d510a70497eb653d577935ea9d1689f2ae536292378b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bd15fefd9629e31a3862bf42a8820a3e
SHA1 a58f0fc436e01317e7cc8b4322c9c7f0b612d374
SHA256 86a7dd7bbf567b67e1f4c259bf99bada22734957999546859ba4c116ee38a64c
SHA512 c6522a4f183b251b2924fdf57869adbb710c30bec1d0478e4ce1f55a6d72c085af4a38de9d60324a2067e6e6d03194b2d5989544af29d8a99e90613a025b36b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7a48442262e714b1e6ce9eff203f2c0
SHA1 3a390c07f8267edbedb5cccd9772faaad6dcc440
SHA256 5fa649bf2d61a6d74ab15ca821a114a839ee29fd7276e4c00ae5577af51c2b3f
SHA512 a7f174c2a7ca00c6f994c0f6d8c483424d2eff3918824881da0d934a876fdee168f24f39b8f13ab68b713d72db39448e2e1ea1625f3d01f9beda22203b01ee98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cd5843a7467b7585369616d33aedc7c
SHA1 8948b2492a503e953eec7db3510206c7957bee46
SHA256 83c9dfd27282cc01ec21f4af562738cff1fff0c4ab9bb808193f487155624513
SHA512 d61f4be3ebd328dd0e232757fee41b95a0c94d63fe9fcc218d19b4115bcb55319f48ea03c4e7dd76a5f1d9f5fee07e21868557f8f2387f6479265189c1eacc03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 efa1ecb1f92df3f2ed52182ae0d20b33
SHA1 fa7379c9b8002b69f827228c6d0951b509db5959
SHA256 4df39274ed86b0262dbf9417cb7d7e34425dab07e32edd2a9145977a13bd64b1
SHA512 18eb4bb039d57ae7dea7ed1f4ad7d60452f0aa80d75449e48a887f9c3e6618e7fa19bacaaa00042b0b62fa173c0fa13f1b8e5f669da2d2c40d0a239ef4c28bf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 495e8be345d0fb054bd7e71ac278c3de
SHA1 bfdbc94cf2b155a59d3562db5d5bb625b9c57184
SHA256 7fe0a19772f5421aa6eed8302e055c837a55632b20b423d8267660cda972c4d5
SHA512 e977d605cc9033fee155ffee34a9caa10960c974720e31b85baf4447d6c00cceaf972f8a8e4cbcebdcb73eaa966f0391954f8b57a9712b298626c76c88077eea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a78bfa371b6c8a59b5e95568c35766bd
SHA1 e4ecb6d117760e5b35a6aa0cc88487aeb20f7b96
SHA256 f4dac7016f97310d9366ade81905d5f2fef32843d3f41485e70674333b548d18
SHA512 7fafa871040a397370a5d03135ecc78d9e1f77dbef97e51e3c203e7fd9cd2ddbe67f7520d62f59185ee62aec6b6b07de43395f4fc0436c45675aad1ce74e7a7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c05462ffdf1a7fce6a8aabbcaa69fe0
SHA1 53eb58106925909ec2538835eaa5db4e0a99795f
SHA256 1164cdb5093f66ad355880e19018ac12bc9d1e58908fdbdc34a15e41d2ade66c
SHA512 1fb2b5182744143a1fae2965ebdc7eacc5004f2bf51dd9f385f22bfd4dd24beb08de7a09aea4024d79eb0c9455aac3b2adbe1e23f6729aedc63ffe0659582819

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8f9ff821d804b93b2ca9f714b02d9b91
SHA1 0667e378a9a8293a0b5b94a376b00cc3af718463
SHA256 3bf3bc3c726bc16f55f3ae3e9aa57bafeed8d5035f9edd144879073861407073
SHA512 e009542b022394f6ad821a5c7a178d00f7edb0ecaf971c5e4bcbe8e83ec151d8d10fcbbb258cf88bc428523486b86604fad767714a63ac751f2ee74d0909a91d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\11460ffb-6113-4edd-8a97-4f0daa6fa87c.tmp

MD5 ebd494bc71f506c1850eaaa4d81af90b
SHA1 7adb83e1abfd505a365678e8e8b897b7a837702c
SHA256 92234a4e3d401fb892a6cf6881554cd9ba7257fcf0eb165101c995ad007db778
SHA512 55fcedc7aca68cefb4a8e4d00f442862142ffcefbdbcd9d7febe15ca36f455fa1f7ea354c45875c8aab0e0bcccf7e757b310a4aa242638be2759c7ffa5260dd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b0d016c294d4902d47895c6534eb2a7
SHA1 9a4331edf07c577098a029040748d71fdfcd2872
SHA256 2f43d4c78c09fe3c4bed57423bfab3b792d202d2ebb40fcf0d3d1309c78881b3
SHA512 cffb08d07ee9a340b0569fa1685baec7f7980ddbb9ff73a00e3b9517f817a6e3277150a3c4ddacc2baf1105fb2bde035554c8cbaaea1f1c6ff58ff142b8675fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c33ba694058a9942fdfe5d473fb485b
SHA1 419d6a3941dbc21f8f4d6a228535acc031328ff1
SHA256 e349ec0e5d1927962f1abf341d018cbba645acb1e24c6d77f9482adb9bc25a72
SHA512 0f8b6bf1ddefbb2d66ebad403cd2780875b7c1df02bf5e56b25fe2459883e8611493a053486a4089fcee9170df560966cb0bdb119525dffb4390fae035b3f2cc

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fb6ff73380f1480ab7231dd0a990bdf
SHA1 3b170a5156a829f8b8d403242fa541d068bf9dee
SHA256 9363daba2e1382b020fb90081de2fdddfe1cafd4223de90b255fbe0a69ca5f1f
SHA512 72b3655af71edf7b958b4b8ca40747bbe9b326483aeb24007fbdb75d76294905e746121d170c571e5e4546cd2c72d720c0ede01c9a698fcfcde8d9deb3d6472e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\222\{9cf0c5c0-0521-4eb8-8b5d-ad89e6e734de}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\100\{38b19f97-e943-45af-b741-4b332c545d64}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\56\{7ce3d186-004a-47a7-a20a-e3a88fa02d38}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e080e19e1b530a81b0095298fca83f03
SHA1 634d411a5981bedd75695df9707ae81e1a3ff46d
SHA256 c86bc3bdefb04b77f4b954a14fc1bd0a4851ae65c986ab995454c665a5a8c3a1
SHA512 8b1a44fc432e5f750f732972d9a9fd650117ea2f4ef4a2a4b4de7af946e7f6930c509e1dde9dd851cbf777ed71ffc8c12892e10eaab77a0c4e0dd7b1c8d71be9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 623e63ef706730c69eb131861ee470e1
SHA1 88f24a4810b856f7113c8947cd59d07943d4d7c7
SHA256 7df65868b65cdb00279ef90d2a16720316a521af0b1a95d83067b2cd463471f0
SHA512 9c45354d874f855fd3dcb99b7fd4513e693f06134db788cbcec6fcf094b08969b90a4769d156b77ecef023b4d75d93d09dcab877bfc1330b0fd897ae323849d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5a3cbcab3f089994220680b6380bb20
SHA1 59a28178f98b4524ae8a445ccfeb5b0c7f0f519f
SHA256 ff913c506cc2f73ac4e60a393e4ba5953c66d2f61206a0dcb30b7785c28228cd
SHA512 89424a888a0429eb2dbb322f1e22ceec78fd68bfc4dbe9168bfabefcd6eed59709afed0cc82bfb84797d30f7b012a8e16a896620d31a804c6ac4b2059021d94c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0a2644de84165feba2086d72d6a9b86
SHA1 65f11937cdca591b411a2b26805c98d3b6cb21a4
SHA256 6db81a56363888e50bc06a2755de48a4baf2a5e68a66804efdfb3ee686300624
SHA512 426f4040be3e84c5c427c68bacc6e5a9542a407b107f23ac781a90aaf94008436715585ef07c8c44610c1dae2bbb6f454e91313e4003842da4db360da69e147d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23377b2c095bbd36559490866c84b913
SHA1 737244842bddd8b613d78063e927d24265c5d85b
SHA256 bc061409c7db0e148555cf7d88c1ee38be7fd6691e9a6b004b7187fe99e39aa3
SHA512 b9fe561a9b0e95116cf967f4026a8397aabf27c80d937c11a60bdcca06e1a1fc0a27df41c9a027957601476d9d555df1e6905937a38a579b9ba5a36f7293326e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9d448e30ac9567ddbd1f982a58327f11
SHA1 0769bda364b6186cbc276de7aebea6aed1b75d1f
SHA256 c008e626a6859cedf05a0adf0a3588a4f61caa2361fb7c0788cc415bcd96887a
SHA512 5ea58b0d8872c3e2981b16a92c05fec9e2b71a709c410c740679d68a3b5137eeca61d1fab16e48501b0c58482f86070250a445dcded9133d42fb4b365017e9f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e7478d55e79b8298d852e1ada2365f7
SHA1 834f764098b5dc7aa2172b88c0bd63e0534b66a1
SHA256 c7f573d57712088e520f27f9d1d3ee5cffa54bacd106e551394a52d481532355
SHA512 083a997793344ca37b793d47a753681703f255ba43b7cde02b73c4cec24f67edad82b97d2f36e2589cebcf3bc8a7b4e55268169f7c87f2c5f8e29257a961595a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3a3f1046c57a98bec14e49366b397696
SHA1 efd9811ad286c1750111a1d8036a3a9da5c95084
SHA256 63e0c56bf91fd546726e7663f7c29debeb98dd29a11d9325720b56db06003c0b
SHA512 9ebfcd42c759b0ada0bc94da69357b8df89eb202880e3ce32a3e54d602688933f17770a2669e70bb9b1c4e3a2eb908d2a6c24380cdefefea1b22c8b31b08bfee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 35d8ce47e7a9c72d9d6c9221dfacc232
SHA1 292d37f3cd84317cba6aac8e3173923e137872ce
SHA256 273bf3e50e9c04e7a4d5eef6b3b69f58e85d04a3030b510354db645f5e168dc7
SHA512 4c0e44d07fe422e18579db5bcba6ae30f8999ce2e1ba0395a3210e4b604aad64fca554d411270e1d1f029e7af588e1cabbf0aeb929d8346e30518e51240bf0af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d82ece0b42c5cc5c43751adc483c1a5d
SHA1 34f661ba597b1923ff677fe9f8b92ef8b499c35d
SHA256 21820aba2833dd3d814c6798d9b6f2713739b41a5ed43e41bb8a3bf0f5ef6f14
SHA512 43d691a630de9ecd9f65fc796dfe24f92f3936777c789672790c9faaa992686ce853320938e700aa1b652ecce278ec430d14b9108e2b2597ce360b070e193f96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 212a0f92a83b68cffd8fa2053ac14c23
SHA1 d3a0c06cce7212fb398081828c593d950babace7
SHA256 d7f6747a05910407c76caea32774f1231a31b2aeb09c120ec20d978a0c93e499
SHA512 4a63250b4224ef23380e084edc21bdb5b1e1c580f69bfd4b518f348191f9669b3c21abf7cdce474046dc9dceec2cd85f6b61f6597639b01119903e88a72e4386

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win10-20231215-en

Max time kernel

299s

Max time network

294s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519107581145800" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 002ef2ad1d5bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414249486" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{CBDABCBB-8EA7-4A15-9D0F-EA9105DB6D85} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f46bd148eb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 33911649eb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1192f748eb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ff2c7753eb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1088 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 1664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4584 wrote to memory of 2244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2916 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 5776 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5776 wrote to memory of 5876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5776 wrote to memory of 5876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5180 wrote to memory of 3900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5180 wrote to memory of 3900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2916 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3776 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3776 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1780 wrote to memory of 4836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2916 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2916 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5916 wrote to memory of 5960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe

"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffca3529758,0x7ffca3529768,0x7ffca3529778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca3529758,0x7ffca3529768,0x7ffca3529778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffca3529758,0x7ffca3529768,0x7ffca3529778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.0.1337668041\405461801" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {188fff5d-0193-4ab7-a3aa-82070ae07a41} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 1792 168114d8958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.1.1483009087\1663341805" -parentBuildID 20221007134813 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3497e743-7a15-4972-8438-7876244a2afc} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 2244 16810c2f858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.2.1705219774\489947656" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab1208fb-572c-407b-90b8-72cbae03f1ab} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 2940 168153fb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.3.1953926141\714731022" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45197340-17ff-46a0-ad3b-0a79b7c0c83f} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 3572 168161f3858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1848,i,14657625961888326418,1729211799164593029,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1844,i,5082821223988582815,3898024064243257083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1844,i,5082821223988582815,3898024064243257083,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3632 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3620 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1848,i,14657625961888326418,1729211799164593029,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4632 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4792 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3224 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.4.1928897955\517461754" -childID 3 -isForBrowser -prefsHandle 4476 -prefMapHandle 4492 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036e709a-e353-400d-8b6d-3bb780c70fae} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 4460 16817479a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.5.1302711695\517511363" -childID 4 -isForBrowser -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cb1f324-55ec-40df-b2a0-e53981195fa1} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 4712 168179a8758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.6.1284309806\592676251" -parentBuildID 20221007134813 -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc5b577-a68d-4d6d-add5-9958aa9d733b} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 5324 16817a3da58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.7.544951432\1738837963" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5344 -prefMapHandle 5356 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58278ece-f75e-4df9-82d4-89493daca0c4} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 5460 16817a3d758 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.8.1865961750\623996315" -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {390eb296-fa3c-434c-b80f-ff55ff45273d} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 5648 16813528c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5588 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.11.1819042701\1955874428" -childID 8 -isForBrowser -prefsHandle 2724 -prefMapHandle 2732 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {772bf6a5-0316-4f8a-9ad1-441aed0962b1} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 5296 16813fd7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.10.730632999\1908061320" -childID 7 -isForBrowser -prefsHandle 6148 -prefMapHandle 5764 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd458b2c-4ceb-420a-80b1-fa097bfc37fd} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 6204 16813c93e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4836.9.1521790610\452401974" -childID 6 -isForBrowser -prefsHandle 5716 -prefMapHandle 3744 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76774e9b-d86b-40f4-9ad1-aabf9620b262} 4836 "\\.\pipe\gecko-crash-server-pipe.4836" 3916 16810fe5f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1852,i,9098879365823034991,4480515629261525411,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
GB 88.221.135.96:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.228:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.86:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-hgn7yn7s.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-hgn7yn7s.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hgn7yn7s.googlevideo.com udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 200.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
FR 74.125.11.200:443 rr3---sn-hgn7yn7s.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:51151 tcp
N/A 127.0.0.1:51163 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.183.194.173.in-addr.arpa udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/2296-0-0x00000239D5A20000-0x00000239D5A30000-memory.dmp

memory/2296-16-0x00000239D6200000-0x00000239D6210000-memory.dmp

memory/2296-35-0x00000239D5C70000-0x00000239D5C72000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 796ff27ea7013bb0eb3c83d8ef010bc2
SHA1 6bbb6d47763aef1b561cc355eefedbc217cd8224
SHA256 5da72777a7b2dfa96a66a3f659cbbaff2129ccc8e7c8c615a8c73eb9698da01b
SHA512 4348254747865a5833e7b54291db60a1a8170a9282a70c23e5d73feadc9662d4bed88bb348434c9afd6c26c316dcb97a98e29d5a0a2b67ca201212d3d6b42bc5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 0b745633a1577348556d3367ac4c2010
SHA1 21d0e7546c60e618215c375d8d74c3e0ed6d588a
SHA256 9e651429d60c477112b86d7ef9c73e77f9f96a5ceea6d3b7c59c25ff187ff683
SHA512 9c9b9fce834737ba3f0d42162b2f240b44ba739747bbcc28bc1c0d6a49453660763ece8d1113261c3b5a76e42611fc9e6dedcbd76cf1293ca97934c5568c6640

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ae51badf34b4884a775a9b9186a3e916
SHA1 1a20c25d23ff2469f40aa70a260857257c22561a
SHA256 cfde663813750ac4b47e3f7e540a23f2dbdc46e3dd96385d79f35d860f177c9d
SHA512 6ca41261baedb92fcafb40d875581fa1e81fb5859575eeb2882978be5842719f822c238845a1121bb9e07e3e4379b2e6144ce7e045ff5a764d78b60aed89d1fb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d76c3a307ffb4ce501cfd43c4b418cfc
SHA1 f7f036989c0685c55a00cdbba8b8990ed6ae34c7
SHA256 242223527e5ff2b67d337b51919d5f43083864a2980296bf5bce310d4a91468a
SHA512 f350ba21edab89d85c59634f7e0528213099c2499c25f23e046d223946cd52c8aa5fd89db4a1e567bbe39685747a6b5c19f50217f2bc5f2fb999c7934cac1e63

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RBDKH3MW.cookie

MD5 2caf002af94e8caf0f9981f12683a4fb
SHA1 58f89b647f706b0cc8e53b6dc6307ec0ce414cf0
SHA256 8c67a6b83eff75bc152b9be76fa1d1aebef48d5ce866f98fffa14cfd7c0d01c2
SHA512 f36d7c0cc112bb4d74c2b6ece2cdce69e3c705adfef2f88d8f806cc2c2f90eb9ab3f3bea416224df8324c944cda364822b604cd30608267bc15b51b8d689a523

memory/3980-112-0x0000026391620000-0x0000026391640000-memory.dmp

memory/3980-127-0x00000263912A0000-0x00000263912C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1C8VDM4L.cookie

MD5 54f0ce96059d6e33cae271f57cc2486b
SHA1 ae8dd2a4a0c33893653ecc3b493af8e92ba9bee4
SHA256 2d920d1f82a5f75cd69eee2daf3c77ff10dcf4223b427ead98fdb16437f3fe2b
SHA512 9dbd7362f50d2de5716d26b96914597845b0d8b3d48dc86618eafec99a628f8652f7e44465b7c06bc882332d54506a3bcac5b8a5261560b248abb0da0033afeb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0OT0K0QH.cookie

MD5 71f55106edeab3b04569bc808fd716c4
SHA1 f9022860de06753c2e4ed82280200a2a7c32a614
SHA256 f4043adf243401d9f56cd34de5e41a45a9a8c6dcbf4d4e06a1ecd99ad56a12df
SHA512 fb5e0e66fc1ad345913ef1b610fb627866400338e213786eeb216139dca104e74a62ab1693b907a3f3de942e075396563a124daeeea7f956145986f2e7ad04b3

memory/1088-181-0x0000016F510A0000-0x0000016F510A2000-memory.dmp

memory/1088-188-0x0000016F510C0000-0x0000016F510C2000-memory.dmp

memory/1088-202-0x0000016F510E0000-0x0000016F510E2000-memory.dmp

memory/1088-206-0x0000016F51700000-0x0000016F51720000-memory.dmp

memory/1088-223-0x0000016F518D0000-0x0000016F518D2000-memory.dmp

memory/1088-235-0x0000016F51770000-0x0000016F51772000-memory.dmp

memory/1664-243-0x0000018C22C60000-0x0000018C22C80000-memory.dmp

memory/1088-241-0x0000016F51EC0000-0x0000016F51EC2000-memory.dmp

memory/1664-246-0x0000018C23200000-0x0000018C23300000-memory.dmp

memory/1088-248-0x0000016F51EE0000-0x0000016F51EE2000-memory.dmp

memory/1088-258-0x0000016F52640000-0x0000016F52642000-memory.dmp

memory/1088-265-0x0000016F52950000-0x0000016F52952000-memory.dmp

memory/1088-267-0x0000016F52790000-0x0000016F52890000-memory.dmp

memory/1088-426-0x0000016F56180000-0x0000016F561A0000-memory.dmp

memory/1088-432-0x0000016F56540000-0x0000016F56560000-memory.dmp

memory/1088-433-0x0000016F56540000-0x0000016F56560000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N892XQSG.cookie

MD5 7bab0f85843cdcae1fabade6c1bc236e
SHA1 7036b87bbac8cc7b697ee302c2aa0a765837b9d4
SHA256 588879589f169fd678e7788c0af043e8816682ffb377fefb9fe53951bd8e6b2e
SHA512 2d65d0ad7617c504f5441778ca63afd735bd503b02175052fa613e89003a4f6319d06e3cf573e5c7f1126fd295a70d47ba1dc13d755f58fb41cd779aa96a077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 1f140589ed4bd7455657f46cfe4694c4
SHA1 182ba3184e32ede6f559de9e3d1fc162c8a33318
SHA256 af03a04870d13a20d9c26f5913f1d149083d5e9543cea28199df3ea07f73b2de
SHA512 dae5c957a91a70b64a40e7911479227a0a4881528fe89e81c2aacb18d0b1cf49e769445e76117ba05ec00db849afcaafa47b85b6dfd9a311baa938371fee0c81

memory/2296-551-0x00000239DCD60000-0x00000239DCD61000-memory.dmp

memory/1664-555-0x0000018D23670000-0x0000018D23770000-memory.dmp

memory/2296-554-0x00000239DCD70000-0x00000239DCD71000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NG79XTD7\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/1088-604-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-605-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-607-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-608-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-613-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-619-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-615-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-620-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-623-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

memory/1088-627-0x0000016F409F0000-0x0000016F40A00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\90P8Y4FP\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 591e2c3faa56fdd5bb3307027b7a7f36
SHA1 cb7ccab67903206998800533b8a53d794bad7571
SHA256 67df04bfbb4561723fd793681d4206de08d0bfef9e9b680fb00cd1dbeb77100a
SHA512 b9155624c556c77b29fa2716e08b2d32800f0d86360f8e449000a478d68b73b61ef9a30330335a8eb6d76f51950248e209794ca912224e64d153527c632c4639

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\cfxmv1n\imagestore.dat

MD5 b347a330485dc946725fb56accdfd952
SHA1 473fc30a1a2e5c69f1c10fbb17d5f5f8275321b2
SHA256 3907a2b81609ef811f396ce871f85b64ee89c86e41adb510877b0e49fef68a60
SHA512 395aa0205ca03a99fb58489797ee628b3acc32fc8d09bd1316ac40cfd6c77f04917047aaefc87da8775d6553dd0026b6adf4945a6179358127b5b55de278b323

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\W3M7EA9V\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2233dc69fb75ccc0b700f0284dc35075
SHA1 90c82c87fd53f91d3c570206226667e1bf4bc073
SHA256 53010e0d79dec440def67e3372399a62478614df500904f15e5fa709427130ab
SHA512 59a05c96cb807374ce02ad200b349f4a1ef54ff3f70712c77f42fc2bca11eb2f8f0380b7c27ccadd8e0a45e5100563251f1f61b7faa0130645bccf2c381db480

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DLZ55KFU\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K09593RI.cookie

MD5 f30ff79d1f75106af3aaeafbdabdf1ab
SHA1 a9efc18abc1cf5814840282e5a8ace831fdf054a
SHA256 d83860616807dbdf0b3bc250a79fd44850c4ab1d86b0f7f7add89578a70d0f86
SHA512 2b16f6575e9d562f15e8045c54c041694f499e0a2087566e928651759fb9f9febf96173eafb8623f2593a4bcaf782749079ba746b408b4df4fcc67f37bdedba3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YYXIA06L\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YYXIA06L\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\56970V63\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O230GPAR\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YYXIA06L\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 90e04a9adb5cc34d1f2862697968484b
SHA1 f01a35d047d099f43f7330237c0d5926b3bbe546
SHA256 4781c5c44a00ba06d00b952332bcbf52e599f4b8a3ea59cfa90790de8864d6fd
SHA512 49527ef84ae92d37869e80bf8cc27be65297648a34e3699ef91b875a81303f27e8079ab623d714cc5c25c03824d6961ba269a81d1a58e48247bd2e5a22a7aeff

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YYXIA06L\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O230GPAR\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YYXIA06L\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\56970V63\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\56970V63\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O230GPAR\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q6ATRBTI\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\56970V63\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q6ATRBTI\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7b8df9c830d67582e529549e583ef26b
SHA1 db76495c70e2df93ea1bc9a3c3d9f88ed495bae9
SHA256 16d7fcba34724dfee49b2602a17f1f5350bed2630573da7a2db6278699c12f33
SHA512 db6710231b420bc517976bfb72350c2ee2c287c312374caf245f3ddd22e35d6195687f27ba8ce9a17d7d5ce9447cb844a9ce210e6d91535bcd76af73f6a57aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5776_LQDKCYPBVMJJXQOG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\db\data.safe.bin

MD5 a7051bf556e659fb7b4e083d36df19f5
SHA1 725cd0439388e1f87967d61ec26ec8313355099f
SHA256 b45a386231a185e4353a753b356a49b73697dbf400a60ca6d13dbee036e9b1ee
SHA512 14633873be205efbb0008ef56871fd7a6f6ac28a2b4e7089ac28f8f63bc224d80ab73f9eebdfc241d29f04515980f895218f3bf0d5155ebc9aca1908f5fee9a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\pending_pings\7cc98104-30c8-43cc-9029-07592ec20832

MD5 eeb0149a0b02f869889067f9e5f04bd8
SHA1 5c40c93dbccef5418e02022f5e0695d3d444f8ea
SHA256 a0e17f65797fa6604c683fe6b3a78796ed5136342cf077670ff562c1915bc106
SHA512 e73649a16a4fe7cc9ad79b8d92fab23a0032e24bdc9d08aa09051f24c9abaf128be1de0466b2e3aeba6e33c2188f40d18fb547d62b31034fdc847b19bfcf2748

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ccc08c17d5db61f59bd870ac7798e109
SHA1 580fda663ebf64f14ee60350059983236217c4b3
SHA256 04bffc830e0b032f60fa2ec8d1eec83082402fd2f3822c46e2a3c12da2628f86
SHA512 dba81f2016f1e33a917076e59a66a4c05f595fbe8825884b5101dc91d06ee3c2b46e0e85a2f20ca79c5024a0a544d8ab8700a981e16870631881b89aba6e78d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\385284e2-97ae-4e62-ae1f-e2ef9841984d.tmp

MD5 ad4bc2919a3280903f8a6ed86c7e7c68
SHA1 67ee31a1fce5763df1f9caaecbd3d4169ac8443a
SHA256 d908560d1a67770ffc23acf27bfdc1c08905f1532f88a1f83b9c640a302625bc
SHA512 25163095b6d85a1f52821f3b4a6b5f1404a3e011b47ec7500d7aafddc54b8d8a821138664a3d3b863db5bd42a7d52498077c39555b74c97b6a00bf7a620c1c07

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WWI5IL4V.cookie

MD5 656f0cbd9f8e3bcd71b84ea5d854502e
SHA1 1d69977fc425af40fb592e994fcbeda66444a099
SHA256 376dec73ff1aa2555ab939d09f49abdbafb06242427017adb070102f645494cf
SHA512 19b8090516957abbded1efe7ba6ea13ad9ed9032adb08125fbcdeb976e28af688ac348b112a538cabebed1ec2c84ab118b012eea0570390630a7c1c2a47866fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

MD5 7f7c0c1ed17a6d3057d2c188bc78de4b
SHA1 babf06c030b04ec38fcf643470db3ad219dff073
SHA256 636f6a97511e6bc850387b792d8b99f4580cff47494022a9aa90a0dd08dd55cb
SHA512 f36541746e11ce5b29a3f57a2a04dcf9f3ee94da210976173434b0ea3522243559639d2069a3e789bc73f689898bea046be0558cdd077c111d3d327dfdb3f72e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

MD5 2ce74e882cb4abe82a987a1123c9ca16
SHA1 9416e30a2c85a7403fa35f5c09528d200ede904e
SHA256 91e910d26e8859252c07d073479b4b01aa56e5c233815218506e856779849525
SHA512 4975f4a0e13bf6163cab7efd651f26d51276b1ecde3b88fb5f57a6d39392c61e71c1202dfa858dd01361d567ff511646f6f6ea5e6eb23c7df5a20f884e02628c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 a900529a846b2e5d17cb7ed1ed157dd1
SHA1 2aeb02181f0e3e4c03b8cc711e124e591ab17566
SHA256 f8d8fdc7e822b78b8064b31107f1357893f26d4b1bdfed9e447ea566bc4e987d
SHA512 24725b668e6299bc7e7cfd6255bfdb6e3889b8505f8296ad4c0d79f3b5a24ccf24aa49d98f99d3e7ec0776471c37c042c01a02aa2da667f835954b95b5023155

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 b13dd73b5b23001a4107833b9826a728
SHA1 aad3f6b33fe9ef82e4fa1e694e2054b92eb43774
SHA256 1016bc82f69568387666f93bf5b402d5da1312e3fbc869b72dc9d4e522f117f2
SHA512 7bf82be0c353086fed5298b43681d1ecdbe14abe96ffa4b748554ae1e76031161c6e6893ca776e5d99d17f6ef6abd518383c4516a2cf52c143f79a2c871a50cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 701ed9925c5a2cd5408b8133d5fc5ec8
SHA1 2acf0079f457bfbb79ea36876df7c927a805582d
SHA256 c4329f65fc8479914b4fc0f880973ea3025b9017fc5957108a214c5d2d0d02d8
SHA512 2f37062bdc9e13c618cfa7f11c13e1677c669ce085a4d32d94ed12b0cf9c31c5ee5421d1179fef9a67c4f1eaaad0c1d0f594dfb50e4137f607f2dd33e58c3308

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

MD5 93ec75af180918d85cc03ab2ecf40583
SHA1 96a323d299443deb48730fc41941c3397eeec7b1
SHA256 6916984a788929c7026db003b47a3a49c6d7d64ff6d85b492a6efc48e8c959d0
SHA512 9e945df47bd3385b07e7325e1d5631af3fa944df36e711c00015fc72094f89520a35ff9690a465e93850319126a44972291143385bba4612fa51bb77a3630f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 511ba03522e60e5e4bfe8daa863477a7
SHA1 8953b30d3c25ed4129673f276c40c532cff7862a
SHA256 bbc79c4e4554db8f4293f974933b1f8aa823c46bc05ac9306bab6ee58ee82b51
SHA512 15e6eedacfb4292c61fa30940d9dd51f4f9aa287ea3efc6c2cf79db1452b17354733f4afb3e6cf045baf31409d673d72d99c4fb351b32175e92782a68132049d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69d9769fb4526e32f42ad34cc9824588
SHA1 0edf051f95fa93adf6ccae03fe41fc762933d760
SHA256 4a29a76965fa770e3c8210018d1f5e0d1b16e303f42480b472106cd0ebca20fd
SHA512 8fdf23742c7ad13b55a8cc672bd65bf7c18e1d5b7b76760fb0adf7c7464163591196aa380e6f72547e0479cf060ac488193df0b5184620a3c7d594896cbad206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8632c18e45eadcc4abc9a44328f5ef07
SHA1 cf14e9860b6fad17ff8f383f1cd403d3f7625f6a
SHA256 3abaf10a29c3b43f364b8318a3a0effab6d5107bba3561c9b315a6c3d89df9ec
SHA512 5e5bb519260bd6d4a498fde8c198c526dd3ced16a6800d3dbffba2c61e42c26831541cda525dbd6e61e86b505610ec6a84deb8f60e176e7c3f599f8af1d516cc

C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{f9794daa-086b-489f-8501-0a1576470d87}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\idb\2363016543yCt7-%iCt7-%r6e3sap7o.sqlite

MD5 8731be500c01720df251671bf31a84eb
SHA1 c7c5c70f25ef171f9fdfdb0f355a923ec23e18fa
SHA256 041d5471a45cdeeb618725b588d62d6709eeb8f76982f6d89f812096225be800
SHA512 d59bb5b94c41a04e3b79be6922ea91e6eba87e0b58a3ace323a7814fdc1423d731fa732d13837ce04c7a80f775faf6423c9cbfef0587eb442ec940d6936cd437

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5776_422950792\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 b4792714efa9a9644fb3784163b6098b
SHA1 f79ac6f2bf5200b4222d62e6a2f732248e4b6892
SHA256 a4ce31f215fbc250650b043efd33a71a2d890d3e91c69b5f9c465161841bc682
SHA512 ed6ab9d2b7949aab96490fdf7a0d42c3baf1427d416477337cae4fc842df59a645c324ce6187c327560cf45181e106c65fb9e6a4285192627c466e0accb5e055

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 00fcbd3bba2806779b528d2f7344026a
SHA1 a114b68cee6a5da5b868f53470fa7ac5d2177bd9
SHA256 670424300fa1f1adc185c742bb483158c2364cecc3af0833b7edbbea964653fc
SHA512 ecd057cb4f78b7da184b485530fa5f71e2151e745fedb4c097ac4aee2365f34fcf5084f7a19cf0234aa19e09fc70d6474cd17f72f2245a457429e63b79e4db18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 86f0f7da410d4a41fc3044251efadaf2
SHA1 2d689d30f8e86a68001749ec46a8928952d1cbf7
SHA256 c7bb221d2bb70e17d02bbfdb773a2f8f1a4d3dfe137ecc2ad49b568cefcb309e
SHA512 6a6bc8de82a304e6943596c30bdadee1ac75b95a9b101e24f2ec80de34d00e8cbc3c70c6b5df762f151a0ffb1e1a546da390d895a5e5403a899648f1e4557728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 41ed7fca5eec88d3f832c64ec17e186e
SHA1 4183adad8e8c9103bd96a5d513e985728de0cbf2
SHA256 a1a653b471751cc3b3cd6965599c61915eeb8287b06c2c9f687337b3e1086eb8
SHA512 3293b9882e428d486b45f865b976125bdf11b963513cd653bad418b4446d6d735852ef257a0cbfe207767381b23f0bc0880c8a67936131832a547eff915f5e20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582a38.TMP

MD5 b276a2db74279dc88144fc8ffe984077
SHA1 9fc46aecd4cfff0ee15860ff624f3aed7e2b1bc4
SHA256 0541e023539f95abe02d3c2d8514fa59ef0d2a2aa3821bb887482fa87f7ad188
SHA512 9a36ce0f99f68105291f708722fce2104f4bf4d9a8d9dfb75d530dba566fb982df6f44a9b42ffa11968054b55ca899a6b67eb38bf50a6ed62831e125c23d7c0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 66bba0e6b14941d939d7e934979fa45c
SHA1 f042f7746691187a2524eb8bfb3ae138ec96cbdf
SHA256 aba9cf9c1f3b725c1ed3ee82b92257137c7e11e5573f887a91f4855fb2d4b4a0
SHA512 e00927a9565a86b2135749686d6c55b2f355e5cd40d86bfa55a833b91ac9568f22646427242701edf90174d30289fd9cf2aa1be2b38209acfb258467bf31b93b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 652595565e995c5e30f0deb53310eec7
SHA1 84fa30febc506ff0cea0dabcc6cf92d88424767c
SHA256 8be73d5d19a56aecbeb9a881c3460d5dd6ad1e7c46ef852a0faa16d6f443cb62
SHA512 38e3dd295ff0b7410ef1f3d7ec4954d525663f5b4b1bf3cf28970cb7d9c1d736c076ad9469046a2a7dee38053cc0e8d9b5ff15cf7ffcedf866b47e8299f51426

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\202\{3d60e7ac-e718-4312-8328-c6c39f5f8cca}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{f22a110f-0e8c-41e8-9592-cbb0b2b20c87}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{441b6d11-830e-4ecb-b84b-d070d6c4439f}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

MD5 3b835249d947d2bee3be0bdcc1088eca
SHA1 eaec95d01957a05512a9560510b3aecc06e20eaf
SHA256 13345259a4b04657ecd028cc85202a4a86eac6fd91a28f68b46db9aa4f7eab40
SHA512 7a680a128e864f73dcef3ce9d5daa336762549603e9a4234d241f7b62e1c190a4a9f30c723739ea7580c8ee7f73e212deadbfde553cd433040f62195e305a730

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\123\{b2adadae-b659-4d81-ab5e-9942e2df557b}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0f339dff4e5b2046266cc6a320b9af26
SHA1 0876670499e2a5e7a6af099cddb4575ac4997317
SHA256 4f3c064eace930bc0e62a8cd38fc7620062764d70f686ae2c5564df5ba2a58bf
SHA512 0172a8b4890e7b0d458d15de53d3ae61d80d08535df0a58e88965d596e274ea36a8159f6c781e4e0f6320f0c374c9bf86cad49deecd16db69f024caa2393e35f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CAN05Q48\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

MD5 1a37222bcbefab1558db91e11f0a4412
SHA1 63773fbe3ee0e835d0a50ca4138a1553e0d8f53e
SHA256 4a4ef30d56004a94948a95fcff2fc8b74945a226ff15ee8c51c79163b038b4b5
SHA512 4cc1cba28bba3283159d93f7254118dafe979cbec1703b65e33e548ea1f922b62602e7219f3d2b312d90f66a1953c5b4810395ab9262cf136eb68ea25dd12e7e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 e13e4f30a155bba3e7d4a17daa490725
SHA1 1ea82db3eb75f53dbf7434f62647b73e75aa9910
SHA256 9a5bbd8e24c3789360e321e606e72c1ee75ff509d7ea307d3097b2b9d9fbb6ca
SHA512 e703943b829ef721b4b1fb12c52e268f51904be632954247d67e2055c600ac04713982388947a09db7f2e587e1877c098360b29ea1dfe75caf8fb98c5113c7a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 f5671d3a3a59b6e86515610475ac49a6
SHA1 37c879516905870059fdca44e33aef08eb33b19f
SHA256 b02a565d8fdb369feb7f9dc425cc0c951d8d5ba8136bda711325d477d5c05b72
SHA512 c56726e9f331864e685218d5aa03627fa09dc2664e7bea02454b27f19a0bdea4a05a149d6978677127e44687c7a7fb4cdbbeeb47ed178ff90ce9f4db8bec69f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ccce5d91334129ce689134f2e13bc07d
SHA1 e53f600b82a6b1f95789b3e63c4f5945ea60ba39
SHA256 664ed124a28b8885fecaa4edfef2e5ef22b9ed7a61623a36fb37659a7de9259f
SHA512 81edc61a4291feb265c931024a99c7025e263df878d0d2000441062311d073dad473883b029467306cb6c4c76953ac4206d21182519633664a771ef5561747e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ce2e039bbcfa763968de3b35efbd93da
SHA1 85d940beff53944bc1cd92186eabe5f88dc54ad4
SHA256 8f14f3eb1a245cc0ff6c13e7053f01a54be9fca6dd1dbc0493c68422c739870a
SHA512 ef276e34e21513d88e8ffa1a0b068c08c72c3de2e697a5b594b66044342862d42b8927fec30976c25041751d9b63618048a286aa0a0d9d45dacbc9e59d16fd39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0e4000ba6f2f9e5eda72ea17b280084c
SHA1 47c82ee89f69dea959a4ac970a22c35884569ef4
SHA256 cf1d40f98464e7d44a0a5e99cb064dfa1ddddbf249f3b9b7fed3106416eb50ba
SHA512 d560392fbb7e06fadf6199d086944095d3feb62f2f72661b4adcdaecb8d89dc0b746e07b7192aca851d7e10b935f088c10c83df331d0e735b458b7a60dd9efe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b745.TMP

MD5 84e6ab811914d63bc700f0d6d038a0ec
SHA1 0702fbe21cf3f16de9334644f8633ba9d6d50ce4
SHA256 b2ec59d7ebb5f0089a7b4d1195c49d6dfc621b2297cd5d39ddb1a1b8510b5855
SHA512 51e1d72e21b9102d0718a60e962fef6e27b406baac107240fc2a629f565eef99b20c7bc7826f83bb0cbe5d7138f29b42b1c90106b9e9e5cc78fbf6f50baadee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8abedcab38d4c4127a0de1ba14ca0189
SHA1 341e691028ff0817220c2a05c7ca59f29172f9dd
SHA256 4c0d3b8a6e1fee9e610885a39455211b0994bdaee4c8ecc532442ce8a53f2d90
SHA512 d8691c82a3b618803499a922c336f693ff1dcea8e3392a78546bfdcf53499b1bef41dfd5c681be893049c30bda2fef71597e055f0c9eab0f92e716e76cd4ee7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2085144a568ac1cda0cdf6e6ae02bc66
SHA1 6038b347c49e712871c53e6ae4f01f6495292a9c
SHA256 9550b3ce008c0b0d9f8be0c5b55eff412b06f4ea1e11e74c2efc1597cbb08429
SHA512 209f8c345de113a2ed428c96b34a075dff0f481eeefd4621c194d0a82049a933736f3701356c2ee0f4578a480665e5d4fc2fc85487b5d941d1157cfcb7e3bdb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c45adc6c-be63-4f01-aa44-778699debc70.tmp

MD5 8a386d38a835047d36a8ab2002feebe0
SHA1 e54291471e85b34208627d77aa91c49a9dacf7da
SHA256 9faea1560dec1f2940eb4b69afc9a10267de36a27847a7b656c613838447fab2
SHA512 cc6667b73de38b05490c2b9ed9117e1e0fd2ae4f295f5ef7a0c51c1c59cecd5c8f60f2a6b53cbbbe0dea1c54909909775eccb0aae4c6b5f3809395f176b5b1b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03af0449891d5206951fe3367e7285f0
SHA1 26bd1cfb4746bda17c0e8fd30a98e5d97f5df2a0
SHA256 e5854bfd4a81246dfe8c6accbd181ea5b68f099c4730efbaf75f837787660561
SHA512 eeb98a68a4f951e3c6c370de29d8ff4f423db2ca3c70610d25504d1b79b78d13c7ce9e68d5b29861f955373d16974b0e2fd7eeed3c8e84c8f889f1d339876177

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c33788cf595ad26e717177114fa50a9f
SHA1 9bb2eb3a8e85c831bf77c9cf0f58b1452fd87e34
SHA256 ad2333fbbf713912e2ccc834041c3419f93c06a55ed1600a839544170c852c89
SHA512 e6b0662d7e797afa288925f014b32b9e06efdb45317e662a58f602da67640d798e732e180ad9472a8e15ef3ee4a3365d83ca6c0bd6aea120bb1396ae77b8dc63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 410fecc394b9cbc1250576e74a7c7084
SHA1 3f8f626e3a9116138686fd216865f8e1d4d3fab9
SHA256 cb2a00057b01fde3fce41f0efeb5c268e1fce2a6297acae45d723c8caee3f3e7
SHA512 c292b2d44bd2aa19544cb4d04e1395f29567abb8d06d40aaba0d8a159f307b09488be2d5a5d1c595f79889732fc9d20040927f98325a29ef78f02ca88fe5a22a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 59ca855d3d0a75399c900c5da7b8e756
SHA1 40fe546bc98a50a823ad26db996e1a4e28ba4716
SHA256 5e4694d294bcc74744168f6857067558ee2fb999ef5e601265d13c6a4135a849
SHA512 f6fb441f9b0737f240fee2402ae36af1f57f0e05e4f7f60da7f013882d7ed603fe57cb7eacfaaf73ceff41cb927e15d0c4b3ecdc60679be3c9fc9e4e4b3e3bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f0f135bc5be43fa276cf1539d14477e7
SHA1 bd7213909eff10a7df6bc6b1d99ac4c250a5ebb3
SHA256 5c86c5a17db8815d1d0f26e297cca64505e4350259ea33eca3bb1216bef7f88c
SHA512 d672e4b687f3d102abe7ad2163593f531e58556a6e21a539af0ce5274391cf4e56b1922655c93f45dfd64f7d7dd67ba54408ae157ec04adcbc8af34aa751c2dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c191462dd9ec3f69fc41f34edf248783
SHA1 0268c29c1911fa1451b9f00c31c7ff4b66f3ed34
SHA256 d9d5776c34c069eb1c4bed07501f85158ce94f8bd66aa32ff8be188cef46680d
SHA512 96a483ecf0bd5d7571611cc04781339c5da2ddcf434fd6b42d46613ea3c3068c660c8f3dd2bd44c584c74883200be2551f29c10898a7734111ebb106a60c43e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 018c18d75f70761964b84b812480f528
SHA1 b1247834e8a67605afebd196a75fe4ed4a248adc
SHA256 eab5eba74972fb17d7ec5a939cdd808b7eb31f60b0fa90fad628f03e695d7b0f
SHA512 a888efcd71de250b6e0799dfe691f486b4d87dad456588d9532ab1cf26ca435eb3146404611a367300edb62d66d693e32836681d815a653a1c897795173e1809