Malware Analysis Report

2024-11-16 15:57

Sample ID 240212-fkpqlsca41
Target 5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe
SHA256 5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe

Threat Level: Known bad

The file 5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 04:56

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 04:56

Reported

2024-02-12 05:01

Platform

win7-20231215-en

Max time kernel

57s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000a11f48e12680f93880e4b00bf9dd22f7270528ff1c42951e326b06c429c20bb3000000000e800000000200002000000004cd49fd36da0cb08a0a9d1801c4d8222fb47c7fcb3e761e970b05bc327defc62000000013e64b118fcfccc43b8a879dea6c468ebb7f537638f3c0356a63210d6d29df54400000003b1ed650d393bb014bff0884aac7753873017415764f95d23ab0e0733f1abbbca94b98be6fc4ab203840ffe9b702c01eb7fed473798f22e930a54f19e343e6c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E46BBF1-C963-11EE-9F40-4A7F2EE8F0A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000001b7c88d575962b511e31b0f2815abd1dfa60a009391f572cc9e31e5194600605000000000e80000000020000200000004416ef728b47d810835b02411facd58f1f857ce8df82e9efa094a96c8ae7faa99000000038435f4a04ea4b2c0745d7027a522fc2acc64167a5871d67d37139d37ceeb80d7f15e4a6a5b3fecd3f8bc251f4b31de97f14fb7be837ec2614d223506404cfc1766701a51d1e4b1e76d3048ec1a834748c9cede34cde06f0f3b591a8ccd5f2f26142c5e9634cd353f2bece6a40231bb78f517b7f6005c57fd7c75c9553fa6ec2553f561d2f7ff6ef02bc263dc4bd34ff400000009c2d3583a886e513c7b5c159ef802e3c21e818994101f8bd0ea8d7fa4d4892b486acb13814cb2ac8cc9e13a998a1f17fc10541b909f727ab889a72b5c3dcca34 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2248 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2248 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2248 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2248 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2504 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2944 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 896 wrote to memory of 1664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 896 wrote to memory of 1664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 896 wrote to memory of 1664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1136 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1136 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1136 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1152 wrote to memory of 1184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe

"C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c89758,0x7fef6c89768,0x7fef6c89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6c89758,0x7fef6c89768,0x7fef6c89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c89758,0x7fef6c89768,0x7fef6c89778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.0.477202609\1049271567" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1144 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ab8cc8-d258-4df2-8c44-0e74e47e17a7} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 1288 100fa758 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1288,i,6822616328324166004,783216894566597774,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1324,i,4150466399929521872,1566372370072767257,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1288,i,6822616328324166004,783216894566597774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1324,i,4150466399929521872,1566372370072767257,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.1.2130451467\638998791" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9c15a09-dc6c-4f79-a51b-cd31737e35d2} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 1524 10003558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2200 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2544 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2576 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.2.205722626\1179673863" -childID 1 -isForBrowser -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c16c703-348d-47a2-9581-fe6051633bb5} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 2076 19780a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1332 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3480 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.3.2101462399\812251978" -childID 2 -isForBrowser -prefsHandle 2696 -prefMapHandle 2692 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96417d41-8cb5-41dd-af42-a8020c341f26} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 2708 174f8258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1368 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.4.1088021582\524171777" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3756 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3948707-2835-427d-bd64-6fd29ddad26d} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 3772 1ef12d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.5.1429087068\1848182377" -childID 4 -isForBrowser -prefsHandle 3944 -prefMapHandle 3960 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c634077e-3b55-451b-9c8e-c8dd65c6893a} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 3932 1ef96458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.6.454383782\428541727" -childID 5 -isForBrowser -prefsHandle 4056 -prefMapHandle 4060 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88cbf7c4-44d5-4bc0-b8b5-aef5a3b151d7} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4044 1ef98b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.7.1850321172\463652036" -parentBuildID 20221007134813 -prefsHandle 4432 -prefMapHandle 4436 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43536856-eb38-4bcc-815e-5e0d7ff84094} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4396 195fc058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.8.624591937\328640699" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4540 -prefMapHandle 4432 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c795a7-5cc3-4486-aa9c-9a77b539f853} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4552 1ddf9d58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.9.30521324\594233209" -childID 6 -isForBrowser -prefsHandle 3028 -prefMapHandle 1880 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e341346e-88ea-4189-8a04-41530c8eb61a} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4540 17456d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4404 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.10.389805573\1797528577" -childID 7 -isForBrowser -prefsHandle 8680 -prefMapHandle 2336 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0a02cf-d095-4faa-aed6-181dfc92d18c} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4672 d6b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.12.1049692125\1647980289" -childID 9 -isForBrowser -prefsHandle 4672 -prefMapHandle 8704 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {653ba27f-3a3b-4e08-932f-e4b4f815cccc} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 2900 17960b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.11.113137495\812178021" -childID 8 -isForBrowser -prefsHandle 4688 -prefMapHandle 4676 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3e8b62-6ea5-4b07-983c-1a4c7a30594c} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 1644 17456458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1300,i,10065217777165573193,6441940175917751091,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:50064 tcp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4flrne6.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-q4flrne6.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
N/A 127.0.0.1:50087 tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2944-0-0x0000000000860000-0x0000000000861000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E422041-C963-11EE-9F40-4A7F2EE8F0A9}.dat

MD5 bb542bc4252588781986777a8fff4201
SHA1 263706cd194f75ff74533347e32310f6fbc46678
SHA256 ae95ce653700eecb6283762d26af391bdd07c8bfa99b19beccf94f904b889f3d
SHA512 92d06a09eb393a9d7045c9a0025c576703e2347f55c60bf1c6fba47beddf5b93283696850c56114172c0e558f95738966390f98a081f8bee685d6f01f014403e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E46BBF1-C963-11EE-9F40-4A7F2EE8F0A9}.dat

MD5 82fed9ac19a0e76b3b89d015fc8f6906
SHA1 7216485fb7ca43f1c3395459677fd37b4715db0a
SHA256 bfee32aebaf9c50288713af4425396303dc1f076425aad5e82521da160c541cf
SHA512 b4fb207183979f304e56790d995b26670dc14e7323dbeca83bbb5bc8c18dcf05ab9212bd7cef494765ae11e93fe7b161eb106b2597abce54bc2e977599561273

C:\Users\Admin\AppData\Local\Temp\Cab6DA3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E422041-C963-11EE-9F40-4A7F2EE8F0A9}.dat

MD5 4f4dea71d4b63cb1639ed17ace57cfd2
SHA1 159ddde0683b9d3dd4b97bec5fbd0880398eca61
SHA256 a03a308192ab19479518355d1ab8b442ccd844106331739d964854c3915ca207
SHA512 003b64007cfa7c52186eeb9c93cb2e30ee8a67e92de3d50f6630455bd59c2159be13bb55a81e991741897c4af94874b33b43b725c92c1b68f9ea59648af93211

C:\Users\Admin\AppData\Local\Temp\Tar6E62.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d69436d2f53ba03e60c8572f303d18f2
SHA1 08fb2436da248fd488a21dfcf9333dd38b913b3d
SHA256 5e3cddcb9d4335f6ce742c7b22dc69f5b5db0858c0edc4baee89022de73e5f57
SHA512 bdbe2fdcd062b70cb99d3811e415a618dac14d29d33e14fbfc3c3e72ec5942d1fbf03cca2f6a41840118bda43d832a61de25277db038040d0cfb5d1366bb9379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55047a6957d734ea276ba138c1849b4c
SHA1 2fe2fd82a61eda73d569a3b9b96f94820c3e685f
SHA256 98d268c4daacb9bb6fefd7c17ef0e2dac2dc17e8bd1e4464acac854b4f735990
SHA512 0dfb065edfe35b97e7434341c10587030f224a9d1f9bc98e4fbedc2fe205d44101739b0327c5ac146d598e5beb1775f7275edd6920a0da026158815b3e145c51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fffc25734acd76d187e8fb2b588c3853
SHA1 cefed58c29460e8603afcece8653b7ea965bf016
SHA256 59d4563323bff47cbd9b65883e5417638a604a9a362b57651827b9dc85b26c0d
SHA512 9ba8b971d00430612c7ffdbd5b24a86c6b4b87472887337cebcae0277ef8faa3f52171bcc40d12c1828ff912a09850990e854a6e9ed3b7c13f6f0f821db62603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 09371fd795a38ad7de8d47deef7c53b0
SHA1 d96c9f2db570ceffb806e0b603dfa245656b1bb6
SHA256 0356540d3e61e4c350b5d3a91f6b46600a55dff3900821bb3104b0685f7fb1d7
SHA512 13620d1948be0b1f654f026688913f804d00328ad569b5c4221836ce83dc76c888481fceeaa01eee4f9d8848e218e896445b18aa2904393cd8b78401a360c62e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3b9d0c0132a54c5e4ca1e9a2bc2bb357
SHA1 aecb18644b73fe150aadb1dbd70f74c674197bfa
SHA256 90c90befb79172852b5d856e6fac1e93c519f1a5f1af376b09ed10066513607d
SHA512 25db2c7ed07aa6044c85c088f7a57fe9654d0d30ba2efabc853954ce4c693d59d024a397b830cbb9f4ff2248af62a765b1ce2c6a1bf4ac1d3f0150d7524dbe18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFHPCFFP\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 c570ed7d52de9ad2d62ff15375beaa7f
SHA1 27398187619deb26f03282f83f923e28cb0f9d6f
SHA256 1a0e79ca43cc824aae4ff32a5cbda78fbd2769c41aecc91b1b3404cc4af07cb7
SHA512 f4e8ff23b8e35c3a58ac4cc1c58584197dd60f41188222678d400b9c54ccaf51a63f51c6ba34a8067d9c580deef2c68a6c3284d10b06e13afcc7941d76800e8b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFHPCFFP\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 4b3579e93d5598432853da1a45d3c009
SHA1 d354b2d2c94b59f96d99fafdff537b6a6d3d7755
SHA256 e7969ca88daf17c073a9dd443e0ba7d093d8f2f9df83cd840884c7fb2a7927a7
SHA512 aaaabd8b3e43fc43a00076e99f3c2c8538b1fec48faf41a0dbbfd4fa755b72cbc3e3623b7ea4cd556e416f8c37bc1e5f6e6024c943e53d68f36dffbd10202cd8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IN1A37FD\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CYILRDYK.txt

MD5 0fb33f9f12097b768c969dd7df773b39
SHA1 b6efc7e4edeb40912a47dff0cb5c70a09f4adddf
SHA256 d4bbc0902e5092b00c493276079d79bbdb0c0d53f0cf85f019ffc571e0b0a964
SHA512 0369dc335fa02cf29fd0e548d64bc6a5a17eea5b5b20a552c7d79fc18573f8349a3f867ad5402f6835a7a852fffc27687f6c0206b1d93dc620934414680e8c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 72d97bee6e6b6ff43c9bd92d6ba582d5
SHA1 6ed93bea73fc3731e245a3dead95a1c6bd8b55e7
SHA256 17de01e47db2d5eb583f7e510f834abfb2997dfc329cdeb6ad966afbeb7a72d9
SHA512 9b00bde59b046ed1b45bc7722f1871ea9a5ccca75d160b3fc35811b7db89fc649d5fc06473763c7e62339261a8df1cdf0b1d951d3adfdfd64dd8e7c2c6f8d857

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 339bca17726163e20c551c6a0b53502c
SHA1 63599e4c6e5b890a14b120fe3a6cc8a705ce277e
SHA256 45c93b8ca4c31509f04a99637968f7781e8ae986d07f1129e9a95bfbfcfe96c9
SHA512 bc1ffad0455d62046e6cc5e39a73ddc89e536dfb4d3b823feec735cdadbe4b3bc208c41355395af020a6e699de14255ab3b832cfc311ffd4a069006c1d16b29f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 8fa46378a82063e36bf23e3ab78cbe33
SHA1 6f50d813d7e8b102ae2840dc473e943f1ac231fa
SHA256 bc54b59456d69451725487e1253d2143b5b5e9c8f943224f44f50b0cd333c86c
SHA512 f84a27ea2fa4f823e9907f12bec3aa889f40b9d01c5308f3774d6570920316a72046d5d817ba8c90f167c0cdf2bd4431e51bee734533e9298f31ed2481e03171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d018bfb9b13375687bb80f1bc1897628
SHA1 c6c45347dd38192b633a74c8da46e5f5767acf6e
SHA256 897169b8035c6fa6d0dd35d9ab10bd4958bc0d6cbbbfb28924154dfd4c0ba6a3
SHA512 ee8cd95553b9ff9fee4d62b3f53672bb3b97f8b764f525f491ba53b9c67c40c73c1503d9d33f66af3f59a70f1c621dd2d35be8e9d7481674cee23eacd6895248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1f0675a785c0e5834566c685cfdb10c
SHA1 ea41e0525c3b1375e66b33294d2b1d4385face1c
SHA256 1b36e7443da7fac6486fb20e52c21f070c9ed45f5336e90b3d2fbcf5776b8ea9
SHA512 46f263ace2896edb39abbc07456ad9f452888652851d2fbc6e614fb9412e9d2695b1ca520e75e8dbf3d341715b2006bfcf10f8b124608a82a568863f59e7da3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16872031e2bf008c96fc7f37fcde7572
SHA1 ee0ce1ea32d95ca3271b34c423cc08cd25263f2c
SHA256 36941a3ee238f5e896f85e8ea3b76a8c030ea04d0c93229519b8b7ebcda03d0e
SHA512 aa5fd267f21d7910d1d05bd7b6f6cb8682464728c24ead7c308bb9dbebc22d481f7621f975593272822e291c3bd026558cf42eca28ddccf05f73979eb52fbd6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2753b3d3aa60358ebe5c15902b1d09f
SHA1 b7079c71097fd676cea07eb2e7b608999cfd2e30
SHA256 e97885e75c3f19862bbf345e238c3c66e5ae9add66eaa456982e5669041beae8
SHA512 cdbee8775d323845a6e7a44ae25e2d192a6d1e864192e08a058e5c12042f1b4f4e84c0bc42ec41da1a1510170455cd9b33fa94fa95a74f05105a0be82da7517e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 262c490736a20691981efe77f1652149
SHA1 a4c8832855a214a1d77c9bf6ac05f7736e66afc4
SHA256 3320c56d1c064dbe641256ffcbc365e1c8401945712da2fa96ed5684e2d7d459
SHA512 31afff28b715f90824b4ff3a0b270bcbcf9f744ee764a69ecb7067e881bfce0c8dd7c797275594f8ba72a3bb577c815ace5e2446eb7d00dde741c5679e3ac422

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bced3bf66c903c9ed790e0c6f8fce708
SHA1 68a9052c10e21becc0fbc43adbcc36fbe400d0fc
SHA256 25c71a0205c058255ad5c6226cfdb4731ae6462ac4ac47a49504c5699701eb79
SHA512 25fd1e69ab35481ed3e7c5336734a38f87a740746456c7c12c6f8399d1b4db9e98bdc254b482da68cb54a4d2a1ce4a02da46846c1b33a15456ea0251f4e08be7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23cf913cc972765ad296eb8520fafc59
SHA1 0a85075d718c921deb299c8c3386b21d1b64c6cf
SHA256 f381e2c1d3e1c3f233eb45c118ca7475f96b79485d1e872f045eca9b49d01962
SHA512 f4a6c3e83db826548c637b403e41f6d88cdfdf3f1e06faef5038e73904fd9f8993377ac10ad81fca5a6503bb79e2d7d5a1c341dd4d30fa38f4cb8ba8863d97ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8372a6d6207ff02b7493a59603105888
SHA1 56644c42c4b39d1d7c537b1aaa9d4828567c0413
SHA256 02ef069f1d7426a9f404c887848591556ff29069d893d9da615f720d3a5fea36
SHA512 479c9c0e80ae2dc296ccc4dae4b9f1bc4c9d15427dbb635977124172755fa17fc9ce39dcf6f47b484fee4b78c58935bbb6cfa8239bab75af778ad041c03ec9c9

memory/2944-768-0x0000000000860000-0x0000000000861000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6992aa2d747756123be1c5b182f9ddec
SHA1 ca793310391afb6484938a731839ef59a13ded93
SHA256 89563071fb7bb4205206469f561504c6b36e764dd658eaaf8d02c0901d7dee26
SHA512 022312f898dbc857d3d9bcfec3b8661e61e46bce311ea4b885b30527c05b739fdc1b3c0a0bab6f6fc0b0d972f1dc03a7ed1027b7bf649bc6b46d7a73ccd4e864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_896_MIBJYZWGCCYBVECL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b4b263e3-c271-4f48-b5a9-8d1491251e49.tmp

MD5 08130f7cdb094dcf4e36e06f85f13324
SHA1 9a346cffa3e04e717664485244373b26a522493a
SHA256 daac1d04688d1db573f4065daf84de354827ea793bb2da94109365edc2a4537f
SHA512 525968320cbf057c5c52ac678aed0c84e40f9b791463d7efbbe88b2daaff571e432774006dac122b8b1b7afcf4797cd1185094050ac7ed4b3dc254a14c8167bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\243305ce-f131-4a3d-8c15-5e7c6a5c03c5.tmp

MD5 0f3d9b0338de0a200787e38882fad2e2
SHA1 b4d746d9fb1b6dae29e70cc39b384a700bcbd1ad
SHA256 7487a9a2ae614c21a742ad9a56fbc84064165062415d3b8a8c68b69973c129e7
SHA512 e03407a0a3ad2b9c3f4dae6a3d7d144d619f526fe6bdc11279937404a02f990361445cf7955359add41dda8b3b6c00bc394eeedd96fcedc2d97aaf4a32176171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 8679d38dc91801d42851252414082da2
SHA1 5ba12a477c265124466f9bb4e8b696888c961bf5
SHA256 f962c449172fc68b3a275a9e450f1ade40fc6078209f166083600112baa6e82a
SHA512 c613beb4d12f437420af16e941f752359996716ae6ce5697e97371ba48dd1d176d9e8a3aa7648e5423e1c08e577dd0685bf75062e6f01caab54cc9f136ceb6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 4cdc028f681ce630d85bc8608df000cc
SHA1 4ddeac033eece604a60e5796e145674a8456d322
SHA256 aace3cd32777c33f4ee6ca19baccd5b84d6fe0b7fe5d63a3d4e1360c49316514
SHA512 03815b6bd117133f763c6dcb510229fb0b15fd48f618ab59e54f990107a5130626340ef2b7b3528c595dbd8f5ecbd2d7d6d055f811140dbd85d21b3a4891e865

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 c41e1ebf6661d499583a438b8493e6d0
SHA1 3490868ad6b550d673f73e7a314ca5511399ccfb
SHA256 e835b8f0236e50fdc5f64b8807b4cf655b0b7cec6066e1a37dc01b7b040c6aa0
SHA512 c2725d4c6ab58cbcccffc239f14f535ec7c76b7b2da40b2739806fed59bbe3d5619c5c7beeff60f40b91a5b7ff0391eda42eed32b9198a08473411c91c4c8e26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 234b2334d766e863eb0ab8c11af2c522
SHA1 7ecbc70f5b8e920a5d2ac30521105d51c29b2f64
SHA256 3f40eb2bd3447ee07cac7aa5ff2fb0385c9356116e0eb4c5f3548afbf2cabbd9
SHA512 c46485d1de3d6aa0305f768ba0b58afe26192d274874826a2e6c9d538d89c882e6077cc3f49c896a04edfb52cde845a308edd27f99d6bc41001fae966d65ced4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 9b78ea3bd43949943c94278e303d69fc
SHA1 3951b842d6668548aba1db2fdcdfe1bc4144eec8
SHA256 fde69880f1da5def86fb2f5ca3c5a63f79e0072ab63aa403bd690c0bed641d5d
SHA512 57fdfe5e063a051d85377bd1432dd766113323c6d1cdd1cc4fb82a736973643c81621323b349deab0f2deba58dce4c630819b46a51ef5c48447df31101b13f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\dd4b7560-87a0-4c70-88f3-94a740e56ca6

MD5 e127c93e85d9dbb7d9b8f2e3ab86b53b
SHA1 9e5e7f3f435d4b8919aff2dffdb1720262b0e2cc
SHA256 e4f0647ea82bd1cd4dec9d0c1cc6ad4ac56466a586f81c12c9cce914f48347c4
SHA512 652b60acfbe83bde33130e442f3b42ac2713f83cb40d3f984752750cdb3c79f019d4a4519f7496f5d2ee1ef4fc6e2626301eeb065667717bb4a4d4b2753e18d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\67c2a49c-f9ab-4e73-b72c-cc3e1e71a51c

MD5 78f92f046cebd6982995e3e1b9d4a92f
SHA1 18e7eb27039485af9f4882f755f03a2c90bdb642
SHA256 79efa30fd6749c213731fef6ac340446bc3aa03d521faaef144c0e2be1463183
SHA512 d564b62c547173df246ebde09a7a330f3c7cda63eb04a64514b048892e6fa0c007d060b4a9deec49581a8fcdbf2bf28437c7699e4739c199a18f42b11a163e17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin

MD5 565bb6517104a7957d20ed8ceba09f95
SHA1 b356c78168d0ae808c58330cf7176b947457df89
SHA256 6ed5937b46c28a08952a8a461deca4516e13deb059ba271b726ec37ae58f76cd
SHA512 cc6e89c3f900438d57a998a1ee5456bd5275df83dcb1b1737fe9cb6792972fdda2ab9a69f1d98f3ccaa2f8d259d02d84b5dc658d0e1b03ef12d40fa79a3fc9ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5ec14bd83034bdbf50031c9beb51692e
SHA1 0c6ba000fc2150ebf118c8dcc95c0fcc7d2b4e53
SHA256 3c9c1ca1420cbeb766d6aadacea10cb868c8b59572ba66506068f83f4d6b94e7
SHA512 57a525ba8175dd07b5e1ca0ff3e6dae04dd3860d55e3fa51ed557ff5e2921aada9064359433c95bd82113a7e544a2588f7ac5d256a12ecf76cf723e82b176bdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 fe0cc2b09ed5998199c8802c4edc78c8
SHA1 59481678569b8406b2f6cc469c4a37e1682d8a7c
SHA256 a7b27ab9cdc0df65ebba5c36fde165fc367e7a9a01803d6faa9ed9fe06d6404c
SHA512 6c131363b439681d45e0d02bb81715fffc003370a356c7228225594d0bf98cdb9802ed25614445175f66969f85c45abbbbfe669e220a21b53a700508c55a6a85

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\cache\morgue\154\{1b3ca442-d6ac-4d4d-b299-f9ef7a74839a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\default\https+++www.youtube.com\idb\3020014542yCt7-%iCt7-%rde2s1p0o.sqlite

MD5 bb157d1b09c1b981388becccb5a9fb5b
SHA1 86edca5c2a28f9a6f707e979a227d51e00a3d0f7
SHA256 433004c11ba7aceb7a0fe97b6a4f4a9ea83c4917c3f19f1efe6721ea4a65e080
SHA512 e1a233b12bc859c33accfa5fdad9a1eb12bb7d031085c8b0b8ec7b9ba9b53956deba3c1da3dd3f8e7ff3533ff76416110936366093c90afabe1b311609430097

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89d818f2710958ebd5fc7b9ca78fe7f9
SHA1 1472a363fa5b87bca0fdc176df409e393fe626b5
SHA256 35a386f29b62c52c4798840364cae97249cadb9fde665df345fe615fc2f72bfc
SHA512 f7a2179e048096fed426c33e4b778f9a34ad8c2023b1a873562b9a8dde2b3be693c40c8a9a4fc4ad2c93151f158e90c096fe75c0c5523d359cdd5a9b105c0871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf772f6a.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39465c0bbb7e2863c106f5086ecb282f
SHA1 f6d84562f73142e539e8dd26324b905be311738a
SHA256 d25988eee7f2a80833bc9fc47d452ea8288e222908b872c9fa2d0c9d95dac4c5
SHA512 a710d5c2147765dd3d0ee64105f5ba3240becf851cb7fee8a0fd7362e821f60a46a887c62e474e12d95dfd342996e2e5cee9dfb2c57385f2501166dd10d92500

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 b2996c51d96ab06343c4fde065f9d16d
SHA1 760ebf74fb4d0b184d0665f3d111903ed1f65bbe
SHA256 dc50317d599e8a9544f431cf46fea9f7136a3145af0db8215b999c1bca0edfcc
SHA512 95b3a71dda2484e82915c306e97ebf18e587248cb693885ada14f794a2a48af6d38387d198749f75759aac9ed12990243f448740bb883ea30676b8b8bbff09fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 145f69387347ac0cf585b6ebf2155533
SHA1 a069ce15e9e41bce414181ea60d1efaa7bb61da7
SHA256 89972f18c8523060aab6ec7ca8dd1f22c0e8d7cdbc67bcc78e02f08227aed94e
SHA512 a84a10534e40c50823af0363064743178390ce2c4e05a9a8738ce1efdc15014c33b09aec8006c941dbde8d0cb07f2b54bba173f002081d29a9c864d0b725b18d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 1159fa79919f53a7957f20cb86ae3ff9
SHA1 7ae0cc88b86bee393c4ed69c8084937638831482
SHA256 00339b367eaa7f422aa10fad764c2fd14b65fc5c869fd9e73218fbfabf8567be
SHA512 e6ab6dfbc171f37785bc3ed10a94cc83efefbfa0b0a206a83e79169c895350ed5c06fa30de8e1e2256660430f69397da9107a441e1cb18157abd60548b6e2864

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7920d6ee235e3897c23cf367ea3680c1
SHA1 24a89992dd1f5656d716119a7ed1e1feb2d4931a
SHA256 c6dd843c3eec39a73a71f149069b915c3ae1d27481a6865752a2396b2ed3584a
SHA512 118326ae48ce6de62d52a84db58320d7779194be2522baaeb294745a00f40ea09c92c34c920f2b2afe309d1492f2146a0be3df49963cbefca93a46d86c0fe109

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4e8a161028815b8f7e449f2d4c8b157e
SHA1 d74033c81051407c1d385237329589bc5f6edf41
SHA256 d576977dbae79c54372759a628595d1d970d9638d9f554b005c92028f9f7a239
SHA512 7d365f43d7f3e06c8602c18386980081d50391d3b94806ad689d98ff04b43f3a43643bfe99e803c2933293e06fffccc0b6d703e4a867ffe654742cbe7c581d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abdcc6fa3a3c7aff9c14d91a01a35fee
SHA1 4871d4c4cb2183065a43ff15f67c4fd433dbfe4e
SHA256 7eea4e7b5cc009e50e36931ea0e03655a928e9a57f348b26818a64504b92a9a8
SHA512 fe981b0e4fc66501689af74ef5ae126f8204f58b3347c6f880bc2982fb0edccd0a03729b75b427a29dc69141b3834b9f999aa3dabbde52e1c4cef1ed65ed9fea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70cdb98abd324865edd630ad8ea760af
SHA1 ce2e177f16bdf28af79242595113663efeb16078
SHA256 909d41740ca37bcbbfe2b4fe2e6cdf3dccc82a7c4885ed101a5d48b11cc593b7
SHA512 590c69737844f8e55a852b9ec044bfb657f0d89aab5e173d0061aae2e7a1045ce1520e6a23147379d510afe7c54c11082b0ec6a8189dec7c5ab4dcf1d3be1bad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b5d482e3434b9a9fad7af00f127bed1
SHA1 5d0f1a64a06570306afd3ca42a4952e2d789f33d
SHA256 73b139ddb2b241c14674d14e1a5678266a3cc24bf260b1156cfd744047dd3675
SHA512 e3550153968f49922e3358015f5de2799924ed43a71d682e42d6270c0a8170b35dc3463c273f0d44d687efc31c36ba4080d3f0edc84edfd9a2159951b2fd3123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc315f78ca0ef820829d840f33e9b61d
SHA1 16fb8774e23c4e8cbe60dbbca627407eafe44100
SHA256 95d331bf52eb70a466b679ab2ed4962c954f387122d2bb02b8ddf150617f6ba9
SHA512 3d130e05a2c2855d3679027e87417a39440f09d5e0e9ca8f09e19bdc752c4f9052265320a0592046687e61cd0d1486d7acb62f817667e9344882976b7b9b0ee6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 44f2506189dd04d0029e62bcfb26ae8b
SHA1 85a0f9af2430d318addc42688c27c7bcd120c7ca
SHA256 b7848caf985178f635e0cb69c7b8adba19159c0cc1e021da84456b39d408939e
SHA512 a70267bb9854a47ae3821e1b0ec6213ebc71cb5851636e15d4bc540377988b83827c4545d0d0599ae672f00778e4c3ad8293d7fbc413c11d498875adf86f8e2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e83c0897446890bb8cd4aded1bdbe07
SHA1 10aaf2bf69905e0bc4b561076425a4e35f3a6286
SHA256 d5f5ef649c5009dc6bde2eeeb82a5817fa7629da833f631a8a4d605c6cbf0b97
SHA512 5c70272c35894cba246a21c691a5e972baa9fc2ff2ca340f460254cd1aa58263851e627a1df9c13a2e1fa8a6d73e538fcaa5bbd7e4fb9f52a439491e5aed8f43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc2c9f7772496f61f9be55b22d41c721
SHA1 306c5a11afeb0b581f7a7bb4521da1f2868a8cae
SHA256 2efbe0cf1811aa1f1d90f7d00a036bfe5ba105b3478e7b6578452f1d2f1a71c9
SHA512 6e6da47a4ff17b2bf8bd41cd90289053b1eef91dadd173a2cb0247c63a6a2a3aeb6afc95623e77b5a2df073525d40124a2da4cc41299fa23d5e1e23a0339a6a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 566d48d7feb564b556b74060f685dfa6
SHA1 8f3114e7d76a646d063f9ebd4c9b2d8aaebf4b03
SHA256 7e8ff8868975397d0752a9d332519f2bc3610cf557561ac659c39b85ea79cc1d
SHA512 c65028349027911f8476377260e0e817af483637d1721ced6a5c279ff448947326d20b9c6e5385b2587a242f444e842d2e3ef8b98646fcac8a99e25cb0ac9e5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d2e9fbe4d0a2844d7b792ca412e2ab4
SHA1 a3e5b52841cb144c21203af7a61c0ce5f78b3395
SHA256 fe9c3115fb634d43844581d4ef60b26ad56bb7bbb32af4492dc7e4c414e3bbfa
SHA512 c2f4ae6c10f52d0ba96e2af531c4eb9ff19869c8473a8d11d1b8930ee702c67a1011823eafe713191f25e91e9906f6cad455e370cfabe3f7003388ef0d9abcf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c0ae5a70c82ba53b586112a84ccf6ce7
SHA1 1d6e230b53b2e8584ccd4ec332f9a8cdcf932da6
SHA256 4e571bb065f3b27b9ef17fa305569f4d479d2dee1ddce725fffc8c729ef5b543
SHA512 a802969ec1bac64932d317ee4f03c7151624a58d8238246f0e294ab47aea21150b64ad21711a47a13d4d1efdc1944a3f86296f1da1da7fc0b235270e06ac613c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 589f62f3de2ed5a231fb9ecddc64547e
SHA1 91be1bd39c16f69d0ee82bdcd4a78b2226444488
SHA256 a3facaad434ae1f0e7000c3b86ce59d96e961d226ff03baac736d2a3bd0ff060
SHA512 085097c6f2ba82751815f458f26f54343d1eb39fd94ab7daf43b119ad51b2b041c7a547ffeb38976afdf95304103e4ac0b1015c162a008e53bad3d2b5d3f13a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08690284bd6dec09ddc7f51c00e9a18c
SHA1 3b0f92332faf0d974db722ce50a53460bab7b456
SHA256 4dbfbdfa8376ae7969c97a2e635d7c3bb4d5d29e47335de8b8e715fe9e3e13e2
SHA512 c16f27267ee13dff75313fdccfbbebeb5119ceb3e1ff98b5c6703c20565d2f345f4e49e6fb73b331fac58f4bbe3bb3716b78660de408a23d7f6cdc7da5476000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3549c982c04257b9b4085f3629b486
SHA1 f0334c8849f440a1afa1a0fb8b132e9436b2b065
SHA256 645c4c944802d5a1e1d9898723e4c6a2acfbd9844c0f41c1eed5c2a72461fd1b
SHA512 80cc99ec8f9c04733b31fba7343581321ee149a87be683ba5f6a7b64d733eb3f42701548286ee3ef27bc3d63ea97282ad273f4d927dcdc97b6a65917cb09b16b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd03c7a2038454678efdc86dc77f445a
SHA1 d05e06bc7f3c654e309ae58eeadaec154881100b
SHA256 22f31d678ecedfc876c373c7262b7d387fdae6ee7a2c45158bcab4987384eb9c
SHA512 a75cf5b0cc6ee614b4effd6bc1a6946b7964631914a49550cc456bbdac83c1f479e68f72bf709d05aa37114fcd635f1a7996f1d0944b497fdc371d7279f5a9e7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 321ff4ccc697355ddd94df3aa77336d2
SHA1 ad23d36d1ca505d1d6f2b2dc8cda185b40826320
SHA256 e0a8e699040a852a4284f56a5200e568b8dad76cded30af4436e900c51c233c8
SHA512 9adf21ba83fd8d9ee9beeffaf95319c586db0607fbf5402cfa83298d7701a1fc668e6ba4bd46bbd91985e979c6e96aa4364db126a79f533508894ed836dd948b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 07813060add51d4b1c49db23a802b931
SHA1 157491c01014d6503920fe7f153e4c2d0b495f3f
SHA256 4e7efbce2a073b285385aa8c299961556cd90382ad7b14bc75fc7302df1e2633
SHA512 65fa2390540a87b145a68a1e91cdb1782627ccfd9a76cb0039b965b40b67b11b4371b48827382d3e16d457fdc76b9e1f080176ff88de9d3fa03ce9c792efb555

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f18f609b3c512b1d96ad90d290c59f4
SHA1 97d0e79f733d3bbd0546f4d62c17b6885a6352fd
SHA256 1118a4ca0e804669abf64d890e0e60858d0e8b99707b4237cdae7f1c0e1bc389
SHA512 74efc8eaf806dbeda2b3404cd505cd2231ee623027efdca43686561c12b9b772c5343fb9051567eb55ae6417ec7be74266ce4036c9192b7e59a6914135fcae61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26544c1c-1b04-40c9-b270-1c34cefbda4d.tmp

MD5 8718e72fd156e4937ef4e34685ed6d8a
SHA1 bc92e4d37f6088890b83fb3b670aa2df24bd3241
SHA256 613c094b95002cbef535f3edb639cff10e877e99d16eafd25206d594e5706002
SHA512 fd5eaadc2d1a091dada6b10261e93cb42e000fa32afa9dd53dcb07eec50194f91a6e1ecdcbf71699fa2387203e7842871a41be865ac6df6d52f6dbbc53abbebd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac18676fcfa9e3bd077fbf093407ece7
SHA1 2f65acad2d4565e468001bd7b1b6c2b2fe8e726a
SHA256 636ea1363996df1df2c3afcb8efdfb578543b66cfb7f9a94fd4a4bd4ab652e7b
SHA512 8fbd62e1a32b8e88b9596dcee33d47865abcecdf571abc4546626887482fd3a8ef0d4f64e0059a68588939ac2db38be7d525c409a92686da03d59dbe85db88a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 66256f952dcb871aba1987844eb40d59
SHA1 675af19881d064a01cfc921a3d5c5634648cbaad
SHA256 5e25d060cafc1d4f1aa958daecb40a175b46903414b74854702e03a39aff8b29
SHA512 a6dcc5f99e938db1ccbae8dc94dece07758634d79b2df481445b948fa7ae1a0f9f128223403e5906e22c8e8e146be92803763750b3a373a17115d4b80d517da6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b67c4eb402c7e0691688fc4cface3f95
SHA1 e9a9bacfadf99b7976fc7ad001fe5682afb83d54
SHA256 1a0748ef3559ab078b7eec234cda596d10893e1dffc5e06b94d47c6dc061e4ec
SHA512 df15b2581809ecd53ce1fc61cba8ff5dd4f35fdf513be6ee5de4a7172a42c576111e27155e18a0572aa441155e570b26a6fdacd574246badf84bb7a524642a43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a06fd062fe3d9a9a55c1e58aef8864a6
SHA1 9e91c34568248d2d5b0248cca7dd1c070b96308e
SHA256 89f1c5d11f541736dc287150335a517a8da6087003b6eab89e38629f119d817b
SHA512 96ccbb92b3577351d27fc9e50a24783f49e9611e99f019f85115a33a4b0af8744f0599f9aa1eb93eda2144cc389f44214d9a3c25540e6ce5729ab72ffd6bb9d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2e5bc73438dc845feac3ef6fafc5d44
SHA1 70529a13458f6246672c33f6f3c18feb71639154
SHA256 5fca1cfebce9b71d6d6d39b26512999b40575336a3890b8229709a724b43588f
SHA512 d3517033876f9c4a99e53621364fce8414a227b5bad2988eff025f2f8ce41da9a73d0da63ab3b42522134cc99e8d2f39690e982e5f23ffa8445bee9f1fdf3eaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc4b6667430cd38c103772265f58c32d
SHA1 524192c456e0218c1c01d5993bee8c30ebdab0c9
SHA256 b886264e5a97a3b7b4d37b3e256bc39d5e59b7b4c1e00fd9eba0e839037cf755
SHA512 1f3c0d7725a0aa959aedc8ceaf6825d293fccc561c59247325d6fde5cbce08a18b62885812d7ac4c55d13a37a4888e8855f20c4b93a3727d0b94f5e5987ee0ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 057321b62426a5bb97a119aa823d3fc0
SHA1 51ef7df3fa60966735412283d25e3233402b51bf
SHA256 62cded124fa142048e3b4c975c9b4b18733dbc4375914c0cdfb79f3c65666376
SHA512 4bedd4f9dc196eb78c4e0504d420dfc520adff163c8e7ae7f72a107bdeb22248663d141eee8fa925317b8adbb429ebf1188388a58ff1fb583261c7bebb1b0c7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53b49c67fd2b7e484ff3d8f59e8db06d
SHA1 00db629acdca845580d285ddbf8fbd84d845d032
SHA256 201793e5aa449845cd3a8e345982ab7a791d700ba5dbadb8cda508f1ac90e78d
SHA512 b48a0f398184837c1e0615f42a61ba718d5fff4f988d89e8f7b00153496d18f22b173ac1b52f012c59e592449aa1da8c47b15556f96c1803114fe9b85109f158

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c34ec0717068ee1b45245d5290475b26
SHA1 cdc50531aaf171854cdf5d11b39e19ed00e45fc5
SHA256 c7179bad1e98504e5efaa78d39cdcadbe48977270c3f240df8c5e15bcc80b2e3
SHA512 3400c5734ea9a559fdbe342149070031c65274ddb197b86bcfb1629ffd4e05951f9e7f39a925c61a0a1d0d22a8a19d13a2d6ee7842603cfeb50dcfa89d593af7

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 04:56

Reported

2024-02-12 05:01

Platform

win10-20231220-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521875814098836" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5abbf1ce6f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f89209cf6f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 94d2a7ce6f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 14ceb9d56f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ef32c9ce6f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 005e1ae36f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 4928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 2620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 2620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 2620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 2620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 2620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 3864 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 5360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4964 wrote to memory of 5360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3148 wrote to memory of 5596 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5596 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5704 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5704 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5596 wrote to memory of 5712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5596 wrote to memory of 5712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5704 wrote to memory of 5724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5704 wrote to memory of 5724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3148 wrote to memory of 5812 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3148 wrote to memory of 5812 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5736 wrote to memory of 5816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5736 wrote to memory of 5816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5812 wrote to memory of 5860 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3148 wrote to memory of 5904 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3148 wrote to memory of 5904 N/A C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5904 wrote to memory of 5956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe

"C:\Users\Admin\AppData\Local\Temp\5ef91601d3c25061f33864fb81a0ca6a14767b7d5be7c442e323ecaccd2b77fe.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffaf1bf9758,0x7ffaf1bf9768,0x7ffaf1bf9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x60,0xd4,0x7ffaf1bf9758,0x7ffaf1bf9768,0x7ffaf1bf9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffaf1bf9758,0x7ffaf1bf9768,0x7ffaf1bf9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.0.718850388\858245293" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b4c225a-ebed-4cc1-b708-4e7d4d6bf037} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 1776 1ed169d7858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.1.1912268976\939828303" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4d057a7-75bf-44ac-85ef-d2630d4ca0f9} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 2160 1ed044e0558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.2.950757165\430041328" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41f43575-191c-4983-a5c2-fc69303a9cfb} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 2872 1ed1a8dc558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.3.1004901855\1163401519" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {205c7e38-c2cb-4b6c-b883-dd78bf42379e} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 3492 1ed04462b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.4.2020588106\569458754" -childID 3 -isForBrowser -prefsHandle 4676 -prefMapHandle 4712 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {694ba8a5-ba54-4ede-a8d2-567a8ce76e8a} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 4632 1ed1d37a058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.7.1436394988\182794735" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9a76d4-611b-4625-bd09-4125c3df0c79} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5384 1ed1c67d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.6.1861301565\871009078" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b5f85d-dc5b-4467-8c91-6d7e0edf1142} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 4676 1ed1c67d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3960 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1728,i,12461785997183223669,2511249204997617112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1728,i,12461785997183223669,2511249204997617112,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.5.996156019\842441518" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22423ee1-3f36-4b28-8ce6-fac5b3340729} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5000 1ed1c67c058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3716 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1864,i,14832725604344833280,3374966069422128343,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1864,i,14832725604344833280,3374966069422128343,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4724 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.8.544587514\1558063043" -childID 7 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d4e1d1e-77a7-4c3d-a713-1cbc7428227c} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 4632 1ed1dc68358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.9.1119369386\429090285" -childID 8 -isForBrowser -prefsHandle 5776 -prefMapHandle 5772 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {522c300a-5bc1-4340-ad6e-0af2773defc5} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 5692 1ed1dc67d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.10.1123527836\1648455519" -parentBuildID 20221007134813 -prefsHandle 6036 -prefMapHandle 6068 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac712e19-ab00-4d7e-be4a-32029d16cc10} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 6080 1ed1ee4c858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.11.1149478714\42316941" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6080 -prefMapHandle 6104 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {644e76dd-38d3-44b5-b7b1-2de68bef6f37} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 6212 1ed1ae88258 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3020 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5860.12.1515943548\83142040" -childID 9 -isForBrowser -prefsHandle 6572 -prefMapHandle 6568 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {446536fb-e0a3-4f43-967d-128ed499d2d9} 5860 "\\.\pipe\gecko-crash-server-pipe.5860" 6580 1ed1da87658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1944,i,8769266527579457243,8841321731945533208,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 static.licdn.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-q4flrnes.googlevideo.com udp
US 173.194.191.168:443 rr3---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4flrnes.googlevideo.com udp
US 173.194.191.168:443 rr3.sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4flrnes.googlevideo.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr3---sn-q4flrnes.googlevideo.com udp
US 173.194.191.168:443 rr3---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.168:443 rr3---sn-q4flrnes.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 168.191.194.173.in-addr.arpa udp
US 173.194.191.168:443 rr3---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.168:443 rr3---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
N/A 127.0.0.1:51041 tcp
N/A 127.0.0.1:51081 tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
JP 172.217.161.67:443 beacons2.gvt2.com tcp
JP 172.217.161.67:443 beacons2.gvt2.com tcp
JP 172.217.161.67:443 beacons2.gvt2.com udp
US 8.8.8.8:53 67.161.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 e2c33.gcp.gvt2.com udp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
US 8.8.8.8:53 143.86.213.35.in-addr.arpa udp

Files

memory/512-0-0x0000020888720000-0x0000020888730000-memory.dmp

memory/512-16-0x0000020888F80000-0x0000020888F90000-memory.dmp

memory/512-35-0x00000208888F0000-0x00000208888F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 411f774d068eaee0e60933a1e89da9be
SHA1 d644d3f4f0b5cb3fa9b423a84d4f5578cdc67350
SHA256 0e8acc33ee490cb80077d30b6768b813f138adc9ef05d38421e61ec72043abd5
SHA512 0212a10db541e144aa7f8b5384a310c9f86cb8e7d2c36f0aad071f31fc388114aa56b006a2df3f8d11f4962ee999c3c7a7f8927b95ea5f9c7852cfaaa3d65ac3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 76479bee4a693b67f6617b91b695da4d
SHA1 952d2e98b6f5439ecf12fc56ee82abbd83d3a89a
SHA256 a5deaa7fad70849e84ec720707957af8aae29e6cf97855f1fe3929c1eb4980d8
SHA512 2cf260eb8b359f70e45a984568b2ea9678bc14ad7d6d808c0cad372bb9589849c89e7fb757042873aa20b4edfc2d6583452ed4bbee6cdb81e4cee88385e7f98f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 70cb9f39b0688fdf60ab6c485e9b4b70
SHA1 0d71dcd976e473bd9a2e01c49d797d2f315af3c5
SHA256 facb738054e553374d16cca6c5db05b26b6dea6675d1365d51095dd2995fb66f
SHA512 afb4e0d2edf165cb7fff02dd012913e88a13145eeada978daa2aab7367c8625b2978b973bdd5574c7dcab693b6c0a2a8d4419f4be44abcf017dc8acd8b7b9874

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9b3efaccdc6e88f78a3df36eeb2b5547
SHA1 de443d3fbaf3c727665fc091c19c374eee0d9ab9
SHA256 ced51fd5a703b794d59b81b31a598443880cb47fba3c157ba36613019021cfae
SHA512 00f0493706f24ed671ae45d7ba29b248e8cb93f8331a266e95c6ea76f7ae383d1db65b06095655c5b326389f04e793d95e11386954fdff3aaa8a91cb45334067

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M3VM1H38.cookie

MD5 bb6babacfb97ce2ee3e839f5e27a4eeb
SHA1 6233b3e653aefb4340c4ed5cc5245df2bf81a762
SHA256 35e34315b511000aea7563228d08f0a0caea47d00ed9d433ab6a8abd2df49fd2
SHA512 144ec4468403dad8d24234880ebc6a214ee3e6dcfaaeacb26919c8adfaa372f90e81b789755ff27c7cba0aed41960320299e66beb9fd33c135754daed32d3ee2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\57UIZMAX.cookie

MD5 a2368d214e5784a2ccd295194be93f48
SHA1 310d2fd91c2fec0f496eb9eb4270135c590c5d1b
SHA256 504f1a7820efb8ee903388322cca08fdcbbcfa94fc4c77ccd61a834fbc5393f9
SHA512 54980b1bfc79acc4cbbf7e044662d758834850274f21b5ca03744d1a0bca83f8fc8d8c9f82a00979e7826c00efb149debe8c39837da0c48e98e3b33540ec2c10

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IRU9OL3C.cookie

MD5 c6a0bf45eca944ecc22c2447dd127c6f
SHA1 ebdfb0d659225ac1fb659bea664dc84b700ea63e
SHA256 82f5f9b8534531435a78bb99c5e15e448682d896ca870e233ffb6176ab7eb0d7
SHA512 137d2e57c39cf2307ee02ce9f7de7cc29042b9709a950b04c99f562fccbf7a7516ab6db2b917d32a1eafe4085d469bf6ba3da015c9f517eb875c1cb0a3b4d76a

memory/5048-134-0x0000022E7C440000-0x0000022E7C460000-memory.dmp

memory/5048-158-0x0000022E7BFC0000-0x0000022E7BFE0000-memory.dmp

memory/4928-167-0x0000023FE44F0000-0x0000023FE44F2000-memory.dmp

memory/4928-169-0x0000023FE4710000-0x0000023FE4712000-memory.dmp

memory/4928-171-0x0000023FE47D0000-0x0000023FE47D2000-memory.dmp

memory/4928-178-0x0000023FE48A0000-0x0000023FE48C0000-memory.dmp

memory/4928-211-0x0000023FE5960000-0x0000023FE5962000-memory.dmp

memory/4928-224-0x0000023FE57D0000-0x0000023FE57D2000-memory.dmp

memory/4928-233-0x0000023FE57E0000-0x0000023FE57E2000-memory.dmp

memory/4928-240-0x0000023FE5800000-0x0000023FE5802000-memory.dmp

memory/4928-245-0x0000023FE5860000-0x0000023FE5862000-memory.dmp

memory/4928-249-0x0000023FE58C0000-0x0000023FE58C2000-memory.dmp

memory/3864-285-0x00000242727C0000-0x00000242728C0000-memory.dmp

memory/2620-338-0x000001AE44E00000-0x000001AE44F00000-memory.dmp

memory/2620-334-0x000001AE447D0000-0x000001AE447F0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 76296083b3947848d837634822d8ba98
SHA1 6572842a916a727615691237a9422425f7fb338a
SHA256 a16a2e6c5d19043483382c2180f7e16706b839b46007f4945f234882519ad6e2
SHA512 782ca4cedaa3326b7671f0568be2d5067c6a5621ea08c36108e2662d58f1dd8d3eaf489aa6aaa8fa4ca7d2118d8261a763cf79fcf494253203dff1f5b6378705

memory/4928-403-0x0000023FE8FA0000-0x0000023FE8FC0000-memory.dmp

memory/4928-407-0x0000023FE9320000-0x0000023FE9340000-memory.dmp

memory/4928-408-0x0000023FE9340000-0x0000023FE9360000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GIGQQ6NL.cookie

MD5 4736c58f2138acee297067d205d68cf3
SHA1 b83856991a69d87dd90a623b84bf5c653d824800
SHA256 debe1098b870ab49c86e23006ed3d4072d9b901d2b767831fea54407953095c3
SHA512 9a195bda67e00a427b7946a0462110c2e1c0b874cc46daac3b09fec0a8ddca90d1d9a90e434fad01c54feda31d3150e3d11730a17d6bc63ec928873517474f1c

memory/2620-504-0x000001AE44A40000-0x000001AE44A42000-memory.dmp

memory/2620-514-0x000001AF458C0000-0x000001AF458C2000-memory.dmp

memory/2620-518-0x000001AF458D0000-0x000001AF458D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 03de794a938193bf53de7215c47eb494
SHA1 a5a7540cdf99629b5dab0a39456dffb6df272af0
SHA256 b4e64e91c1727daf4d654508269a656ea598a950d1e23ed487a3ac8bc239f655
SHA512 1091035098b8e34400508d02102ccd4e294b92718a970311a037fb55f94ed52df699333e79b68fe8a9fe98e73e2f00b0286cd3d03878ad474684bca1ee16c971

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fc252b41d7d4f6173d0e1e1f0f833f9b
SHA1 75b0a522adc2914109f2af16f9a69530641b369b
SHA256 fc689dcb884c5c86381d878b924da28d2d9a8dd71111fb72f66e3b49d99c17d8
SHA512 806b3eab3bb6a96caee9c45de12dcff0ae06b33d56303dc23574bfa83e0448f8b26b243ba39020445add1dc72bf388e7066bf817b84254177f8fd53ece6e3aaf

memory/3864-531-0x00000242729A0000-0x0000024272AA0000-memory.dmp

memory/3864-535-0x0000024271BE0000-0x0000024271C00000-memory.dmp

memory/3864-551-0x00000242729A0000-0x0000024272AA0000-memory.dmp

memory/4928-592-0x0000023FD3B50000-0x0000023FD3B60000-memory.dmp

memory/4928-593-0x0000023FD3B50000-0x0000023FD3B60000-memory.dmp

memory/4928-594-0x0000023FD3B50000-0x0000023FD3B60000-memory.dmp

memory/4928-595-0x0000023FD3B50000-0x0000023FD3B60000-memory.dmp

memory/4928-599-0x0000023FD3B50000-0x0000023FD3B60000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\BBNS6VSW\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\D4A912WW\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 de5ef9c86483f0a5eea5826fde4824d2
SHA1 f5c2436964d199e29427a193f82f54ab112b76aa
SHA256 4b3b8eb73fb20839733b05a0ce5ddd3f83af4d5e747085ee5f1d43f9f1aa585a
SHA512 283b847c17295b97a820210d5951f42ff4a383ccc6522f63975d77d5c92f203df5a39dfd335a256afb56aae8bd4786e43219cd234e07aec85178d83a3c94adb4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6YA3RHHV\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\m5xf0i3\imagestore.dat

MD5 cd3970a4407dd3b6c4f5f7a64415b49a
SHA1 1a1f14046b3563254ffc299c8860a195cba75982
SHA256 f4de61f5cdd9e7381c4565e0f345a1ec5a0a528837d1064f1b80d07ce3a94a88
SHA512 d80761ee9b2ff61e7846a10515ba334df5223b07637dd43b2d562de3892438cfd1209e9b65aa2db788d1e11eab6e7c3924d6ab00a68a58c2e12d7d21ed8a5388

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CHM4TS3Q\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V71Z2XTY.cookie

MD5 2f8fe1af6e4361e344e7eed5c1428316
SHA1 cbd316b3429d2545196b4fab878d1e704f70c507
SHA256 137b7066cd110e6f43cb222a545de2a7a962360e7296512e0eeab39bff837493
SHA512 5ba183ba476453a6ccc1eff3e967914b03b42b8380eac6b7699f1010fb8befd8a3569745b7d3bba3a9c146a672096c4199d72080958fe0b9c2a6d9e2e216c7b5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NQ9LHTTR\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NQ9LHTTR\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MMGVCORX\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\42GGKNKP\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\42GGKNKP\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\42GGKNKP\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CYOS0MGC\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MMGVCORX\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 c6abf2dfc35bf84fb004f4f75418f1ef
SHA1 4c4e1a2d8bbc40bb77af027f1d0b84efbc82d0d9
SHA256 cfe5ad3f6da5b1b3aef7dea6c4acddb213e2149a22985265bd0c54599837f581
SHA512 f5f35ed06f60395e223c56582f27fc2adff55945da2d4b7fe10525b46fdbbfec84f50eb81552c655972286b10a9546fe811f6b335b92ed8a4a73b3fdfde8ea81

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CYOS0MGC\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MMGVCORX\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CYOS0MGC\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CYOS0MGC\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MMGVCORX\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NQ9LHTTR\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CYOS0MGC\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NQ9LHTTR\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2DT9TKD6.cookie

MD5 c807ff1f9d72091dfed0a78443fd1a78
SHA1 e132e4e21f42ef55dcdea5d991a0e1599cb89ec0
SHA256 2a1089db6fc399a4431a0b1f2ce6685af85c25c6beffa63d6727fd8513a48bfb
SHA512 6a205fab179aca6948181b965b384082c9071698939bb6d76505ee8dbe304814557dfdfb478e19c3707a237fbc39469c0282c839bc325bf83fcb96e53ece9b5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\6d005fdf-7bfc-4a55-ad5e-ae8557e9db90

MD5 9193f294aa323e0fb3ff02c6c5abd14f
SHA1 28f2b4021f52c20bad9a553dba1ab0971bc33b7a
SHA256 3c1f4ae9bf32f22a1a5407dfb8fbeb6889549b5f5ba274b3e1a3d6d06518ced4
SHA512 fd61d85cd54e88d58bea3d3cb0b11f13e83220214061a8c39602b65091b6dd21daea2d6148fdfdc75952e607c4d18562de269f4e0b444d6f71450e701abaa310

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\00433825-8dbc-414d-a96e-55c494c3ca06

MD5 88e2636415e41ec11180c9dd38d5a3f3
SHA1 1bdfe237a214d66c5479b6f6979563df2c5702c0
SHA256 8e1b68a140bf89083a9b834342be5f02df5abc8bf3facd84f254320e1e762b05
SHA512 ead0666cf92e8838d49fb2437b52af2ab709b8f3618521ca7eef86778f3effe5213eec68874d197d40cd11f3a042f9a19ed7072aa03f81ed4c5512c7349e072f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

MD5 2e87c13e2b8db7d4231d286236784fc4
SHA1 b0bde7f9b4f57cb6741b07156d05390a0ef70575
SHA256 4cc7a5b81f879387e9bf2e584d1573040d9b5f80373a06ae58540a60cfcf2cdf
SHA512 1e59101fcfd4ff3627f7426b68842ab5194746784ae62375be55a821d757c5f27e1c2a63df1fadaea9b9aea57fee52fbdfa6d66de7ecc62cb1927cce8d60ffbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 9a3a751aa6fcae074d33f2ee29532e42
SHA1 f23406a158de800055451a24654ece14398e0d06
SHA256 fd8dd512396d515bc689c996c44bb7bf82a0420245e30cf6177a40e6590431c4
SHA512 47cc3200dcf8fe75873c792287024b036120c1f61da6f5f076d3cafd415418232ab168545ad4f239bdb1597f307b59ee8a19f883442bdebf5fd6619b208a9661

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 b5028649e0931db63fd010ec89cecba2
SHA1 b9dc6d3db4d2c4898feb55c2ae59628a412f5ff2
SHA256 e42a666618bbce8ea16079991f938b53abf549ef2774c02aaf8fc5c01ddf35c7
SHA512 cf70fb3b061d879d2e525fb3352b5b8735666c18b707a456007638a544ed193ed255f91446c1b081c1ee04c880336c6f434bab753eaed965fa74cb4cfcf2da9a

\??\pipe\crashpad_5596_OKCZXKNCIJUBAVXJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c1126a260183ba44b03741c0d145a74
SHA1 d694e110e3c45d16fed9ff9c760ba80ea6d94dcf
SHA256 f928b6c2e9a972c74214e28021ba09b9bf45a949e7b7df866c4db996dd53a835
SHA512 28b60b68152975542824ebead545e12b5bfec65d5747ea70bf4b312cbce98fd6f01f229cf04cbf032653f605fcbcbd882bbe9cdaee330c7fbd9367d55144c99e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 659aadfcf250f2b61369923ba38c38bb
SHA1 6e99deef4e4cc94f5d4bb24ee5bf34295ba6412e
SHA256 e648de5a52b0750e7e8dffb9ddf3f1afb98cacee84532db2efa41fc6b7d99adb
SHA512 6bf0697516a0c4327eb47ab97e901bd1435534357c99832903a951e0e7643ca667e814aec74b9415baf26ec1fa78f3e086e44391173c19e79c3ea3bec2aadad4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1613837052a35b67617be687f48c5f22
SHA1 acf2e8fd6c757f34ff76a952bc556dc04cd4fcb4
SHA256 92e06fb11b930bfdebb7557e7e800efa0d099d74b38fc244cc4bafb5c83fb467
SHA512 95c00cc0ceb9d03d93125a1fd053a1caa7c9709a950b9d85a5f7206db543e1b3c23782baa44f3f9b8fd6e66aefa9943280bf911c2a02dc512ba397074c465fdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 92af338857bf648af360cd9c74f98752
SHA1 36274913f9b23ca2d6dcb57b907f8751f6331843
SHA256 8cac4e05a833e7d67b064a8f9326883467c98b95a6337c66a819fa8d5725c5dc
SHA512 75d9e8f1a2e3bd82a028ca7ebdfb296c52fc5eee58551afda1d163861516e2881278f3225b3907ec1db7d1c9105a31d65c3129c7ef4f533c5a4ecc3d00af20cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{51588b77-4397-4463-b735-5985eedb9375}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\idb\2901040233yCt7-%iCt7-%rae0s0p7o.sqlite

MD5 bd00a3a0b174e7cdcce63028bc38afec
SHA1 4a28c5c36ab498e5aceba6c0356371cd4bba0d6c
SHA256 6c45c22af7fb89f36ad5c3e00f08ee4b83ce06b44dee569ed10caa26e147ed41
SHA512 9b3e3d9069da871bfb67f326869402e8f54c02af2de8b294e2b0b5c3674472a63d7234796b27b930a5c946125165b7e8213283c6f4d771b645d3fc2b344b9759

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c301a902732e8f9a9f07292a03ef7a9
SHA1 24f53d5bba3b731159d82e08761882f4b0a52258
SHA256 0f3a85c4d1028d7e043d47bf5e186547e3fa5402165cebafee411f3d1d78769b
SHA512 3df29255973769cc8152e04847d6574c6ad070f34a8ae41e392f0f8ebeec155c550a3454bbaff242ec2d087ddc0b5d55b4ab84eb77089b09744fe6f02d13a5a0

C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 482446d70fbd8eb94568c683cd520afe
SHA1 214dd24bcb3cf376a81092d496e4d939bd622e28
SHA256 de3cbab287fcc627523a3593d60a45fbc5e9d2d8892fbe6bc44ca126c1f455f1
SHA512 4d22e36ee5fbf4a6ca297e24c21fc6f4a43ef525d3166450bc051be530e54f0dfa4f9495d58c439bbb9a0cc5f54ffe1dde1f682707cb8c1bfed4d03384ece0b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 f12b3a91ae265b5be1afe9348ad7143b
SHA1 e45072ebd4fe19a51669dbe68e7dda7cb6e6e440
SHA256 db7a467f88b3162103258d5c1f6eeb7b3c378f0ddddf622d53f2885bf32b9316
SHA512 9fc94037fcca0fb0f0b2d22dc8be6c9438f00ca70f4315668fa0d331480e6dbf4e4f1df7b083085663371b3abf4a964321fc289a3703de8c1fab1347585cf11d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 ab61277279e0c5c84f6052d4734ce700
SHA1 88d56ff5324f2a659f2cab714ce6e6152f8b2683
SHA256 262cd04f51d87d087eae5188fc7f056e567cec930a76d5b45d461cc40628e884
SHA512 ff17f831df5353e8f5b5c5f73cec2e16fe6e842f34e8e2cd13bdcc4050f2159c2bcb6d297edfe2be5c0637a14c165e78cd8afe091dbcccbc9ff0a90bc0a12d7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b011e48b89fe74d9ff639c374b6501bb
SHA1 205cba37f09dd6821a7fb859bbfd70c994353142
SHA256 c36a1b603a7997644277dbb36c0b77342454b5187eb4ee5d0e8ba61d38aeafdc
SHA512 83a6daaca650e432282123ee44547f8e4892de2d685a74ef1c1b33329893ab457045338393aa7f0cf3dc2801c2fe6119a0e8a627d6f4c0bc97c6013ff36c7548

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581aa7.TMP

MD5 2f2f552adf1b7929d4c9ccc3cd092a5f
SHA1 a679a548eda395f2b7567c7adac3b6a46f71a3ad
SHA256 5b60dbda48330aa5c1148636e88182bde85ce0220131380b7bfec35d7a6150c6
SHA512 46ecfcba7b7c89f294b1585743509b445552b1780274a079d8b3792201a8f472b68617bce8a8ba43575330331d795d85b62b50a16affabdef14c396769a53368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 12d2c1aa3373d4423dba07fde8877ac0
SHA1 4c3a72243d50048b7314492807e46bb82a3b313d
SHA256 67e0be4de02efc84dc24a3c87e24ebc6989a6f6c470370d29d9437fb299fc9d0
SHA512 aec4390768302ba1bb59bae371a90555e0bb20985684cc5b409788ba82758eae8a1ea9a3ee10afe1a866030644fcf53be2f3069e020a42f5ed4e2e5f69434499

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ae85c70c074373a7d984c8180553ba9e
SHA1 adbdd96e511ebadc4cacece06437cab08a446ea9
SHA256 5f75c4e262781de026e2e96e30e7deed062449b7ec9c6325419ad4fd4d809521
SHA512 2d418b9680f33760e483ac6c389131be81bc7f715e60c0f570e5881ba22d18321b990441d4f1232c8957234ffca2c48d76b3a01962e80f68850fb7d66ef42fcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d4126c5deb59d6fb7d1195c1cf6ad1b
SHA1 2e4d7b60d1f1b6e4e7e53b3e4422ef0a2d20f552
SHA256 31a584311aeaec4f27aab9905113ec19972fe8c7a9d6b4791b1ca7da731b0742
SHA512 8c2ec167d4e87c0fa10d4ae7aac142dfbf15a50f1d8b16b5241f4788c727913670304431abfa0d1da80ad452a7b9421720ff286b3cce9cbde6c93fe36562c92c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 4727c577d0aecc488ddf69a20e754960
SHA1 66ef6b6e96ad56705e51d24a8ebf0a7b26510336
SHA256 36d2dc339ecee08b6e19e1fdde8908f9410764f8860dab00d4dad41c51f5c682
SHA512 84d623c4a424f5e3cf178dbf3d85ab814b99ff2646c89ba7637025424aa05bfb20a14199d4a0d1a0747b259a206b554bb60bb9e4bf8ecb95b3e1c4b4ff076a21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee76daeee11cf60bd761cbfcdf02971d
SHA1 4ff5a6cbc264697ac97f15a657851d2a1e69c842
SHA256 44e586a980669d518689b3f52f9114be21d2243433eef83ceb0205e93f0819d8
SHA512 03f67b6e5e32637e429c0501a986d0ba0b8b8893e71e33b2688a078f3c8686763edb7cfeb509835d38c9ecae2b9d43e1182e8781dd4d648baa1aaf84cee5f376

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ec63817e7ef31f8f821ef35028c6e80e
SHA1 42e156770aa7a40acb065ca0057d7497f618c26b
SHA256 59128057ceeec1831fb3da753252d16d3b52d99dc502cf28f6a70d4a3a4b6aae
SHA512 7ede3c5fcddf54451dfc50eacc54b43050d9705b323e53123de20ea610ee9b781c9386191524d757e222eee9c4bf992ad881f08bb7edb3a17a7069bf40249f0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586915.TMP

MD5 c556ee61b739e40c660b7c789867cf74
SHA1 054edb27aa944d0c35e1d2f4c2ae24a43a0eaf47
SHA256 eb50e3107635677bf00fc599bba5203094849a2d87c2408204431b228ae4e962
SHA512 375965b7b90944ed638aab62b69789fb300d7610b8eec42409a925204b8d195a430a0aac8878040968252948f0e7752a2bb7629fdb4d5f49a4974cccd575b2ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b466267c3d2322ecd6605cf1cda3c2ee
SHA1 e0ad592733e4f5e4c930f00a4b07447dc2df7008
SHA256 92207d93cf10c01f22946e6f237505450ef68f4b71feccc58f94283cfbf2cf9b
SHA512 d550ff8c495ff0a98ab772ab76bd18c8d6965f82ad40ee5f3b8955e8f0eca411314ebd6cf9d83b9ee3b6edd6f39b8dcd82b2d26e189dae8bfd5b27d3d8ba0706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03743d9ccdde60e6e29b5715be9c6130
SHA1 3930638b10c1939e1c3f4f04c0dea6efdf7aa28d
SHA256 d166d215ef6660c278fa97e4b686dd31820e0631b442c53908c42ea2083a9ada
SHA512 c391aea48e622d869164230227bebb341afa685b613ca146e8f81246fbfcfb86c0458ad85d1fd05f3d59ae450e77510dea5d12730d52a12bb99eaef4d3f95ab2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5WY45JWE\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 0515c3558be625e06dde778ac09d8c3d
SHA1 35b0859a7fb459cfefa6a04b31f114dbcfe194d2
SHA256 bda7198d3ef23daaeb6fdbdec4f93a5e2532c2182c619205d688d5038152ca90
SHA512 cb39312de1ec3312a6ee0cce2987c050abd3cd158cfc3245180a4d164219ed5da1683acf5d6411e062870d939ee00587a3ca97559348997afb3cf2411f5a9cb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 809a667800e7aa2e76e44f45477cd83d
SHA1 181f01859e1a09673ee545bc32c6a5ed91bdf0ba
SHA256 dbc1db8cd2db47708bb24498c0f8157e5a6bf77cea343efb2965b24e2d6ef706
SHA512 556445dd5dfa396a148bb98ac4071034a95b26c8b89cdb43e1d4f5843b78d0838c9b830afdd87e513337283952f0c0c37fec47e5b70a9817477ba36803073d4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 83e440374b4468f314fbaf78cb8764d4
SHA1 2f63f3d6da045c634a4d18b2fe28c27a452ac9b5
SHA256 1dc9708b769dc6cc6ebdea139f811e1f06b39824729d631b568c18a54823a2ed
SHA512 2551330685dbb1427f10d5312a9bec498c2d248256c45b7d0075a458094773bd3112a62aa65185e46e3964cda1eab819923062bbe8f2ce0c9950fc16e7d15b5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 681d37686dd2751fc4b711d4aa0630a2
SHA1 e394543ffc2fa46a6cb3b5a1e9effa34ea714607
SHA256 5bf479c2420d836ae949dd29c17875a579b647b832e4a2887e124beb1bb4d892
SHA512 aecda5289442a89cd338964c2fcca16aaeddea731483298dc61cda6c10aa86e1a92cb591ecd2ff8cdef31f6c64e4eb440044e4fb42a98e2df976c1a256af71cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 753c6ae3d3ba3933c206f8cfc6064837
SHA1 dc6a7e97c033d03a5ebf4c84114bd5eaf2809b57
SHA256 c39a660e01c33dc41cf5b4bd0391d5548cb666e9345f49d075745e221a52a1b2
SHA512 32d69c20d233cde27bbc2f7688bd91e00936771cfa147808be954f1da894bc09fd01612b41baa326cd4112c482bcdcc40f0ee0b03270d334feff0ae36c70efde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 271b9c79dacd16129fa10b1f511c21f4
SHA1 70bcac5c81e658a8896cb8563e0faf5a25dc5406
SHA256 d8dc062e58decd64a94f6263ceb207d2438c238c90c40ad6b520fb8f30b3be9d
SHA512 44394ec4f4310dd36b8c4e97ebb3bd56762364b0c777eb8dda7f3740be1864b647b24f9cb38760c752f9d1ea3906afc73032d50f0aaadf7fb14075b8b592b06d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 caf339d115fa8a28a3df12535fdb5973
SHA1 c70b0da1346c7d6970d274cc4343a197e40af492
SHA256 b42c25ac36ba574daf15d0862478a1094904200e8066a58e4bf243be7408e9db
SHA512 2a5604f4564ba6e451f96ec14c891174a967e43d6b6e7fa3c832b98ea92af6b15734bd08a60b35348e1256f4314fde18ced68782581ecd2e4061715c1d5eb1f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f9c4418959b2c08e9b66a7d9c6b4b9a2
SHA1 4d135a15d41631951a1a1afbf9fa54f51c1b76ce
SHA256 e21eab3a06dfe0df481b044f295b957f8f5d9eb93aa026cc45854db310255a80
SHA512 a63535fc4bf341eecdfb2379506ddc3130ac18ea86d64d1267b5f22191bdd005e22862205c109116fefa9b4d4e03b23f52b98a2c8e246f68221c34fc547a28f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 aa6cd3c9995379c49776d04a954a7e28
SHA1 ca4ddde56145c6e73be06af97405c97d3fc8272f
SHA256 922a9a47cf3b4b52e11c238d1324169cff2d918d7375412ab722ca27f11e9ee3
SHA512 e3d66ee1740f02a65222f43797182a61e86efe280a7793febd59131b241b70710514b5ed1efb552827581f0c2b5d31e652932069ab7505f1b59c407e6b3a01f3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 f73db99ee40bafebcb2d2f8d43cd4da0
SHA1 51f5580ac8c207d77007e17205684e1bbff62fbd
SHA256 57c92b5493b980df16477bddb7178c377de536b1ad5db697331033fe98cd0296
SHA512 abbe7e7f8a14c1ad764443b22a5fbffed626c69d9f6df6b6c6176120ddc8a0ed5e97185bc857d57f3be03b2e7e6fd913ab2f2b44dda1e2f6285177de1fd1c49e