Malware Analysis Report

2024-11-16 15:53

Sample ID 240209-fgm3lshf37
Target f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5
SHA256 f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5

Threat Level: Known bad

The file f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-09 04:50

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-09 04:50

Reported

2024-02-09 04:55

Platform

win7-20231215-en

Max time kernel

75s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000006844b1b26edcd2905925c5f8867289f7036d8b5dae7a5a5196d4fb7d8ebd6dfb000000000e8000000002000020000000fa9d50b99a3c8dfdb44fdef46d4bce861a82ea5dc36bc018ec47e93d4a89461b90000000055a7a83d96a63087006abb4c3d8522907676231121466869005796204b77fadf00badaccbb95b195309655cfbb02318119757a58af43fc336db5642174fc48567df4859fbd472f48c01af260facfcaaa66ce0e8339a49700d12497781dbbb6a074f99453418ea03f5d49b5957cea0a5a6e40d21b325ca6f6e48c80c2df59f2e9f9aeedbf3d60d790f5b7d56d5a201aa40000000523be5faacacc625227211a21ceb771148d30068841dfce13a3ac1950fb820aeff028f741311bc3d8bd37357dfc6e950665e995a6e0a5ae7d3bfb03a3f6f18ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB1285C1-C706-11EE-A3D4-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2236 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1224 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1224 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2828 wrote to memory of 2792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2828 wrote to memory of 2792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2828 wrote to memory of 2792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2828 wrote to memory of 2792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2108 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2108 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2108 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2108 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2028 wrote to memory of 2848 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2028 wrote to memory of 2848 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2028 wrote to memory of 2848 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2028 wrote to memory of 2848 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2236 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1316 wrote to memory of 1344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1316 wrote to memory of 1344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1316 wrote to memory of 1344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2968 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2968 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2968 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1236 wrote to memory of 2508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef6619778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6619758,0x7fef6619768,0x7fef6619778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6619758,0x7fef6619768,0x7fef6619778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.0.76179066\817695158" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fdce3d5-2754-4ab8-839c-9b00431a8df4} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 1304 13204758 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1316,i,16123222017937129405,6653806074104275544,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1316,i,16123222017937129405,6653806074104275544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2512 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.1.938197370\1096281190" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04067e4-6858-402a-9477-a8fb437a913d} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 1532 f4ee858 socket

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1292,i,1558694756616745322,3137131072411571557,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1292,i,1558694756616745322,3137131072411571557,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2888 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.2.1749485110\350669158" -childID 1 -isForBrowser -prefsHandle 2004 -prefMapHandle 1980 -prefsLen 21713 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bb4ff7-db03-4a30-b699-bd3206e592c3} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 2136 1a1fb158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3588 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1316 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.3.177327809\1017813724" -childID 2 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {977a2f71-dde1-4f88-8750-781facadfd48} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 2860 d62858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.6.1427769220\556402930" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ec57b9-04a9-4812-94c3-34016bb3b2ec} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3908 1fb5cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.5.1326626528\1220012990" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebc14ea8-86cf-4703-80dc-c0778affa1dc} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3744 1fb5dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.4.1075274949\1899791392" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7b5bf71-4e37-4a74-a048-757c5a07a055} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3648 1fb5bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.7.11759964\1355763390" -childID 6 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cf1338f-7d1c-4aca-ba76-4244e1fd2385} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3920 204a9f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.9.1338939841\697658211" -childID 8 -isForBrowser -prefsHandle 4380 -prefMapHandle 4384 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba407a8-c078-4f0b-ae52-d6489233eb01} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 4372 20d6a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.8.2777846\1050878454" -childID 7 -isForBrowser -prefsHandle 3840 -prefMapHandle 3760 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fdb6e80-2e51-4f53-8af9-69106309ce87} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3952 20d69858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.10.893828261\1457710093" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 3020 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19cbddcb-3df2-4956-bdab-863ceb155921} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 2820 d71658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.11.1682989779\822313418" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4796 -prefMapHandle 4820 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff142d4-f041-43c9-8cd3-f16ca9b8316d} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 4824 1f59a958 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.12.1195882070\2017277578" -childID 9 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 664 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fe22922-6e13-4563-a503-19749ddf6e26} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 5068 1bdd0e58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x234

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1376,i,17970319499184190289,15766355188002647342,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:50125 tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr5---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.202:443 rr5---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50214 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c1.gcp.gvt2.com udp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2236-0-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB174881-C706-11EE-A3D4-6E556AB52A45}.dat

MD5 a7d4e3b6e616de390e742c4608f33f85
SHA1 40021c0ccdaef647ad17c88eca949c472ee83d14
SHA256 c4e9f2ede8822b5e1f7108cea808d588ca09b780ac1ea693afb23c6b62b7df49
SHA512 aec6c5fe27023f4542c439f1799e835350d88e2f56eab4d5817f74c410aa26215df260ff9636ea3a0c506969dc30521f9eb90aaf7aba05387215e1ed4b429e24

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB1285C1-C706-11EE-A3D4-6E556AB52A45}.dat

MD5 cfdcdca7f3b3c7f73a024a8208b0e9b4
SHA1 845dfb9233d1bfef554d047ebf300ebdf215d2b0
SHA256 3a173c460e6b6b7b06d69cea92525dcb3371b144ef2ae70fdb47a5a06d2f2bfa
SHA512 056a8707fa590e8d010304bba891be50f37789475888be887d7fc58f7eeec704a4f10fef697666ae571b5fcbf0c2c8b7162714d63eae8f3335b006e79fe6d0d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB1285C1-C706-11EE-A3D4-6E556AB52A45}.dat

MD5 1c1190f3c5bb2631c3f380f16eb129e4
SHA1 6e9a17374f72245886d82c706492936699c48b09
SHA256 45de583f1372061288beedd0b27b5a79a93f97f4954f2dd3b0902627e65094dc
SHA512 d96e4de3d71fb577666408c003f3f9b942a7be232b0140bd6a3bfff0d26de99a1891e429c4914a46a10967cfd120144768f90266d5cdcc690496c0efdbc5d30d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4b2ace4c5ee26d017f951fd5c0a661
SHA1 0a61bae13e8cd2622a7212a1b90c5ba7e939cf41
SHA256 2d0d4d27f21f9e6893551c28b559bbe5fb7c91578bafc62f3c6b9ce35285b70d
SHA512 247847938fab76845790e646e4575eb52551a2a913cf33a537f7bb6fe99ea8722c9b2690bedff4d89a6b3b8afa8ef7f7e56d99e159a6b4749fa356d9b9cd6fd0

C:\Users\Admin\AppData\Local\Temp\Cab148B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar148C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc5b1b01ffb20a9ce88e8c3a07ed6e6
SHA1 77843fc542c0063630cfd012a2d84f28af54ed4a
SHA256 a42a70c4d41ef93ab13e584762dcfa9f54cd9e00d847af5b3ff7c7e5330aa806
SHA512 ac8af14cfe8e7657275d94bb79877efdc5ac86fc47c10e57aa9d717171f278bd8821cc657015b1333eb75100455087815550835363bf5593b5980be2141c8da0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB174881-C706-11EE-A3D4-6E556AB52A45}.dat

MD5 b8723b8175ea16ae1b31f23e99fb88d1
SHA1 567e94c1de67a13e304cb9458b27e2d32fd74400
SHA256 7c7e2f689e3c8d6590d2c53797a472fab561c10841e729df12027a1e8fbb5a3e
SHA512 9455d0322f3c7b2c07a792977dfbbeb474610142c077ff64f9dc97ef5aaabb0828e1dc4667c6d29922d84069ab1cdf3fc2040b016ffb3fae04654caebb37e974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 03a322e7547fe4ef5617cdd9faf9f330
SHA1 24f8e66167934c30020510363b1faf55b9fbf5a1
SHA256 d0217da1050c21886aa1ec90dd9e970d27bfade782fc3c4f10973ddc456c8375
SHA512 0988b25e819e82bd52f641978b860409355916eeeea67ce182c34ef3b4503ce02ce991a152b0426de84bd8cdccfa74bde85621835c0d4b9e23f423c4c367355c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b65fd83d30da8a7dc638c68c58f36190
SHA1 22c2244c54aafcec6f4c16902dc49dcae669fe8e
SHA256 76132c1a44619302f5974ce90dee534d315774cbc75883a9cbc679cf648978a3
SHA512 c8952f5109ed2df4d0b758ade8507029edf83fb5ccfcbfd3b616c677156afa0fc5ae7b2060fdad3577fe409d2b004bdfa861fbd308c8d6517108c4bb4f3b6346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce9e37958708364e29e13a67441d4970
SHA1 473d741478129f28a1fc80a08282e0c41c70284f
SHA256 77dc38e0ec7b90de520fda215230ec418854ea4f2f1f53a6e8ac50d1e687885c
SHA512 f13ff949628529c98544bff334f0fd2fdcf2f570d5e0a65793ff00564d3d6b062543d7a09de84d1994750bd8b083c8e689aecaab473b8188a635e8ef52fd3896

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 969158c1ff92f47dafcfc9b2e887bfa8
SHA1 b7f3d007c0756b231c92f15eca35dc4e2057c6c5
SHA256 724d5678ff8770b3f157658b87f71530c10ba3431ce3b9533d7d104f5b024667
SHA512 eaade2b43efe2152920ca15c82bd59dffc9ab945b3127817d2a47f6779465caba37cb363e0322e8fcf9e028c246eb7a43cc6b8796108d91cc6564238c5bc3fa4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 790028cdce186075cdebaf53ce516edd
SHA1 c15c4f82e69b3117f67fdd851f3fa2765776567e
SHA256 15e58fd410c024d83984bdc7a7ebe880221e8ae8cd15833c42dc308f15cc4ff9
SHA512 e0b9856481932d7451e49829076866d4073dcc55acf52e3bae92643d3dab04eeb631fb40554fc75a2149c0631ce518d453128a6b463be3f5dfca95cf48c70424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cc9ae4ad41ccee932510753010c1f829
SHA1 cb8013de1377ba5b9685d4d2a4a89d1c972c52a4
SHA256 4c67f9a655e6ee40dcdd15f7f7f9aec3fc6e4c0226ebbdabe15bfcfb87874907
SHA512 3a4dbe1f232c94021034a319f288fc763d1a0c44eed5cdae4602727852fc1390aa49fcb3590543d55107e83d4bc918c3adab397d54bf6948760ac2b3db9ff759

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DKCLANM9\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AA5H1JTL.txt

MD5 3eaa1672851a323145b387c7326e9daa
SHA1 1d9ef413785f904bce76339c537b482545a29daa
SHA256 0deea00758e67b20fc7aa25cea0549defcf17e480d06df0861e754a02ae2e882
SHA512 bd1ba1ea947a9923ee648d2feb5c4db4945d43575a9167beff7eb4234fe09ba6cfd4c22cbd8361a8b936c9a7a0315cb8e75853cd20b2115980d04b8443f448f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 7bb15797275a37f551bacebf82916196
SHA1 2cc7ddf176723db1f8ef01cab87a409b459fe520
SHA256 9dbd85663df6c67393a2644f671a4fb5d5b43b457e6b78030e7fe71c514c0286
SHA512 36f7c57639e17050f9066828459e3be6e7522b472365f367469111cd91ae9b70f8be726df3281398d21f5b469241f71856ef9537cd76ba14bb5ca7af8fcc8174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9913b1c5e0a5ead62ad953b1026ead45
SHA1 8cf68e1949452c2b452746162b8df2bbf4787825
SHA256 4b7fca9135bd18ab96a02534392b6e48c1d2c307e47482accf3635bc8db563b7
SHA512 f7496dfd1f0bab7580b32d6182e6258324541d074d0303321d518b9b61b4b89b9c8378618d2181cb71af0ad52c2478b10ae210797d2552da583ea37aaa5a1f56

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 3e00382d5743162ba22005c1b730d5d4
SHA1 b5da3103c75c903d6556244eb794cda069665114
SHA256 3c90915ca2cc3de73057555dff1c4603fa0c16773fcbf34dc08ff974c155ef1e
SHA512 9cad817bc487bfd57e28707d0d3186a67d1a42ac258b46c84319c6a3717671f6f3f227184023938ef880b186299b97c00bb2e3b33c9f178fa60a112f185b29ae

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c17c0f31adaf9aff5c7fa63b026c100
SHA1 fdb3214ac23516e31ef450f0fc80e26ba584b886
SHA256 99c65b905403de0608688697143adfeaf2b148c4d1019cecdae4455e1b8e3731
SHA512 0287f303e9f5763f4b143aac018aff072b50c7a7c552077e87df268f9b48e02bc659e521043b5ec43860d05a33cd471593bd68941cc98a62b76b22f94060b1f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a9c2af570117eb99dba38e63cf724ae
SHA1 f28465a16a70366f279b58fa9ec47b7b0e02657d
SHA256 a57c6fb7c782096d9893c400631818a9facb54e3eb085842ed55c0cfffe00f32
SHA512 a49106bd6424803bbecafdb3e75e7136dd916fe9bf4517ba8538c2bef827ca470ae42eb60b730971611c0f6dd82cabab36576d22a19512e2d1022542fdab9890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0dfda8819f360cb224d84b3afeca76
SHA1 c3c58e92078e7352f58f6a9ef9d71d16deea085a
SHA256 abbebdad03bc3884e2b9920693b0cfb6e958c6e52a81ceab5ae9b2f93acb55f6
SHA512 63568342099ce5f94092ae05b20cd864d9c69e007b8da2fcafb86d56cd36e61391c1906d2500e6b1a127331bf23b94c374899517672902cb37a519e287e5b914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45ef611eb2ef8994f3f0e91c58a3c457
SHA1 9e788a998c2bf530d07d299262ff35c2b2a25481
SHA256 bee83ebfa84d019263711f5ed72b3114d54e81662cd3e3d04fdc05c6346ac881
SHA512 38e15cea157d1cc3a7144cbce368d8d70945ff3bef29073e44dd0847bb27c60d98ecf8557d65711f04d8a116b25c55129f50fb2af56feb4ee886df48b8638b6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5a358f0435680299b3eb7702fabac07
SHA1 3d18a95a39eae299dea544eca8bf535560fa3760
SHA256 5d48fb59692875f709581d8b3be912d3926c7fe62de3927f34b6e95125971d49
SHA512 a40ff81d835a3b84256c3f2fad7ee0d3107716fda965076019ee63c7d09fd85c047c4354a16fc922053a718cb091d2ad0407e31a0a338672ff79b59a28c5b1ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1282fecf522adc25561dd46e4827e7ff
SHA1 74063032eac67db447710c06580ea72e0725a1f9
SHA256 ca78573aa7fbffeaefde69ffc98c578dd315461091ee8b1f7016daaddddbdd34
SHA512 005918887e7b8ef5a456ae9974d751b0593fd9996da9ec1da8f7528a0d41e698bbe9feb5cf571ec28d3a2e9e899a1ddf062210c9cda89ea6ca1df1149943c327

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0440ee9ef1c8fc3b02b9ee5e70fee88
SHA1 983c639adb8ade70b5159869e97fe56af5ee5e2d
SHA256 9c4af99865bad302283174cb0315c7eca46f74ef7cd1a4288fc6354e09bf5cbc
SHA512 3c7cafe632c8a5c8b96c97e65a5bb8bdd22cb2a1747c85565eb3425514edda03f28b5f8924b6cb4503f465323be0f38a5192c0523e0cabb2eeecac5c46b8bc07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55cb523697caa5bd9d0b02dcd911929c
SHA1 cfad452c31e8c35a56c538a9c395bd0f68549113
SHA256 2520f4a4b7b9e3a0a72eca1cbe7ad6b8d20d04dbc56c138704eb4cb00c040750
SHA512 e8725afb71c7b5cfe930103a6cdfaef0eddcb50f578f8ef7edf5880ead5823e89a7b7daf74b565eb6598a412b715954d9318edf3b93a9bbe253db47b0fc7b7cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1216f02f9baa3324b9fd5831e872989
SHA1 8023434725ad8d13326c078009a9178456559cf2
SHA256 b999b86141e0f086cfbcb4485fbbc7f01685104942dcaddd2a3a8df49e8da3f0
SHA512 361a6ddb4c568106ed9e7ff3c27020893702ebddf04bf1608e15544b83b7f8d5542e3b2e5a9b286456e3c3c93a46783d026af4d5a2f778d8eb2f0f13f5b19859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 902332020582e44ece0ac4fcb6199d7b
SHA1 25956c0a860a168b9de0e71fe2dab03105fc3f51
SHA256 22b88fd0a3c9c6636923d5528831e0d7dccdfcba2d100e5c1b401f314d804ad1
SHA512 8e132ae7454d5fc11d96f9f8761ccfe0d78b7c3669673b7e32a7ab1618f08a25ef66173afd38a354e44640ee6c56d8775485d6bb85ebb0c15a886ec1461efa58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 888a6c7a24723eec59d25267b254c016
SHA1 ec6d343a3feace4dd8bfc514fbefe26e5ca04dda
SHA256 82dcf136be14caa6b07738ade466a7a0bb04b6bf84b4032cf2338150041b0c94
SHA512 0de37e4466055dbcc74b27432e05f555e867f7e23d3bd42b5afd93f9cc2cc23eb9990bcc65e5f6bf3c12c373b85cfb61ff0dba4dfee22c7fef76c97deab89fab

memory/2236-823-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2984_PQSGUFDNFXWEYCDU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf7676e5.TMP

MD5 8b998fc7ad8019cc92cbe8b12dd05141
SHA1 2191f9a46fde238babe773161c1aae540f4c119a
SHA256 ebe3d2efee6cb36efc76cfbe00620f46926183b7a3fab386f0b83745c7308195
SHA512 f43e0231044e92b9f025aab912574f045fea672372fdc8b66965cbf6478362c1686c7c29e36e4d88b94fa03d53e907a88662fa0de0a2007af8d991c9d6c28606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3dbc8a68-0fe6-436c-9111-017b08b6f82d.tmp

MD5 155047c43eabd1fecc507c3e23c4cdd3
SHA1 5447e1a1c907e4d688181c6f493fd94319628b9a
SHA256 06a7ad3e165d7cd16b4987bcdfdd652b4814a2b7a1db0ffd17c34c95f2bb385c
SHA512 cc96a0ea6a18a9ce8a2725eacd1a060f51086ebb5ac40633847e9dd778b034f3896c890e18cdc0a99a26a8186e480a7feeb9ff98bfaeb2784799e1cc19513544

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 4fe528b43e2d27f36bc50ded690f5b2e
SHA1 59155bb5c6c577fb2f27b13a95cb20b9ffcaab99
SHA256 7e53950ab4514aa82fcb32737106f0d865a12ac1dc39fd5fcd721df9652d76cc
SHA512 ab5ad6db3f1c91ee584cfb65aada4528076702baa79a6d88290240d5e46849fc847097be869d26ea71e5a5ae452eb757c0dd9ad74f44388557b050e9ba165a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F3C4B5C13BE4A7A2C97DB5BE56C6EABB

MD5 a8a7b2db2eb97837a2a9783c21ecb514
SHA1 0f075dad3800cd9c4ddef94aefe5ff397a994a41
SHA256 1c5b857e05b7db440d570b46d98ff94a0bc476449a569b59fd6d17f1a1625bf1
SHA512 6349bd8202f153a1b7f7abab15f4974aec7727f54e29bbe19600a8b0a8210d6e4bda584b1c8961f08de3b09435473c3b9f4e972990c28f74e963b6787963671b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 401b26033d643e6a82d094df6b449c0a
SHA1 ccd9defb2ba41a5d88bd6271089480758c84d3f9
SHA256 93766c5aeec337f8a8c910974a7c6a3ad39bb7bdee7eb6c40d840968037cd9bc
SHA512 39857c58109e7846f0798b1dfeeedd229805226aaf736b3ce1ff4c85e6f51e96871de5dd30a0a0ef4487a48975e10ea1420e8fa19eff61a1e32abf65f3046ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 cfa66c2d975908cb9005e7281f91aad6
SHA1 6cbad741e833c6590db1a45d33e961000b24cd03
SHA256 7f799265a6515431dfce0bce0917e03825b2519cc9f0acaaf38543f44233369f
SHA512 99e27c2d74dcff27e99630dcd7a3ad4c7a01dfca58a405c3e2a73221318534d4dd2fd0ac0b0923069e8e8c398fd1b80a984a327d9bba9d8152701d23e13c6152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 d72df57b68ff95b50d5149642aa28115
SHA1 88aa84904ff8bb6bdb8a3f876203bd8c47a6ad8e
SHA256 f834bd9693074cdd441774ce8a7d849f81ab42b432667e2e7ae8af4b4b85017e
SHA512 3215ca4ad6845b6f6899e8f43ec3d809fcdcfc6b7b739e444c8c529684613424895546087e37c2232032466b8b8953505aaab0765912f51c13b1bd357e55e566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1eeb46d7378b08473f6c5c1a9701fa2f
SHA1 f61424645c5324df9e352c9f39655fb81ece4ed7
SHA256 8167bdbfe66ef9da5c44191efdf78ac9217e8811c970253d6d0197fcd91626e2
SHA512 24ea1170bc926248c871fd4bd6ce81b9f9419e7d111ed21135a91a22cf70dc814df32e0cc45497ac1d55ac9d217e5dd86c9cb2fff75abcf3af5aee63511fc592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 938a95656787a7e9e13d9a1f80026b16
SHA1 8e3048c8eee25038f4d4709bfb0eb619e03d6c9e
SHA256 31dd45656c275727b0a761d0f2dfb7374a276885e66409b5a8295c1ced1a5973
SHA512 4b6a1964b39c50d44297b092889a595fafacb73acb69f0f34bb3d200a4efef68e215d3f0ea789cf3309497a8da3cc664e07c99058f044408388f0495639f332d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\d9bb0f2f-8a33-437a-a5a9-79f90dadf459

MD5 c61d4b55ea212013adcdb11537686db3
SHA1 03b7a936666b1c78fec6878062ea98bc742604d9
SHA256 c48279aece93dd34f44543c06af8d5138e9acd001c24a8b352792fa557e3de4d
SHA512 ee4cbb7fcc0d30b23586acdaaaa14676aef519b39ddf3dc786034cb992ddd2fc564398ef83c14941b3fdf6e04068f6ade17eac31368fe8b1ad8771ed7eec0046

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\6e63821d-0fc5-4edd-9448-c9283cfb6e97

MD5 6f2b503b165bb367eccac9f30042dcab
SHA1 394b0f8a29fb7ccb8224bdf62e08526d8649f66a
SHA256 20579aa3142847d64251478ed2b0f3c402df4e8b1dc9a7d7bc9a78c1417e3d49
SHA512 7b28170f9a1ed38d241a88898c8a47add3955d06f9d9b086da9a354fb19cb120d11a21cd5e92cd6f4ea4589582071776b66f6d4d3c958efa745d3b7f4e69937d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 23f889cce7925c357bdc590714a6411c
SHA1 72d591e9ded9fcd80cb634ee9efe94b3a0e9f337
SHA256 54205d33616383e2c7ff935a8f4998d57b0dea70ac6e83cc3f363e59aceee3e3
SHA512 431e201e1299495d405b14415b2627e15ceef614b350d14eb70aae8c7d82e4439b3cc3d2a38a71b01c4f486c12418947b72916b1177a97c309700e132404ed72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 fa6e7d96c9297a3de7c1a648aa040afd
SHA1 00929a74f8038dbc3cc930a118b9f8fb6675685b
SHA256 ad58732bf5a0b1ae3d6480ead421978dff9bb949d3fbb7548b4b40c3e2c28b0e
SHA512 c29da769384b3518f13879de4b8ddb3d690b15f39a729f1982b79b3c1e91fd4b4df65556bc32faba5f1f1b0990d7900d2b1c8881262b613ea6c8262ad39937e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 cca1562342c2d9c4e50c74d7f8cfe6ec
SHA1 9d6691f1903152ec4b09f5cc5765c3e75d4bc090
SHA256 9080f48edee14b8e1bb41311ac91cc9564345e061190b8816e67b8f6fe50cd3a
SHA512 8cfc475f42d14f1fc4d7ab269c316e91805231a1b060d259d749dde85e3f5904cb3aabbfb1d9a1349020b7394a632ceccd75b3d48b98f395a45ce1ea06a9da53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 252f7478296c7dd7f1bc9a3e565bcbee
SHA1 5337a298c6c4c40c953eaae280d41d7e27a5e90a
SHA256 ef4c81598c062863d4fb0651f04365affb0ecd95b3072173391036234010718a
SHA512 2a4d23e8ee3c93cc13dd9a1d28752c1f8472878e4188071870600836ce82367e51db9844a066b0d60eec08127f8032dfcefe4759a218310df34f721585e71407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7695d9.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b4375fd69f6939aa1a40051762d6fc1a
SHA1 9dad86623d8213c0e68f9b9eea189f2d8479beea
SHA256 7e6b8fc03d73466f9148d3d681af4acd7148478abd9ab81b7937a6dc45b8ae3c
SHA512 3c99d749f9133b1581812edd509698690be49770f8333576bf4ac88eaaae91e47990da692a269a00fdbc2b66224d9b5ba5a2ad306731826c48dae15966b14533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9bf56603562fabe89e46c088212a81cb
SHA1 5fa8d1e94f85e31ea4424e661fdef916deb6d52c
SHA256 92b2236a818bcd480b6866230ff6e770ac7d6c72a3653e05ebc0d29b926fffb4
SHA512 0c9b4f0d2ab6819e296cf7660b2a253e3596821329534f0bdf2f9eb6c913d716b3c1910d14d9a5b153f902283ff303a9415587208809c59d39952028f4d8cf79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\92\{10f85955-0cbf-44ea-98c9-538350d6db5c}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\1178519577yCt7-%iCt7-%rae7s9pco.sqlite

MD5 c1b6cf601a0ae4c4998f4bedc4eeb4b4
SHA1 5f2a09a749e4f10c0ad6a01ae61e27b323961264
SHA256 abc8fc01f5aa0d1216ac27936ed49b4d77cea719fbc83ab7445575775383821e
SHA512 942e609305c7d3e02c3844f51f28b44884c973df17c7d9246264809039c6d97b061c71c71ff15b6cd81180e2ebf45582ce3974c04ce5e5dff37d53e881bba88f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 63bd5bd0263fbf67bb87d67993c74217
SHA1 386da2ca79725f37c64a92aeb53a3ab4090ce88b
SHA256 9d287735e87fd9c62e87d405c59dad9ce9905051aa7c6e51530abbfca07e0284
SHA512 168a5fedfea2c7ae541d918ea74ca4e1cd7628d5e8776f7cde088f446ec687791851114c8fad40ad6f7ff2d5c75dabb5f41773c9e961fcc554457ad2c9224d11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 a8e572406e566cf566e23b88957997cd
SHA1 61132fcc95d4f2e9e79d941a83f76800c7652885
SHA256 ca4e75ae03565ca5553cbf9b2aee5fc2257c9d00fbd1b2bdd9e94d4055d55f1a
SHA512 6144fde3b6e97bf03c8de10014bc16059ec9b5f4a0c3b4e49fb18b2323732475a8b7e90f5f3c3a10da3e0e0616013db421205a59a75293f67a2e0b065a0b7180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1c3959ceef24a88ed184902efee495f
SHA1 9ae9073d5a789a82f2d06158a8bea3d04b01a61f
SHA256 d7dcab4f5539ba2990289b5b2a08298b062019b95934814720699bf0ea3c6b10
SHA512 04c11208244e257036572655c66552930241cd522587e8587d645e475dd1653b63fc9746f9f53055039a0ea8a71f033b4f0f491c0a9b504a1b194614e04acc16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 53daa1a431878510817b6c8c842aeeca
SHA1 a0409d88ea1cbeb3f80f47d2a0263fc4ab9cb1d4
SHA256 98c9311376335c9370f2ce22326dc688230339cd29227475a2ee4079fe5c9ad9
SHA512 4a4af1592b1b800a0387456065e0796b7e37a34f4d65863ffb2691b0be96f5ad5b57772257c0bc5ac1d737c56202848e4d8452321e5cbaf4cb193a24461c9127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b8bbfeda7f97078821c0623a75a59dfd
SHA1 2e74addc7ba43ee58a9e2c12ca76401096d8a569
SHA256 47cd2695f3705127fd37eecbfdb4994e328fa04937adb53624848855048eb381
SHA512 76ac4388abffe5c64f1d5b4e1f71c4c88df2ff8c61027056935959c41cfe97899cfa374884a718a64f7e52db82822f32d553ed0d7864d45cee4afe140665d084

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\233\{0d0ba6fd-79d4-44c9-b965-af19018fb2e9}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\195\{409a0f95-7803-4755-a066-784851cb32c3}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{6e28034c-ff79-42ec-8199-0d9348d11096}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fd87157b-c006-4244-9852-c99bea1f2fbc.tmp

MD5 f799923890ed8a43f83ef282dca62c1b
SHA1 532ddaee064cd55dae32a6faaf63c1845677ef6f
SHA256 8683ec474151fba363c33f7d2a0d55fdc9be81a0c412c9ac6e4af1e14ed89aa1
SHA512 956056de0992e23c89709592e9b4de003f34d80650a64393a18dadec2aa92d7dc1d46a11ce1ec5a0f50de5a6ab6bf6763a65cdc5490d41ef89053ae36950bab5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2e891ca5128d994c8cc006718307fbd
SHA1 e8c1e59f433858d192e525bec68c8f7b9e7eae5a
SHA256 262de852ccaf389b95f6d1469e14b02d313808dc7f7ed7c5d32a0077e8f105f1
SHA512 d755c651fa05f214e5ed32ec59778c6f4c541007c48bc8e1e825a46af8001080be5b283b6821e8660cdd1ae14827127c088440c785c4509fa217e2573a5d5348

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b9aec3a08d279e299a38c899007078af
SHA1 3743639b2ade8ea941caee730c4c2e7bde26ec37
SHA256 67b92848de8c828f2fa799acdf682c35617d6a2367b6bc58af200ace1c37f1b3
SHA512 f445b31f14722f90bc16a7ac46ba01a1daedb7d2f35faa6a1b413181acea75c14cb70dad1ab1b33a2dcaa495e387d612925d9d7c4d68156e61c0034b01099f19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13edb9ce643eda89f5591776d9e88566
SHA1 09a1d75f6b3cfc0d3f20ea5fa23fc7ee6c04021b
SHA256 34ca9da6b244e893852abde48f7a906b36c7165b83acfc131d8d95ff5f1fb820
SHA512 91c253d425888abd754e0d9c4140477e46e9720140448a24df13a07bb949c0e690fd66ac80bd4398299962a88bb4fcff974ed904447c0cbfdf4a2cbab7cb1d7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e925d2644b70a7480023b749d0b6cfe
SHA1 60111f892c7ccb35d73e61fc261edeca16075a42
SHA256 b1d4253b014a45f8431a9ce75ed72f93f5d43ccd1f95f0db44b93eb056ae8d6c
SHA512 2a6346d73553e512af94c86904f728f747ab6ede4518d8bd6cebdc91eadb0f4a1f7d4e2243fa88430011731d30386ea6b2412b7dffff454fab8f6ced75fdcda9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fe3f9f7e2bb2670fa1e8ed94209fa20
SHA1 f156bfe9fd91d50fc299c383b908beddfb6ec19b
SHA256 5b662786e17c5f4c602504c1ce06676de77f0263ac15593ece9959eb00d4a35b
SHA512 7eeb28cbf48c1afad718e185a59260167bf1d63fc7392c2d56f6e3dee10ec07c187b48842a1e72bf33ecfcd06c65a770e50dabc0af08d7660d83a0a52b15309f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f300040bc62f66b88f668517e782917b
SHA1 357e2851e3c7541ee98c18ae356beb7df13a1b46
SHA256 5d18062fcc218d9ec743c62a0a3d347aeb6db66feee4fdbe7dded641322a95f3
SHA512 6479e95ae9f5c0a241adbb0700b87f49d167f99d7495776fc274de5614619cfa2cc31ae31e7c3843445243b1a834297964ccb2346ff695aecf647bd2ff5b3bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39619ccbbba6c831d65cc7d7d680f2eb
SHA1 de97f8a43019d3bfb18de5fe92a9f915fa003727
SHA256 f9aabd5ebc15f46284a2bf35c6f36677b07d3bd152a5d05ed6e9afd00c4ab6be
SHA512 d092015929caa031cd67b2dc7af47e733e927bec503c11981b50bcbc42f8892380c405432704230bfe5b2ce0ec7e2caf63d3d9bbe808ea2c3562d5a984bb53c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b6a82d3e254f3b6576bdeaa9fe81a84
SHA1 107bfd52c5368ead2fa0d1d48845b7797e7e730e
SHA256 8605bb9259806a9e260b7047f855b38bf860bf3254d7d31bb05bcebba37218f1
SHA512 181d2d679b3de86770c100511d04d638542ba82c4efde383678c35016925f9da2465a98241ed6ad5449b6af0a08199b84658b683e5b6a9bf2e3efa1010d9ce27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bd03a39fb40d09ab2e065e068de0b7e1
SHA1 602e545ef38b698acd186746dfa8380b90a15ee3
SHA256 1917cf44f9262cd4a4efb594402d76f6360d86ab3899763caa447bca95920336
SHA512 7a1cd26d7bbca1466360f4c2a9dbfc450bd6ae8837a92c90653ee42235765b198facfda968a5bccb67c8bc29a8c0ccccc95d5d061f4ae0515828257fe3c5efd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c6ce31f6f57cea5f8c7cff761aae97
SHA1 678ce86038c5e53113883945b13645b3b13bfd13
SHA256 1ff30652ddb3ad767b733bf5daf008ce028fd2407f16fc108bee8d50ff0eb2c4
SHA512 1ffc85b574ffea2f090232b66a34ed7003fe9832c3f1fe4f34a48ed28eba7c96fed87b70ea568927f8732e516a96a2e34d77867ab931a32c27247b4eb5baef9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 231a3932235d83d459c14f177a44a7dd
SHA1 431823e8785d5acfb5cb5eb369be03d001b8dbef
SHA256 721554174ad2cc372404bc4bab5e33d11681a960bbd9eb5401174f683e07ff61
SHA512 49d7bcd02d2f0b0d54ce5a7eaefc069101801ebf31b43568926385b1e0a5fd525e3de8e9919e70edeb79117c34c2c31ca55ce77fd1593009a2b0ecea5cdb2285

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b309bddcf242ac07392d39acc6a1955
SHA1 bccade6f5d9b632f30d4e312b5f86c0d5bf3b6b9
SHA256 072675ba54a604ac2f241e463424f1d4d4eb3351e39d48470941c08af9b7f436
SHA512 cceec0574ffe144decfef9bb424312a78c3aed7297eeae74ed60c9020da178aa825d1be341f74d6f88241cea2087abcf1d9c96270b71a206d3fdf2316c45d6c0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 94b52469f4dda7b7d9a3edbd7e14c6cd
SHA1 d3e64a12bf1f0970e025e6fa6c8c362f87003455
SHA256 93433317a034c2d3f60d4e1fa192a605bd6f35d830b5cb677013d5e148d38c64
SHA512 43dfc79dad1d1558f5786e0a55077fe4fcb20bafcf3236d50a168e68e6fd6017e00532435bc530c94287f01e24d16947e3a501f22c52a3516a05cf97b7d5f64e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 1cf986454a00bfa69b61b147ce73d046
SHA1 37a75aa9bdc88e6ebff01087ddc2a91ccffffa62
SHA256 14c1a5a1adcb161966dd747f45906ce3f3bebbb20de148a1f416a426cd7172e2
SHA512 e56d8938de8ce1ea4fda1575c3097b7177971edadccea345377fe7ee58d955505f207324930eaef988922506699dc4a4ca6f33cfa89540b842d4c862463654f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 64a52144f9510b1e08a058166e82afe7
SHA1 4a39fd2b7a1e8ddc73dc9c18f11128cb271239e4
SHA256 b968f4a4231c678ace8ede06e6b40878440c68134fc84a510d30431b40f553c8
SHA512 10b257a5c0ded474ff8c674fc5992ec53bbecc330543b3fb837837f846866ac3448fe830dfce26f561c807681331af2d6509d3d83ef076644f11e4ba5081740f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8c36bf6d46858791691536f6fde91afd
SHA1 1cbf1e86fbbc5ed1dfb70171f55559ff52a393a4
SHA256 20c12dc6ae2a48ac6f9d1879c28d6fc335eedcc90f768919b10b6daf92afe06f
SHA512 6ee00b29e4f9f881eb96e6eae7fc391bc9e148fe89524b01b59a2c3f025457dfd7a313546c93af8f2dec2b02f9419432e528aa1eec4bd39d1b8f7453c8d3c8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a638d6f0049901a6bb7dbabd53ffa01f
SHA1 7e62c68dc1d7c7e3524c602900d9a186d609fbb5
SHA256 687358747cf8e45c040392ee6c920dab07a5756e0c14fa0f4136b59b289fdaef
SHA512 64c4798c0592c6df15f25c0a0d42c96477f3ebba6bb792221d42aa2b49cf63d408b9cd28fdac98164ab8e2e56abd066de2d86004584acba0eadace94b8d43bc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2f3dde3afe73cc3f2aa70cc5f6351e1b
SHA1 308e3eaa0b1ae8cd1f4edd82e87acb214067ff53
SHA256 10a5bb7a597b6c64b668fd566ccec060f63868efdcf1c22acb8a3f2596ccef38
SHA512 18da67fc1e348e08f3f54319b1f3796128104b2291961d7d3840066600203891756e0e5561f6ece8c5e2be2096053973e07b89e862aef14af1c5080c7a66a222

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c177c401dedd830949052b4dd017d727
SHA1 20bd173b0a865e6776daedde1c7ee093fee54ac0
SHA256 4095dc64190e3418dc0bfa690d9cbf244ad713b6b71dcd72234e714ac8d41c2d
SHA512 3c8566eb6b9f74417ce78d793271ffdd89da26d353ad6e945c2eb8483989723354264530021f354527d3ab4891c6e63f0f01ef932b78c0c9ec38e7fb9f845885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 325d4ecee2a8d8ef379a25a6fda4dac9
SHA1 b64ed2f32c22750e960a12d6580f83f5de274f24
SHA256 9ffe1aec2a2c0fc37694b16e0f5bddb9da5c12aa2e62a59045da96470802cc41
SHA512 aaffe44b94a1981c51c447336d0912bcf19f416881f12e2fd18ad9a88a798d6f17c3a1893969789f29f2ec66d299c146b0a8731644a3bf6ac1d6a34dfd8bc4b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d27f1249e0827b4f11a27be7f09b356a
SHA1 1bce3e9bd96a2ac3d533a568c0bd09422b6f847f
SHA256 45d7b8e090aedbb0d0ffa684af362e7e354c88d9f3d1c17c70d12b04091d4db4
SHA512 29d3deeb9298fb651cceb8ffe7ecd7e79efd75f0925d725612e6e4c4db4d8efcc1b4fa1b2d81c7f0803f16840d26a5b351b5249de5d6ea0704fa5db8cb7ecff5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6d7f86a746536fb99fd73f355a2f9ad
SHA1 3b85c743f6627293ea15f6e37346f438104c9005
SHA256 5b27251d2e586bf2483b2d4b0511cf117078597b6c76d2c6007a443a2c0de941
SHA512 91f15a86a7e0277c0689651ce01be4c17c27539c5ffb331f7f3ccc853fa7fe8d81dd3f28d298e6600a2a8ea4b8015544c35639a62b1d9823ed35bc349bf6cd6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5f603dd616c26a8fc0fde5aaec2402a6
SHA1 30370387c19cdd68580a2242548acc3d7b0ec461
SHA256 6268445dfc4de5a58acef57554867bf50a993dc0b3d84e11e2520d8bc7c00254
SHA512 bc1be762c5f5b09324b783524cffd07fa786cf5c352028d44a527bb7fe4890ac1be0953dbdc447682ac468e132eb1370d02db66d4f6db8d3e403fb2330d49e39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0745113f6a3d6941cded7e58ae387913
SHA1 97c46f9f02c05944aad40ab99e08235c0433a269
SHA256 64160263c6d3f868b55f3654843671003d3a09c3cad7279b1af8c231529a22ba
SHA512 091689fff41c21c77ee76d5af7f54b362fe7e34cf6f481723e2272b5e595af81aa06e994c064aac1ac09216ea11dc6a6ce708b4f4ddd26e1517561fb85e10910

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 de0fd9424fbb1c6749c9c2ec141144a4
SHA1 3b2a6d7a1191d03f9277de196a4d17769e1d42f4
SHA256 83053f840d329464b3d821dc21381d69a085b8322dcc5acec8ef08ceca13be1b
SHA512 919317f32a30e37fe32c39d2eed4f62020e92f9a3eedc44dbe4bb789e0515508d144d804c5d3076ccc3aebec7a50390071f98afa62a786da524f464ed4ab38e9

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-09 04:50

Reported

2024-02-09 04:55

Platform

win10-20231220-en

Max time kernel

299s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519280599035697" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413616327" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7eaffd90135bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = b09482a7135bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4020 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4836 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4836 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4836 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4836 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 4836 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 3172 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 5340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2860 wrote to memory of 5340 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 320 wrote to memory of 5556 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5556 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5620 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5620 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5556 wrote to memory of 5628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5556 wrote to memory of 5628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5640 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5640 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5620 wrote to memory of 5652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5620 wrote to memory of 5652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5692 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 320 wrote to memory of 5692 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5640 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5640 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 320 wrote to memory of 5780 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 320 wrote to memory of 5780 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 320 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 320 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5828 wrote to memory of 5844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5828 wrote to memory of 5844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5828 wrote to memory of 5844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5828 wrote to memory of 5844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffea819758,0x7fffea819768,0x7fffea819778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7fffea819758,0x7fffea819768,0x7fffea819778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffea819758,0x7fffea819768,0x7fffea819778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.0.620620013\1252814867" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b32b9ca-9c98-41f0-9c47-aa87bcc275ff} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 1800 1be1a208a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.1.465573159\767075537" -parentBuildID 20221007134813 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daab6995-b738-4d76-b5e1-d8c10b7305be} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 2208 1be06ce6258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.2.1170208289\2049847285" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2780 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00d663a-ea38-4674-b76e-deb7cab7b54c} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 2864 1be1d309158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.3.1725969020\1156756903" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a10ba27-2ef3-4746-94c5-884b5459cb4d} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 3492 1be1e475e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1832,i,1294236745982527990,14743082470761724075,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1832,i,1294236745982527990,14743082470761724075,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3688 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1764,i,15997208557022079855,16806918999494705102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1764,i,15997208557022079855,16806918999494705102,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3872 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4692 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.4.1085107334\1495740443" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4652 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7143ef-540e-4974-a6c3-e339b4f75aab} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 3968 1be06c68158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.5.1464517784\1429705502" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4680 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edf0c118-73f4-42ec-b184-c226b2e78219} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 4800 1be1f449b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.8.1412197772\1676853536" -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d56bc1-2de8-4935-a5f8-35fec01f6af4} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 5664 1be1c133858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.7.1604349396\747342491" -childID 6 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {549af11a-1dc2-4f27-b707-405616877cf9} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 5576 1be1badf058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.6.1103368762\1794585046" -childID 5 -isForBrowser -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4c0376-382f-47e6-843a-d30fb149f92f} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 5348 1be1badd858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.9.1737487743\1744839295" -parentBuildID 20221007134813 -prefsHandle 5772 -prefMapHandle 5868 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {501151a3-6df1-49cb-94f3-46b0595b7dde} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 5656 1be1f1e1058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.10.692987053\402426215" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6004 -prefMapHandle 6000 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c26cb911-fe28-4fc7-85b3-f19c3ee96e8f} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 6104 1be1f1dfb58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5780.11.1067845742\1137250756" -childID 8 -isForBrowser -prefsHandle 4396 -prefMapHandle 6264 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ec38e3-cf27-4098-a3cd-636f2a2cc222} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" 5564 1be1fcdd358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=812 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5708 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=2004,i,17417944988304926740,8180047738141213514,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:51128 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:51136 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
CH 216.58.215.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp

Files

memory/532-0-0x0000018CC9220000-0x0000018CC9230000-memory.dmp

memory/532-16-0x0000018CC9800000-0x0000018CC9810000-memory.dmp

memory/532-35-0x0000018CC96E0000-0x0000018CC96E2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 304648c0f673ccc0e3e2b12fcbc478b3
SHA1 6f5adfcac858e94a5813087822a613d4061224bb
SHA256 240ec25431f8f76bcea0ce57d83fd91a265a75f38c37489e249602f6bca69a62
SHA512 a4ec9b30f995f9fa54f57a6d020882dbd9105db1460e194ad7ca3fc8ec3f33625af6842585d62148cfd0e1553e1d41677dc87d3a6737d99a8d1292f1917c2a21

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 df86ae17364e0ab9851dcccdab77efb4
SHA1 cced832ca8357536c356eef9d1767970033a0528
SHA256 4edae5075e6f7a545ff929e88ff18cd9e1903fa6fa523d4c30bbe25ec83ebbed
SHA512 09977277f3052c8866e9db4cf5f256de02601dc359ef1a07efe2b488d74d8e07f4132c6c4757488f32e82b4f20cf429353dff7a5357c25c3a1b1b4a2a437a84f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BY94CTW2.cookie

MD5 9c49a7bfaf437915ddd50d278f199b90
SHA1 8bf7b287efde89686ca308df7ea339a4afd67801
SHA256 51a8b394e71b7d2dc37a62597f2f63149521407aa258ad33bd7a1d7b2022b183
SHA512 992c97cb668f62a88f811b55b33cb961412fbc74076b61326901960c938cf715a2c4167b144860d2f47f68b569441ccf2881b3eed2d9b6dd137543b2902003bb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0N5PJLWS.cookie

MD5 cf3a363e45201eab83b6c05a40fd2c77
SHA1 2af0edb2eb6583a1bb6ba2cfa5359f406d126f92
SHA256 4392bf4e400e1a2341bf170b52087602c6a1f01871834f05513ebbba1898b0a8
SHA512 46e0632920eadbd58a2333447146704a3fcc337205491a9b134b55c9f45d975aa48ebb39191d9a6b7d654070646cd4f8a67a496c7891a4170040abca1af9c6be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BBLU85WP.cookie

MD5 a28681fbca8b45984c3c80d437b2fe2b
SHA1 a1828a484203517419faf756bfbf7712ab6a28cb
SHA256 3a369da52e50e3d321eb521a3f5a24248f7c2e4b85d5863360e4ecdceda1f064
SHA512 31385f4915a991d97a5668e806c674fd82ec5277b590883085abd83b38e0192eec9d23ee9de9a9ecacd1cdf31e7cbe535694a73e99a040f672e69af0bbf3e13c

memory/2060-116-0x0000025C17230000-0x0000025C17250000-memory.dmp

memory/2060-127-0x0000025C16CA0000-0x0000025C16CC0000-memory.dmp

memory/4020-173-0x000001D7503C0000-0x000001D7503E0000-memory.dmp

memory/4020-181-0x000001D751070000-0x000001D751072000-memory.dmp

memory/4020-191-0x000001D7510A0000-0x000001D7510A2000-memory.dmp

memory/4020-205-0x000001D751430000-0x000001D751432000-memory.dmp

memory/4020-213-0x000001D751480000-0x000001D751482000-memory.dmp

memory/4020-217-0x000001D7514A0000-0x000001D7514A2000-memory.dmp

memory/4020-221-0x000001D7514C0000-0x000001D7514C2000-memory.dmp

memory/4020-226-0x000001D7514E0000-0x000001D7514E2000-memory.dmp

memory/4020-229-0x000001D751840000-0x000001D751842000-memory.dmp

memory/4020-235-0x000001D751860000-0x000001D751862000-memory.dmp

memory/4836-253-0x0000022A9DCC0000-0x0000022A9DCE0000-memory.dmp

memory/4836-263-0x0000022A9E140000-0x0000022A9E240000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c0c11ded27499d96a74271f85865749
SHA1 d76b8b142a4e038de692b60b33136ea734ed61a1
SHA256 21ec16addbaddbd4dc3f55ac1fd0b9c10e1b88e922639cfe02361061b829acd1
SHA512 70ae1c38bf1e2ee7c8a8cbd17aa61762fafcad578218aa4f0d53a982dc8aa4adec394fcf7d19838727e1347780e8183f7eb3e60d998ef953ce83970ee7aa78d9

memory/4020-352-0x000001D7556C0000-0x000001D7556E0000-memory.dmp

memory/4020-354-0x000001D7556E0000-0x000001D755700000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N0MOOOGE.cookie

MD5 483836427951341feb923c80cd5cee02
SHA1 ebe2bc82fe9584f0bbf40cdc7a918d6e5f0dfbf8
SHA256 f9d7492224c4f734da33a03f1acf7534845c0e063a3efa793cf9ce76022e4772
SHA512 38e8b679c4a307cd6a0e0332868862f229d61a101599eef21dfa2b7b9b8c25f1e5e357aafc42db92d3230a14b4e37259dc26baa227dec2cb2ad0b3d8754e7884

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2DZ9UJ9\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 105b3f9292ae37d232dcc476cfb0ffa5
SHA1 de0b3fe8c0e50ac65fcd50829100b74e13e6ec2d
SHA256 5859659ef9f7e9546aef5887bbb2fc31afe0a8712b3bfda5f1a3c3bdd3da204f
SHA512 da56813afbaf86f46fd88576781d769789234a0bb634a314d95e316e81c63b0ae7b581463205fe4d3f27740951159cada34b2de85590ad56abde7463a681ceb9

memory/4020-505-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-506-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-508-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-510-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-512-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-520-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-517-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-521-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-522-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-523-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-528-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-527-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-531-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-533-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

memory/4020-535-0x000001D73FB80000-0x000001D73FB90000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U5177D9K\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5f7378678d291a0f4cba2e0672535a24
SHA1 d58cdcbd479c6c5426ae8bbcad3786f51f77d396
SHA256 a6fe37f107fc69c1c600bed62c1aeeb9c3c944a4621804547c166fe7f45d0927
SHA512 20196dc4e034ac56656c3e8c075338871dd049af1a2cf38f9f7420a6998697c74707a9bf7c66eb9920a3ccb525c47087b000f8bb5bf245469a360e5142473a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 dc7c485d42916c9a370325e8bcfdfb37
SHA1 5bdd88aeb9ac4018c135ddeb24b09b27b6694cb8
SHA256 d39adaf57a44a6f1d3d020a9803ecd356ff0e6683441d312500f5e5425ce54eb
SHA512 6ad4207516702dbb6e82b465603b5066f90ab59f04bf9fce9c02808a7936c12f6b3462984fb4881e97b57d09604b82cc8625c4bd224f11e5aa0656c174674b12

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\6r4fb0s\imagestore.dat

MD5 87ff189fa891b1d0741fa2f38ad3cb8d
SHA1 a626fbfc7bfefdb93fd5b7b1d553e5471574847e
SHA256 e010ce9020824f05771b87552c58522fe37ecda990c3ba78af08f8c8c8b19e78
SHA512 3069152d1450ea1e5c7ea3dc65e2903c1e79c844e6446882a0f53fd4979fc13ea4ccbc7487dc72a19f4cfb7571f827aecd7c84b241ad4245a19c37da1504a6bc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZOA023B7\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZMP7KC2O\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\US19058D.cookie

MD5 019228afaa6005e5bd17d6aa616f9e92
SHA1 739ddbc96a0f78545dde1aa45979323f38a3852d
SHA256 a627309012f58c592a9a17a88a59173f513e7ce845f2d2c45252184b1f645f5b
SHA512 aba7c964dfd305a372128e6407f4b49cd8d1f7f31f713bf3f521b046e10763b882d5c860c251b5c943716f28473f69994fa1ff0ddb192d8868fc2a83f9e94f22

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U80N40VF\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1CZLRQ5P\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U80N40VF\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1CZLRQ5P\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8ON8EZNK\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\763MGXOY\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\763MGXOY\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8ON8EZNK\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8ON8EZNK\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 4c3708c943cee705064dd7ebe0e61c57
SHA1 9488cf0c55d45dfd4e65b752cb13d848817bd09b
SHA256 67dc43b3993c03d29803b3250b1f9a0d576c22a39ae85cb7ce05fdda8d263838
SHA512 76bba0f6e135e069e4cc92800c8a4f8ed787a43f22b36a80b855c80035f06e18ae9dd5b1b4aaa6ddc11995e260196a9474c15765981b62f281945a3585697cb8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U80N40VF\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 d055d2ccd6318ca9118591a583cf400f
SHA1 f64ab343db4f220ba7ec627a470644d88048b513
SHA256 ec9acdee36707b79496f94969076d10f4e5c5bc30847e70ba40ae8a67cf58854
SHA512 394bd462ef007f6c3de8f02e68bbe36017f38e6931d5d93a383c930465a9a9b2e6ffb46fe8fdea91c283b0f6547bc5d3fb18a8e6b17f6b5ef0231c1c47f20fd1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U80N40VF\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1CZLRQ5P\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\763MGXOY\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\763MGXOY\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DC4WJTEK.cookie

MD5 903a4dd93508a797d27a962ab3fe3eac
SHA1 9692ba19c36885592222865cfc16a2175b27dd87
SHA256 fd6d06d8f211940e676ef9119affbcfa9f249ca1ac6980a94d75dd1f900d523d
SHA512 23cac9fc5ab02b09f2db4806966fa445278f788208c60352ba00523be9f810de2a915e3a6da1a95e3ab99ae84e414b0b23daa3f2b5e4bbf84b6629952b5cfb05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5556_PBXKHBKWZTPKGXYK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\976eb295-e520-4be1-a2af-56660c13d684

MD5 94c2c88f81d6f40b2377b350f05e7494
SHA1 6c7e92f7ae8a4264443b5a473d35eb2a7a0f949f
SHA256 283e1d8d3f459771df2253ac2921557ecae12eb9766679b5620ec2f583bc436e
SHA512 6006632f93326964812572545acca317824fb8746eb9afc75ea7a2fd027957b301cbace297dda9b371a397e2b00e19b4c3138fa15fb4ba53c199d3f1c3880cf8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\d9ec791f-6d5b-444e-a83a-c0c1339ec5d9

MD5 3d6bee29735b003ba265d4e21be9ba50
SHA1 7453686facac913e63367522913762561152d12b
SHA256 8e1bf17bc394c26598408281e909a883de1692a982dc5c070ce49315e627b4d3
SHA512 e1071ecb5741d51bdf36f06132af8adec21b7b9011367ed1121e866b36666b84fbe957fc4a9e3da5957a9da4163a95c34609073fd52284e357cd76d50524fa29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

MD5 4397ee788ecd7ed0ed4693469533c24d
SHA1 5a22da22816b36efa1bbbf4103b825942e5c9603
SHA256 94caa9c048ae20300b11315af51022f79dd69aa8fdb75dc44c8a5a563604bf45
SHA512 724ace8b913eb9ab430959f5446b732fbda378b0edd48cd9ed80454d03dab01a3cc0f06dcf91851162b3b78f4ca6c506752e4ad7542950f33decd22bc1ea8862

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 50e5e010332ba90b2c3ac3f1a7396a08
SHA1 5efc5c974244ff351517de0c991986c4bced215f
SHA256 1f9308155d4874ed187035e5f2f606bde885a3001e585df6e60b921668c3ec8f
SHA512 b58c76c1cbc3c95d727708a640216e428b7af5333a3ad507779fc3d3ae9013e4d719a2fc5efae5fece2c681bb2577f8de2fc2e890d6325940d075dbc9ff450f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 04ac1526c28f459f555857e0f3c44205
SHA1 44a203e260237efa7ae091e009377b5137537bab
SHA256 92340f0fe1440e0b7734ade639ee4e3172ddbab8ffea5a4b60a7c892f43c487d
SHA512 f81fe911f3d4179a915cd9463655599cab5cdf14940076e0568d22a98618d776f717c05b09af2b0e54879e15ad39317d1c3c62f8a7a994fcf234aca4c777d3b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 38f88e478a3da7c7196d57de979d27f9
SHA1 ffb44551493a888da607a76b34942c5ee1401a96
SHA256 e85534c3a77d93baa7d41150d626080ea9123ea78088fcabd59a1101209e35c3
SHA512 694c2363de98bc369429f4f82ab9501ee1df3d8fdd8939076c66daf4c8f93de81a5e75d6200fac54d45e23f47008f44dcdbaa5233c068851bd8a8a268397daa2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 7a8e5ed5d1d012b99ddefbcf5756cba9
SHA1 b059a6485867619860947404cdd29dad86677760
SHA256 e939ff7da05d847dd9473c43f052787374053a7af6aa8ba58de4e10ce59d14f1
SHA512 21e2594298e08ce59fe00bdb67c01257d1e7fcc99ff0cb60396843f5ef983f1058a6eaf3cab71f698ca4051c3f7675ea1a4f52c5cb77247dbf8efe5f48668187

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 24ed133451e03fe5e3ac967c62de8bf0
SHA1 dbde9259fe06dee2562d67f884313e3ed7f9e3c4
SHA256 53baab11b18e92e6ab0ea6309a394daec492fdd6cc525fec1764d68eac423ab0
SHA512 19e201c5fc861ad7bf869a9ce74a7fae5470e4895828107da7e5ec0dab0690a7a80281f85dc5f7b2efa0bf29eed76292e37126374b0413ee620fe4cba4142225

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 1655fa1b7a5cbebb7a0b8212b5ac3a79
SHA1 724ce887fbcb063c9e93f0fe88fbe4a15ab51bde
SHA256 87212410e98eae28ac96e69ba79edf52c00aa17865f7633169f06fbdb49ed45f
SHA512 1e2215b0fea50c9ade572a53a3b4870d3591013a4f5c9b6bc1c09b8f929ae5f76e9efce39b804d648838d85419ed57351eddd1374bd1b3b42245669ce2894179

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 cbb9fa5f7d5c6af1403a9fc5a4193b7a
SHA1 404e22de676cda2f827686795df2ba55155e7311
SHA256 fbc5ac4f51b3a5edc014e785b8b9ec42e309e0be964fac5c67ee07a30a3578cc
SHA512 e3e50bc382ca00f87121d0c61e339a04610127182bde9f199ccf2131e8e164609e6520840a08396115cb8b09a68a04bcdeefa4c021c4f67edd0d1a3694c02ea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c9bb0d6c294c378a3f89885810c0857
SHA1 c0c99e12f532eb0d5d45dfa49f42ab9932d7f1fb
SHA256 2afc29d89efff16adf6879a22abe2342cf389c9982a8e2db9726217875ebd20c
SHA512 0297b991f63b07a38a51e733ab5a28c44783f5cc3f1adf12f251f5c6a27b157129bbe014fce869ae6b00e67e98b72b21a765e83ffd32a616ae2b8a99514f76e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 dc87a69337fe691a4b0060abf7afc172
SHA1 948c29170709a12e170bca748a6df66e71f470e5
SHA256 db3572a3b0a7422216f1d9031e7f53fdc55382a5c2c23883e94417a2d0fc98d8
SHA512 95dcc0867543fd3611cc083b59c80d95a00c281700a53dbd48e598ce24c614b91f68ef697d0692960f3b0fc5268854411b049f981b26f5376ee3fcf576d9961e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70ea4fae6c03a72b9c7b56d806a8740c
SHA1 bc802acb385922aeb9fa7ab736397f7b47fc7364
SHA256 9d5b9ae71c440281e04042f6bb883b2c2cf2e4ba95ee1fa86c4b7b6df7b89753
SHA512 5ac20986ac189bc771d29cdc2c26f470afff05893790405d9a403aacbaf1cc443eb8a912867563700c3bd14412a06c2252627ccb588676ff2948cd8dd8e4c729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ed9018de74a26e85efaeb89ae0d9ddb
SHA1 f1df733fd2d7ec9f3107e2d2e43528ccef953d32
SHA256 6df352055f7ab47adc2c053ba9bdc97c4454332aabefd0eeb0e9ab76b9a4a40a
SHA512 59f8cf2fcdede743af8f537c1e3d550cc3b3eb2a3bcc5882396384380e7f20d0ba154bc09112caf8b694797ec3a7309eee560b06f6b702cb75e199e6cf2441b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\30\{c8d7cff8-a887-46f2-a6f4-348218d0f71e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\idb\4186925567yCt7-%iCt7-%r3e6sdp7o.sqlite

MD5 220e7f40cdf886e9352cd930e15eb48e
SHA1 9db0223295a2f5147b29e0890aeebc9855ee44e3
SHA256 bb61dc89aedd9084c492f94371b864943e4a815db411306c005d8cc72553fddc
SHA512 02dc580a2dcc625c420be296531970df47b1902ceb932b20fa37fe6c5a626890b5d5c9aef2591c35b48cab308825b0b7360145b0d13e840ddd475c856b3b4527

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f338ad55e5db0637d8edcb37f68d708e
SHA1 457f905d9d18fe2004f2e7d24e7f5bb9adf41e89
SHA256 81dc672fda213c565e4e338869801857b3bbc480aa5213aa679edf4722f9c6e0
SHA512 4b6453fefb264681fb40c4696891f74df254da0286ec422a78717f8cba6c6ff4f8f88fce4ee41706cffda27b55c8bf3988a0279ee77551c90c477bba67f9ca84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5822c5.TMP

MD5 67fe2d22abc8aeef8dca126915ad55f9
SHA1 ea9d58c3102ecdc43deb36f1334b61eaab9734b9
SHA256 7e9886da2c3fe6aff2249eadeb4fd28fe652ed20925118bcdfd43249650a1f7d
SHA512 99275e5bcf6fcc193daf03b2b7bb24852dba277fb7cf357cd68c67856369928cc654b4b196f29cc5f6fbac5ba94ca738d1ef17de6f7d9f4ac439bc1987ddc53b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e9fa54ef6880fe5e070434d4651a6230
SHA1 9522156b085c1be72ded8f103df6ce2482a31318
SHA256 f1a721202806dcb527dfd4291d25d11a76ab816ff9f98c8c5137a3eaecda3bb4
SHA512 547689f1c385f80c05971af3282d58e422d8472368d2f99d4db7a9624781f05e482d38b08981aae6f80a24cc02c0db8415f5bd77c29593d5e0e1808d591cb783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8994352394ba3c895bdbe7dedeb75e80
SHA1 48b6e55e1961e9014c82a963a413476f11e3490d
SHA256 566455163db686a510fcf7ff0c9986932f6784ebe30e0e6f98c18f70c304b94d
SHA512 7582751a1c68f8e661441025b40371f9f90051b7fe0fa2142335ca47c6c87a1a78c04b9389907c415b9f53d98487b0613ec459057e77180318076b797615cbd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 961c2cdb000d6c575905796c7b1dbf6d
SHA1 e26162bfcc52dd3beb79776d724daa4ccfea04df
SHA256 1f2e20f8bb75b9819c4bfd86858a53c016118540fce0f9547ee5a89f226bfa58
SHA512 2b1029b65fd6e821f4d7f5da69fc67997d74ba211adeed83136ababdd97a2e347cf01715c0d75e15af1f3629e3b400db85f06b6d2b2ae1d25f79bd090a8be7c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 79c8fa9e3b379096434471f0d8023fff
SHA1 4a53af16a9120287f33d98e84a8c9821ff108fba
SHA256 07636fbb600cd3b131867c3e883018492de8f94b219e0b4158f6746da8a3f948
SHA512 f0089059fb3edbfaf3b98e0df38ec6e2e8c408f30d64a2bd652e9dd11eadcf7f97dd20ae103ce2f38b90ffccdb16771bd9b76b898abc69e19b22785af61aefcb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\183\{07da73fe-57fb-404b-ad84-6ebd2a5253b7}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{3d2f732f-cc5a-4320-9095-d39f696592e6}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\81\{82d0f04c-15fb-4ed4-91aa-6fb453b83351}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\221\{034f1a81-92c7-4a34-8523-69420a7e7edd}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\133\{47b485d3-48f7-4b04-ba84-1b981b1c2085}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{d7b25c45-2715-405f-8b58-469bb5950942}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\29\{fa67695d-d3eb-4b0a-abe6-baca922f2e1d}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0516b2096b64757b274fcc99448b6461
SHA1 7e756f703a02aba8471ce49d50e43eade0aa46b0
SHA256 853744fbe1a0560ac029ddc94d3c49b84436cc83d06c69a44f9579d2eadc4a96
SHA512 f91b2a1bebbf152550ee05d78f30d6c675e874dba7adf7c4a000f6ef3a273f8fb7ea761194bba10440e1590ef1a241686805f686e3533d2f9167afcddbbd7e70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5871b0.TMP

MD5 955c4ce6f63e78495858ee643d6bf8b3
SHA1 1c9f2c34fb5c0d2d1fed9956bc3a835cfc29867d
SHA256 f1ea6e1d4119fb31445057525632d3f025e310259f8a3b9e700365e8d1952adf
SHA512 fe1b807f45b395e36522900a797d04a199a8911380fcd8c957b0f3c72745ea9397b0d6d3338002d00f42262e2837959c33438752a40a4f517a34e52180da73a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9190ed99291b1653f714038ca9bbcc0a
SHA1 63ed5065202a746eb42b12174b0892b69b996865
SHA256 992943777abe6396f7eb6e64245d5dc5bcb86dc653cf7e824f50864bfac1a74c
SHA512 b7d52389c531eadd20d3ff192db7146d91eb94c3d903affd5e5a68313a368c63546ca144177069002c694eed08f076e26fb460f2056ec26fdee19aba58cd567f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BBO29BUG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 b543100e0de609883f1bfb5a0a53ff25
SHA1 8805505debe3796336efa1b89d99143d498eaefa
SHA256 b16fb4366cebb96a3475cc539cb511f921dab096e80d06b3e09af4f19b7b6949
SHA512 5ae71a3d35179017fe5690fa11ca7068997645abf7e92ac5094a364545358f0486084d5c52b2e062344e78835b86b6fb63ee3e3008815c7c6c0ba374b3fc2db9

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 492e22a9e1fd788511d2919f36916600
SHA1 88582c630124ccbc9f5b7c9709953e118c6c1520
SHA256 39a0823db3c39e70fd0fe052fb1fd3af01189bf7ed0b27eb86c0d51740f68d2d
SHA512 ed32f275c795f4c5bd333a582a296224aead3521922f0db7b9b06c605f6c6da929d2a36702cfc7f1764f419fce50d938b556235fec176a8d1223da4513d98d73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0e10905e3fdea5018ecc718dabc5d4df
SHA1 7bb8921bf087bcafda0abe3766aa3ea16a453041
SHA256 a665ada48d4d8c3a4294b0229c480dae529c01ff99e6ad6b75eab13ea61542e4
SHA512 5c375943fbd66296dc580fcf310a7b045b5c83cd8dae2da078b02d92fe236fd5a1a165952b3caebcf04a95f61b11ec7573a145aa74abf83544a5bed028b0b61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c57aa62e8a4176423dd01633cce8671c
SHA1 3e20ebaa3d5e7669ccc53826090094a531d0511a
SHA256 b3944440dddf5f0e3201a9d6047e445167be85b13048e0eb48dfd97f23725ebc
SHA512 f9980b111f82864273ed84d8f2d99f905b4323acd710cfee3664c4d360773330eb36c802516c854678b5a31788ff905e762f69b6a0f1cb5885c917f38a79da7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2980ee0dbeebd6f3e1699b7f9d30c765
SHA1 95603b502e41656f140079fe1c307ebb9ea88717
SHA256 d1f22c253cc7d5cf3e1bc0f66d90c3b15dbf6e7db4fc21b687e8713d28993511
SHA512 4cd3e5194f960f191b74c9661588fedba264fbd680a9caeff8aa2a79123e887995ed8a257d2cf4a6172a4e13566b2e720dfdf7a452ab552f75de85478f6838c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bcbe84627353ef541147f32f11f5c25b
SHA1 aeacd5528d47ce7697a2273646cf349609ec865a
SHA256 88d0963538a290ef775ce2de98d6e23c4fc618807afbad7a8fa28feacea6205d
SHA512 bcd53528ef201956ed066626588e58565123be6455e5b7c81b8fc883023a3024c963b0948bfe3103cd8bfb1c33822bbbd62c0019aa06aae2c1feab018d73955c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df7034fdc78e078dc72460b5bd5b8847
SHA1 b8afbcf357dcdf90b21afad3034cbc65ac92ce62
SHA256 e72b2c9c697fa5edf9d93bd2b8b7e718a9ce16eafb2c9ddeddd4ce308f733095
SHA512 9d0a0362f54c9908a65924cbf8fd7db81430fe558b81dab73dfe7b03902eaaa0e2a4d909455e3f7eb43ca9f3d5ae6c92cc17182878dc6e1cc6a7d7837f6b563d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 71486fbb792c8b1fdb9d080a3cf93fe8
SHA1 33d87bd4ee6c1e5ec89b38d69d09adce7f9beb22
SHA256 67683d04f9a5b0dfc53039421a7dabef5318816cd89b738e7e247ffc9d601245
SHA512 22491e865d338037b584f549d7f006334a704b4b8de18782c30a6b7d996a243d80f5843984f9083f6b5ec1489d329595676f6db18ca31fce31626ed7e00444ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4313334278f097ae55df8568bb9ffcc8
SHA1 28dab1abf321194faa3e9c896809fc40c34f2e3a
SHA256 9a453b11b8f6444e115e89a81048f125bf1ddb471ea01953e7f0027dd78a1c1f
SHA512 5a22944ca827940ae1e246268e0d33736f9562152f5ebe8ea4f4c0581a3e929407c83322f7095a8ce47a1ad09205c08538e7588922149df856476b2fd14a9201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 96433195d918f3e130ca27f1f7b1cfeb
SHA1 8d998211ded9eda6eb47231abfdddeb2941b1571
SHA256 d6537cc7ea0773a7c54f7d326f3596efa2e6ce314cdfcbd29110594c7ace17b6
SHA512 6bc56b84a1848aca70d6b4de630decc9659c3d1355db34ff4b8bc0b1f9735dbfe2880ef940ab28e835e1bcc08391ed46448d5e051cdb52a6b984b58e4b09e44d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a8c21555f17d43d0e8368dbd78abb325
SHA1 0da0f6953ee113d123d9525e915ee568c8ce1ef0
SHA256 c6a73b4ccd28ff71b06827c43ee3bc0481da3f80e22d0d1944f6e62a21d19588
SHA512 d26b6af5b11f7af5161ba520a535d6cbaf61ccbde66cf4c0d86e453ecd24431e97ffb4e1df6589bd41b1cf5462fc5f8c4533550ff1ceb06fc7bdc685471bb961