Malware Analysis Report

2024-11-16 15:56

Sample ID 240212-fnwy4aeb83
Target 985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c
SHA256 985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c

Threat Level: Known bad

The file 985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies registry class

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:01

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:01

Reported

2024-02-12 05:06

Platform

win7-20231215-en

Max time kernel

76s

Max time network

291s

Command Line

"C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D431D931-C963-11EE-B2C4-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413875977" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000e781721ceeb3d0c5702ea0221f3e9fe8dd9e97894533ffd073e49d1d639dcb59000000000e8000000002000020000000d60de103e95a1b5aaf30f97c44e05b916b7da63b2b639eac1aea439f3860495290000000d1e01107fa1d01995aae600b41ffd20d1c1a4c48e458477d27e705b275d3f9f8b5eeeafc0141f993845660551f55d9715335202a421a03feb02bf9cc53450e0cd055372c63a0142ed09dde0cc841ba342733686804758c2661ba562aaf19d766befb8a811488006972279cd4b06d9240ea819b45892e72b9e8884db32e6b5eae0e6fa5997d13dc5bef101d4ab008794d400000001fcad6a32dc0d87af2a43d9971a0eb424eb1f34023ea10e9617a53305abd65a92ea7658672f290f437b0f655d6fdb466243b64ce00aa046ce84fed5c69257aaa C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0317ca9705dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000003df69890b388e8a8becd7a4845426880f473baefd5315629f5d2d4752a3be4f000000000e80000000020000200000007bd3751277f0560117670ebce3d3dace15b9b30b84ddbc9f0b5093f67dd9dec72000000089b0aee0d398bd7edfccc19c48ba9935e994902dcfc312598d4b6cee0c02b6e4400000009f4674c7139fefc8d14c8666790aebee5e99ec2e9ee4a06ff465129cdc3b367bf41e869dc12b0b1f6841ed79217cf913c96d8ff353115b54c59bff3468e7c62f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2612 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2612 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2716 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2968 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2612 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 2176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 2176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 2176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2480 wrote to memory of 1528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 1528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 1528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 1468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe

"C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.0.1276677085\114284513" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e1fc29-52ef-491a-bdbb-5f056f60932a} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 1288 fedab58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.1.1281114783\2135418727" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c307321-7f52-4ed6-a5e5-9e021d853583} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 1500 43eb258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1280,i,14605013562002839941,6371874309290283165,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1280,i,14605013562002839941,6371874309290283165,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.2.1858850645\807532134" -childID 1 -isForBrowser -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dec5f61-b1e6-43d1-b574-2c614c426b3c} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 2184 19cc1b58 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2596 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1228,i,11044335978648254104,17264032079191693344,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2808 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1228,i,11044335978648254104,17264032079191693344,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3200 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3512 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.3.175502848\553255300" -childID 2 -isForBrowser -prefsHandle 2760 -prefMapHandle 2756 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34993b6c-3956-4839-9c6e-087d6b487bcb} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 2772 e60658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.4.1323902290\809435759" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3664 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6918f36-c39b-4c90-8bf7-e32980d80513} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3680 1e50df58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.6.962412667\1126593665" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2cb2653-f997-4b9e-824e-2f3ffe278d46} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3940 1e50d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.5.1752679116\1443318957" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {354ef22f-26dd-4147-94e0-0d06b97b7e2d} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3776 1e50b558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1608 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.7.668561462\896308792" -childID 6 -isForBrowser -prefsHandle 4272 -prefMapHandle 4268 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c273e2d8-dc14-49d6-bf6c-9512f6ae33c7} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4284 21322a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.8.1706501211\1766572828" -childID 7 -isForBrowser -prefsHandle 4268 -prefMapHandle 4312 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbe0d33d-2a9e-4e60-9773-816de430caf0} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4384 22255e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.9.1067057067\1962635460" -childID 8 -isForBrowser -prefsHandle 4564 -prefMapHandle 4568 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f36cd869-8510-4366-b80c-066e807b490c} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4552 22258858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.10.1343322824\880316652" -parentBuildID 20221007134813 -prefsHandle 4480 -prefMapHandle 4588 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f57a906-8c40-45be-8c76-8cc918caadf0} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4728 22775c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.11.1868462404\1207375301" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {051c68e5-0ef9-49a1-9861-e252a1abee37} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4936 21324258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.12.1416845930\527151723" -childID 9 -isForBrowser -prefsHandle 3516 -prefMapHandle 3504 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a19299-b63a-41e3-b3ce-93f11395af0c} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5200 1ff29358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4288 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1284,i,12548267566802762294,13149686002822756227,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:50192 tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4flrne6.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-q4flrne6.googlevideo.com udp
N/A 127.0.0.1:50220 tcp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-q4flrne6.googlevideo.com udp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.234:443 rr5---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2612-0-0x0000000000610000-0x0000000000611000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4341381-C963-11EE-B2C4-F6BE0C79E4FA}.dat

MD5 55291fb73abeabc25300208ebaadb736
SHA1 10c6f86b9f99b06548ddb1437d8e90ad689d2684
SHA256 83a5f4f1d1a19d5ec0bfc0610178fcb36a55ee83cd138dd5a290ddf04a287569
SHA512 2f3c8b764ac517dd910cc8cbc78b3c8d8bf4a6938d253dbc0396819571f91800fd44f5453ee00ac2e2a5b95f20f54589bfa3a002462449390bf2fb011daa3126

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D431D931-C963-11EE-B2C4-F6BE0C79E4FA}.dat

MD5 273c30fc6da75c8ffd3338862902b762
SHA1 bef59f5686c7c90c017ae3e6bb742ea142cba4eb
SHA256 a757ea9e1e5752882d0ecde65fb50935f76bbc5327afb5c0912d8a94c10a3742
SHA512 80992f231da317395d1d7641275c8214f7ce86727e807601f86714359161f9d311e23ea29bd3642e3084a82e7d704753ff2bbe2e4adf23e82dee209e88dfad35

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D431B221-C963-11EE-B2C4-F6BE0C79E4FA}.dat

MD5 ca90673bcfd6e0ff50bd54141369b524
SHA1 3f990809cbfd5431250b2edc6e0396ab7a58fecf
SHA256 0f60b06f130bea0b99a36045ac653354369687b86adcf2fda2a13383fb18178c
SHA512 1f91a397eb7c26dcb45157f9a1f6081d0456462ad2773acf33aee80b2d3db0835e7b155105a40c00d29279fff956dcb93263fee46dbdf5f89037ec41bae99fba

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4341381-C963-11EE-B2C4-F6BE0C79E4FA}.dat

MD5 1def2092635c3cdf1819e7fae6465df0
SHA1 5384d04a510110e5467cf8beff26dbd7f1226626
SHA256 8abdb6abaab4a39be3ae8213ba5a9cc5006e619275da284ded03d89bb9e46d04
SHA512 7b04d574bef713efed3fb8460af938a82eac64fa4cad8f287871307d727fa0df7e968423ed342b0b18acd7b2a621709426be5d391b9902e4f9eb1f88df3628f8

C:\Users\Admin\AppData\Local\Temp\Tar2706.tmp

MD5 185faf2b7dd47068fd4fa428e87928ac
SHA1 1056afffc6563007d0cbd01b9c72a9510019aa9b
SHA256 28725324318529acdf7437db02f239edc4184bb8a80388a9fc718a89e5b3df98
SHA512 f64783470ab7ad6a99aeb196f8ae447be40c3eb12898a632a5903a88754d5f0e8a1ff22abfde08d4ebb650782dc8d408bad6d67b1ffbd5cf9cd47f0a8f48125c

C:\Users\Admin\AppData\Local\Temp\Cab26F1.tmp

MD5 dc38d629e51926a750b443772d7c8c65
SHA1 2868765523e76b2e6706f18ecb665f4631a00d00
SHA256 21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883
SHA512 beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ec7c726f155deb1d4b2cdd76760e87c
SHA1 c32c3d6a7347fcedd14e1bd1a9bd94fae3f938c5
SHA256 e9ce38ec1e5faa8e472050763af7826a346eb652b5de3d42a917c2ca6467dfe0
SHA512 11c393cd56a55c332510aab383559b18d735905fd9ffa5bef70ca3bacf6aba44f1a551e92b6bff8ed38ee048b126bb1e592c7a104bb52c4d1d3cb1c1ec3c0f7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1f37e23ddef6fa9665c5ae96e3bd3daa
SHA1 13d048f0796e768ff22fa494351278c17eb7f1f8
SHA256 89a23a177c7c369b1c1c2087ebaf8dcbda934653ac0bc81a3752f7ce8874d6c2
SHA512 1046333fbb50d3550198a95f1398b3f1f9ed906f3a0b5327b0bcdf8f0a541680c6333b7eac24dc6daf3c5b3bd857b8a6828d9fca431688f25081f998c55bdd75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2a863187f4b5da50331a7e03621a50c
SHA1 37aa1a76dae1e5f20ceda258d04599394e4f06cc
SHA256 cd88941e5deb6d55973d95d854d194227137ba74284e6673e19f0850b97983d2
SHA512 e21577bd886f840f7c0e7ab56eeae1351ff19d520cdd12153036670b23c78e9821f00dc3321ab7a221b25f29c623a7071061b9a573114516c8783d94c645b2a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bc1c702d64a3c0dc8276c6630a0cc8e
SHA1 e993f01b7a74034a4c18e4093d8edf13dbbd35a3
SHA256 972bdb4caa95a4ca16d9aa9d4c38dee75e96e6354a7d58b48160fdcf22f0d3d5
SHA512 59ee5a1302a915596e0a299c18beffada84f4d5b7d61a6c78b1f0f5fa7db879c2de4ce8a916d0bece5ee97f320a0a0ec99ac47aaac1d734380813415fef77bb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 aadccbe1a63357823b995d8eb8c12f32
SHA1 97733c82eee1519bf3e9533cf3af85c2bf146824
SHA256 b5ba8553109f2b2ecd7500487d96f020bd3de3797f5a17cc34333e912b0b86ae
SHA512 acd767ac82165d3f4fa075e20fd6e4ea3a61c4f64db87c33491d5706d56b56ade8588116a7eec229c03b8688f752e8a63bb23b22d2f68acee3a398ff42b991b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fe6621bb799acede104f30641b5731e1
SHA1 5f0284b380546fe9f98f68472b0e71a5e81572f3
SHA256 3e8ff2f65222bbbb380e43f1f878b05fb92c58fb90d73aa27abae0b427ecf69e
SHA512 2a805e90f8bc484b01d3805e61c829448936c68ba7dd79fb1343ba06326d90e6d889a0f51274c28b9319a1a220774b876f8be0d0552ceafabdc09f4d0fde23ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 5f92341380f91c1cf8c258f2615e5fd7
SHA1 96f68320beae07e22fc78cb2566173137af7d76a
SHA256 24012a5597cf7e6da58c1c230da684105cac8629c1a8d27cffa396b6da3d09af
SHA512 455fc6529a30416f0af55cef98ec686ce2433d760b93373e53875d8cbc068a08a85e6f7a64b749b6524c0340c08212352e8b3a365bafa48c709d48672728070c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 5a2d6348f739ccdc312a0c92f9ef6927
SHA1 5e8d644b9914453007abd81350326476084331b2
SHA256 d8a3cbea081b3fcd29ebb0d4aef4bb95f311d1faabdef707d045a36693beeceb
SHA512 9c462bf1906e6374a2c24ff077b127299a0675e330a820ed973c0e13c3b21cae58a8a235a46c4f5aa55a0fac67fb0757e4bf2f992f4a298c6bf923b63d927fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 085325871a520cdaf3efaed3990c8a02
SHA1 37587bec46b681a5b2aa56a569bf8c3137043e14
SHA256 0ab22b52eaba6d1e255a5012e5d92927a34c08ea81d8cebbae688bcb715aac57
SHA512 ed7685e801f3d38c2b331e34a53bdb051763a9a0b55b3996b9b4dafbca756fc5d931726afe8e5de5a0243b30d4c6323fe42020ce35617ed8493d9b387056b002

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 4e30bba324ffee4509baa71e565d2cc4
SHA1 749d9ac6b02dff4792053766e5302a86f5da2216
SHA256 a8c265acdc2fbe6666a9bebbde4ce5639bef6ae2a95812b534aa2cef27858370
SHA512 72f0d9510630c8c0647bbc5471c57cf4ed4b2022bd8356ffbd772340cce01c80f4c9ca7f5f16fc516a84856f73106a2a3b0ebcb3a9f9a3d47ded282b2565e5b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 76651acd58ab058fbd79e2f22675e7ce
SHA1 ff82adf12cf9310da1a3c20e766b1449c36296bc
SHA256 e857ea4bd3e13f47690ecf2606609a6d926d10178300133e00980de1955db18a
SHA512 91077915bff7e6b926ad18d90141f6911bf1822f0c5ace8e62954780e91ed63f1e2bbc8c6e3c071808f12ec9bf5ea2387fd83a396898286c355fe9897e953b5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z43A11QX\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CPZ5FLIX.txt

MD5 7e965a86ce5666e13743ed81619b545c
SHA1 38fc04a30d14920dcb4229e0fd789da5c239f426
SHA256 8b52c1535fec63ce80c4bd7f6dfbce6b09526f95ba64d36af261623078117f77
SHA512 28ddf80ceb722f70b53ac19d3c62573b1d02155de0b23b2f69407be8c66302c32c777accfff60fcc36e0d331a2057527aa32ea6cf1858cb94a31e59d31f2b776

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 62e2eddd3b400cc9edb8316a4ea4bf82
SHA1 9e115098066e34369f07df20c84ce7ae352ec365
SHA256 0752d108f738a5ff5fc1ab34ed6a7a1f0c5c4ca99fa9786b8fcc0421b2d0a1d5
SHA512 bd34e1d528b32486255f0ad1a8b655bafcf7de771276466c72c99675f4d1ae9190e55df9c114c57ad3c22a4c928a0bcdf9aed49bf89d4403541ed84cc136ef74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 463660e27a8cd4b2fc8ca833384f4b35
SHA1 deeb3f718ae279fef5aa7db1233eb53b1912083c
SHA256 abb6cdc6bade3e8aea2581084931cc73bc7c1c220d067ae765438656b66ced3f
SHA512 e1e3e43c8d50905c3d99626d1f8da006846cd6100b0c60362873d1a6a6b0855787e2efc2fa4b72e71c2bf324684efb3be7927c91bdd1146bf1df7b2bfac5b003

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 55868c623b37a69db79e06a721a3cc81
SHA1 c7c23f2f312875dbec6131c24ba49f9de34247b5
SHA256 289b5f81c72430dc3612b0947a197d3fe1c7f7fbe31c14345d9d4144449b75a3
SHA512 9d97e082e7eb39079fcd167e76b5d56d3a5d02c347e82a4e6069c7cca107bc194ea876027ef9897b3698657188da5c871d41f2f684d0d960f85e45a6f15fb3ed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 886c2d09885e6a9f79e6557d11d38fad
SHA1 40f238334618dfff73feea0fb8c587722b57bbe2
SHA256 8cbf815ea2bb6b384d7c5307bb51e60fb1a5fed5a1bff30d27b946a27bf036ef
SHA512 5f3c7167080d7d5bd1ba49d89861e28ddea3c971911c3ba9d60905ec46de102f1254766771a6410b6a87c69a229f7b6f98cdf916f1315a91b499ab8ada7bb5d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c385045ae05e6d0d95c44fdc1ab28cd1
SHA1 8b6affb53f9c165a53e6ea5cb7783661e93e9701
SHA256 90e98516170551f0670f0fb1d6da7e421dfcc7fa8471ce9f7977baa48f413729
SHA512 e174b988b50f2aae81a902d55eb8e01cb27ab9420ca4d332e03394a912499890f7d0eac908c8faa813ce805bfcbccbf4d51a27a5e6f63b61a3b2d5b277f0dd3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9b332242e0181028809e8ba4b70fda7
SHA1 e421851c2ba1fc78b33342eacfa338dcba1bdf3b
SHA256 0237332e6699c3d93e9c0d3ceaa95601a27dd2f41dcab25cd41de174730dc195
SHA512 cd56363712aa4d4d38a4aaa558912a899676ff1d65daac9f60c0748db4269974edef2ab8618352f2bf1b857bd4ee1c30fc27daf3d6f6c66555161094571e41df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c62187de8a92b6680a97a656cadd4ac5
SHA1 ee2eb631fd01aaaf675030578ae257a0dc7bbd67
SHA256 80147d6ac9975c8367025b10d488abae95dc0bcc38bf997689732d0f867f3431
SHA512 aabfea8adb54fbc22c261cbc03fdbb2db0d0bf107f14d2133a2c13c12fe4d70e2d4cfe4e292e23a6fd955281c4d20a326034e5936f095c49e257c2d7162dc024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8739f5628d228c537744b1ab6e18507b
SHA1 4fde07dd153715795f72bc212917ee5a8dcc37e4
SHA256 25c05049dc6d4bb68c0f25bcc07c3542f2cb470d0e6e3f9457b7f0979f40da42
SHA512 7fd7acc862aa2497f872426e39006ceff9d513a4b39957e4d7e7ad5ec008e4ce12e6e1fc3e5c3c7b3091f830890c6663d6e713dfd2202e1f411b98744e092e7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85c3841194c1b8a0a166d9207de81388
SHA1 686de578d464349b3874e2c4e85a9279e35c203f
SHA256 542e701eec5e76a97dc92aa82726b84975af5fe46a11db7ff29b55b6d67764db
SHA512 289361009dc036264af06b7b6c4c14ff39fe5caa4b470acfde0c5fad1e4cea030a8fca33cb0850817082ff204781e3be662f2b870ac1c8971b8e46fd8e3adaa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9c0148b109e4ff33edde2bf844e4cfd
SHA1 368e1f515477ab6d8a067491cc7e8da6b0df3485
SHA256 33a3128347783eec08fb851bc570ee806ed1691f16d74f2f0c6f311bd4024f64
SHA512 8ac1490272e2b9b622d5e6ebfabf4e32448b288806c51ea2f7d9eaa3b4e5cd3bae624b242f797333763a86cf4526641af2278818e9eeb421f626823c943f19c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47543b1bc30bcbac682b6cceaf320996
SHA1 536015d70bd448d7015603c4400884a7cf894e7c
SHA256 c7f9ce87f9b4ac321fc6c531dcc075c88440ade1eece040d15c2fdfd5363eb39
SHA512 c2d6a125ae1d64508adc6904e15eb1cc34a6babd16be19ac8e080a12b7b54cca226bf618948583b61dcfe48a572387690aef03ac040013074c77dfc20845fbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5d321d49c9c86fc0e17036f9c56cb3d
SHA1 83df617b001817a1e44869153a6a31ab130832ee
SHA256 63ce716d0880cd2f5fa1a5d3575ecef213744406e09191733b81f6e282d1cb43
SHA512 64cb93d99f2e1ee3b785ad32e80ccc22c3ac31742a1c0799d8d3a95e3bbbdcfc0c11611916cb3797d9cf5698ec41997d781a2acfe5a001890cd4c8614a148cc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5ad282f80398adad3503ffef5722836
SHA1 998f81202ff8e8da6b69b5c2af1f681341acb35e
SHA256 7a005e0db01fd66cdcfccd19a1973ebe550580909574dc25d25f60a5b352308b
SHA512 b92af0e06458036dc5a61a938c76b3e8dc2e6e237167cb419ade6692e6aa84990f0ec4fcc7d4bda35a66af7a0c71a43b32c75b3b26167b577dfcdad7c7abac62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76dc681a9737e1afc6683fc2a296748e
SHA1 adf6323ac266335a943decf8f754079cc87bee85
SHA256 2bbc04b7995285f87798b0363ba50e62887232ae24db08ad15dd6ebabf25990e
SHA512 07ac322d88f6820be87e9364289608d8a7134e16ced1196cddb61662217190b0a15d716d93db683ced7b49b23abede572d31588e744fc7dc185bae2ce2a37915

memory/2612-880-0x0000000000610000-0x0000000000611000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f47e890b4447a4ffaef3ea52bdcd0bd7
SHA1 9ee3172de76a6579b4392c1d8e2162ce1f6d12b0
SHA256 993cb26ddcb4f560d0192a962cd11edc0298dbc861b5944961acfc587a991565
SHA512 b827ea7d27d114112ea927bafd81f2c2b5b35c17ba1872091c1f0d8f5e46d245dcb45e436b9bcea42a7f8e8ebc5dcdaa56a2620ee51b36d189cbe028a85da9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1564_DYJUDECYNAVQQNRQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\16c629cc-89ba-4466-9f61-e6b796cdf245.tmp

MD5 1f627fb143196702bc39e1bd5f2fef19
SHA1 84a23d305411dd9b4cd9a430dc71b5174a322743
SHA256 1ecb27924e5e6bd6c7df15f7d8d292453f4526ebeb82e71be093779d56547c73
SHA512 e9135e0865297acc06599453e2bb4b001523e4528494b4d3c0814accb884eee188ef6a8db8fe613ab6d8690acee0ec7a411ec70e8ecd0e502fad534b9ed09961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4d8904bc-69bd-4a25-867e-d3823a8a1613.tmp

MD5 5354fca4de1910f536bec5afa45c984c
SHA1 77696d3cbc6b93ea2fcab03553e8f65171baae05
SHA256 9d084bf5a5116a22edb9e7501a78ccdc598ec09ed5fd55005a99215c87245cdd
SHA512 ea0eb5e1f1776dc02588afb61c15e772fbfa0bf0e47f3d6244839df972a7bcc5fbbdd0c0e313aec3acc68071e8a226ca55d776d24494f856ca3ab98fe7ca5822

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 0f32450861e382e9d8c43daf3bf341a3
SHA1 018efe5b7c1318773d8c6532e0d0492404304bf7
SHA256 7b59ae2d6b5e5c75f83b10b5352ecc4f2e508fdf09537e05b61f89c39b873cdb
SHA512 289648f47d7513cd8a08db9f86a0cc8b09b00f3fb31c588260d945ade83b50b47800f233279f37a5817ed122d82c9a5aabe6b5d4123e41538729b71185737bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 0ba581a9da693aca64662015cf047e9f
SHA1 b8d015c885700d6eaaddcc4b7172c60444ab85a3
SHA256 c6eb532fe615c98693c75aeff7b00d988e00a09fd1fa21ea15b98bfb5970a71c
SHA512 7a57bbeb3e693877e7e9f823e4f9a12cc7f8574c003d6e5f101edcb20334cd94426da5e9b327d8b29caa37f7101e69e5b4e194fff6808914228438ef534853d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 99457318ffc37fecd864b63053ab2248
SHA1 1ece03c1be21daf12c33f564d7888127aa21a5bf
SHA256 027aa85d0e50e15e0ab4264af198fe6e10ea7057b1bd728a80eaaf69bad35c77
SHA512 c70d4b08353309a4f512f4d79a4b6f48dfb0834e50ad819b539efa3491020bf10d73eca96b1fcdf9f59ed6fc52714da5044050517dd039858ded4ae6860f56f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\a90f91fe-8eda-4e9d-b128-5886dc19da59

MD5 f1b2d4cc7c4a8ac533a468df8c60db37
SHA1 a05713a2ce76bef22b582fe743d2fb59170edbc3
SHA256 27f79441a1207f5d26606236292d3f9a77a8f7706d6d21f861f59a340015c3bd
SHA512 29f14b2641aac04c872cd85283c9bb547a1b39a7086fa7c4f7c441fa9021cb26f5e7541272605c89f5541b639f90903397fb6a8edd6b8f53e7231ecbc9b9d5ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

MD5 5da62056941fa4f4c5960a5a3611a353
SHA1 bea0328739072ca4017816200bb44744b8b95f6d
SHA256 345df0552bbf79081d022d0e0af3175249cfb97999bf8381d47084e1d7d7eeae
SHA512 4d379f17526896f7e94031cf71f7bb0acfb2944dcedfec4eb2dffd5d44d0079f307f871bdfce98e38a17decf4ebb44bd5eac6744a69ec22781370f62cd6d2f62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\6572aee7-c542-4b34-92d2-5166007e1af2

MD5 14b456ef1b927154a00d01f5dd6d409d
SHA1 9ef9d13324443df0be729d46cdf5644e0bf9c62e
SHA256 950ba6a94d3d148b14251eec6636be3ef4570f9cac8f46e2064a5a045ae43861
SHA512 65e46ca95ea051b246f14056817724e5345d290a70602363fceb69f0912df877e179c65eda8c9192f524d44b9d0dcac44c2bb2c937d2b70400c90aeea687c2f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 830182a1d1f31138df0870f94d5658fd
SHA1 6ac5574e71672a8c5e13600d8b669e8d61674047
SHA256 89f2518b214c0fdfd7612ca69fed0244705ea6e71669ab8657b69e101a17d739
SHA512 1ad0e6566de996f732e09948d622d76f52ec6bcb3163c6f66912b8f9ccb25a8ec94b940b20a54df46d8204fa274d045bb8cf72f6abe5acbd9ba894870e4fdefa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs.js

MD5 4bbb9c2ac153f4d4e524464536e14dc9
SHA1 bc9edffd0dfcd18c373cc976ac4801fe46af02c5
SHA256 918d95df6d976cff422d8c439488356be613d743f4ecb1749951e5a3a262643f
SHA512 383ed5afaadd0f6bf30de5af2f21b2b035f084015a8968354c2620381d9784bbcb082b0bb3c3353fedc015fe3f8f773a07e84916f99ba401bfb1fe24132b3ac4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c3c601fa89b52816f362479afa17c12
SHA1 85190113bfa3867863127400a404dbb4323a0ec6
SHA256 f89558b526c48dc9b22cdf67bd46298be9b9c620419a2007306502ae34e73f05
SHA512 24b8b338729e9717f75a291f4f000048b599ed5f75fea75d9eac245af9abbdf888dc4b5820a10a6cd2c06a8cd754d18186b00fa5a831b6359f2d33262c8ea433

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs.js

MD5 16e6def605a9c56133006d828b9e41d8
SHA1 f82075b48300e914a8c015384e8bf20f73d3706d
SHA256 05438d221f1ae64b321b2405329ebb8b80745504f0483f682baf5a46137f1fc2
SHA512 afc144503b0b07917b6a7acc284c3ce18b6c167cd94a67e2cb858d9e739500540a91d06ee061944e4cdeb50a60b5793a3d244e65ce5d53f73fd28708ae27e8f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\139\{c8454863-8fe1-4ec0-b2c5-4f0136da9a8b}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\idb\1271628142yCt7-%iCt7-%raeds7p3o.sqlite

MD5 0ffda24eef97d0aa627f7e4298eb9a88
SHA1 6e2e06c06ad2ecb357bbbdf34cb33c2bdd752550
SHA256 d66577f1f1d2234ed015d0b80f8af15848ed3cc5c3387fa3a792c72e5d771acb
SHA512 c61b61598f3e2ca346d8f3f6bdac4937c62d936ed9b1ce26aecfe7135be0271fc134117f8c40eeeae130ff57ca73bd521613da9879afab9cf44670d31260607b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76cea5.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 794a776ed0626eca857fba39ccd36acf
SHA1 9505546a9cc3c313920afe5f0a63534a2f864e93
SHA256 f94b029bf4e3fb8a244b1992b709558b9362f45b0609b90d413aa659bb3d0cd9
SHA512 4266b876fcc54eeb472a6bed838a7f9d16ca38e42cb29e2b002b5f170851e9a3df571e65e527a0233224066ca1d372ef811ef3e706e0ca58fd74567236312a68

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 333cebefed619325199ac79d068dc077
SHA1 facf147f1914672ad9e795ebdaeebc0f7a1954e0
SHA256 ba20ff9832d7c06989a40ee2e0af0fe61e215155b8bd45b6eff96f9890589d63
SHA512 855d88936794c4bf1c068828f8ce9eb756ed835f674b9c8f56b616e6fac3a10b7d3fe5ca4d94ee51f862d311d9f080d7b7532bd048f27625fc443e324798c647

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 f0f5bb21b2abf365d3c12cc71049a959
SHA1 a8c7438fa5234d438d2b8099902ec1043849bccf
SHA256 6b2d81d27008436bbf4a1665cfc156382dea62e2e0adf18184eabccbe4ba04ff
SHA512 7771470b4174b9902c18845c7bbfb3811ac8770db8dc850f0bbc3dcc9d5c96efb023a87e3e505a7ca31e95cb359117b280e3519f08494c5021c89cd5231cbba4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 05782f5820c88fd33a4e428ebb2b9a17
SHA1 9519964a901d34e09ef779b778066abcbd8acbe3
SHA256 a6cb8fc7ca79ca8e014aec8d3030b905c1e84f04e22ed3bbd1aa6bb51024b674
SHA512 8e604c1b70fc28056d1779a7ead9ab3fe890c2a8953408f6720220ae9dc828462decd4bb0c5264b7ef38b02dba2f73ef019fd93a859dcab850f9d71ee6e23f9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 782ce91d1f0e989757cafd2fc325bc7a
SHA1 fb8d30db2d3a2b5e8723bf0f8b8be070102eaee0
SHA256 d576a72c455cc0252ae2d4fb74eaff2a3f431416e7e622da7309bbb8a48fc87c
SHA512 09a6b04ecd54fb202a2cf199f96789eae65d0503cf0e888f5d81d317ba0001bed895a448dc799ebdf959e922321b3c804d5a98fd59ec505ff815ea0e68481001

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 92ab976bb41ad64baec73c445e714a02
SHA1 db9f51d2f90afdb38821483ca2515dffe97f7766
SHA256 84d9fa180c931e13171acd727e581a55a63d540e41c12400b96d54afd637e633
SHA512 9fad6e182f9248ce392fec161b6ad7bcf80739b6073322ffe6dd0dc4401664f137e647c56ae6d9f69fef6b40c347c72d2da07b21e9e7c37dd91a1ac387637104

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07e5ff6bdaf912b70736244ce009e595
SHA1 77026a5992589ed7714945286c0be08c0eb0aa81
SHA256 6ec5831cc7ced2de2a2eab7d34b23f1edeae0cfc1cc15fd07f8e258790f872bb
SHA512 569d960587a79b2da473c3dc0d4ab326ced579f4868c11fc1f32457098f2c84a53a7b5d48782f31f0df79ef01a1d1ea2408983f0f07a3103e8ec0bb1ec8cf806

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 1854bc1386c26ad8a49121fe48f04b20
SHA1 b6c1c5eef10e7ea04f5193b19c98879b8399c465
SHA256 6ff92edd58e3ffce9acf38df674ef20f9d1736b55a22d636b072f80b7642be1a
SHA512 432e82f72c26ee7051883c3f6af25d9b4b8cea3b62a459e6082fa125a3f0a520f3b22125b7d4af5d97e63c5f6c86108f59b356f096c0d6bb89b679eb57c1b238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c909d8a97f191a628f47cbaa5c81ed6
SHA1 9f01b637c04ddabbe09687f72b656a1365690e2a
SHA256 6476085e21dc3b2f97af156aeda0affb6881b4a8ce9b9ffe46e7f32fccfdeb48
SHA512 8a782934f20333847229de278cb4350201aa1416a8e8e55f7c4be6dbfc3dbea05b60d69fe99ffefcff130110cba09d095c0394304b0a7e7487141983dbf0a5f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6726c79a9bf74f77bb0a23296f68db27
SHA1 c3b5c5c74ca6b5ef407ce638013e7c0f53484049
SHA256 fb7487692d36d2644cf2ed2414762e315b34306c1504874773cfb1604aa00767
SHA512 ce9a2f00c26e31f4fafd451155732aa427bba132ae7cfc47c0729b51076d9ff74612c87bd5f8f6f2694292bc125093166bc6de1ba182af530b3f3a5910fbf58c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc23ff753522ed57b5fbfa4e60ca0acd
SHA1 712853b1e47b73121b887b954f8a5b101b4f098d
SHA256 f0be8eba12e63e39a442c4719773daf77fee2a2ab5a2725383ee7f6876d4d5a0
SHA512 14b6882330abe508b2eccd47f36f018bfcdf6521d53ab4ff6eb83946d29e2e562d62d81b747788c83019e5b0b62ea01c527ca69138cc27807b57481fe903feac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76a810e0b8f48df6a49b49c4df76555e
SHA1 43855dfceaba6a3955066ffa00cb86e654e17ef0
SHA256 8e9bf70640c02017566487f6560c6b6396e3eebc11a39b01f532fa448a1dcced
SHA512 ec312e6b60ecd2585ea3529bbe18ec041e1eff2f65f7177bdbe7ce5eb3b857d458d10122cf9e7747edbee114d006dd8c5a88e68226bdb3bbcf16062e455f9850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6603f26f154a2dbb5b2d059707bfac2
SHA1 d83f2570b4be6507b6407e1287811ae9528b5478
SHA256 15364730657cba6614f8ae4a95ea3a7e9fd4d6a8885ec05a8761bcf66d563e8c
SHA512 36b2712837e1398832163d1f363b3be43ece1965d907d8927a67f5ec8b0742efefb873093ee03ab2b169142c309ee2c15e065704517dd2fef9616888281c5935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6032d62429e9d6a993d9913fec4f5386
SHA1 199dae0d977f2131c0f7accf0d4c3b27af264ae1
SHA256 392305ba1f1834fad039dd4afdd1539a00b823f55c20299493f13afc72bb1a6e
SHA512 08b1cf7ab96ef1e45ef3c5dbfc78f0ede2e3390bffe2f8def37409848558a8d3cf95dc990ec72258dfd6a65dee918b7481f4f59413c92cc8d15b6fbed3f80113

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 1c37692bcb9d8fffa635f4f57318ba2c
SHA1 c45a454e635d2db69b0ff4caf08703e93fde98fb
SHA256 048883ef16063576e8e02656dcf438eca5ad34cf7cd986111b6838d06fe91e65
SHA512 65f9ad7298e5ef11808399e798cd7d1e33c5a5084f22adba6a710804a5916811f9f349ed8de35e3ba551fc5090945a09ffd9f3ed4500230f360a4d1a80a58d9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\527c446f-363f-40ba-b77f-0cd68a506b8a.tmp

MD5 c390739fadf10df4fdca5f96283af8fc
SHA1 a8d97b721ca949071af463cafad34a30edd258bf
SHA256 9cf23dbf9b3cdcdedfa19061e312a68d7a6eca477925d05bb053f9bc264925fe
SHA512 6621f6e4cd40eb243c6758e93e150d707792ba4d7a847c8f08183f967a9f44c24839ca4c4fe3ba2639821fb60a02ff2a44dab7ce8b288a1bc639f3b5513ea0ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddbe5dfb6c5f206828d88ae5a5a67b0f
SHA1 ef3b3e0512b5191a0a018521431bd37695c2c28c
SHA256 1e15bee1f6ad37d152babac37ace5c10956c338307f1b53751aa9eda62219339
SHA512 ec1fc431ba0b5e844707adf48a806c18fa12ad287ac495c5e403774e08383191b72d58a71812e1bfd86072fcdeb438e6e54e8d2f15ffe5bed71d1ce7da75c578

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 26227b1e04f7b293803f472be24f6636
SHA1 b6f2a76f9fd73325b36674b7d7b70ed3d681ec45
SHA256 70687726c6e37117970996a09f408c32c75de53c333c407e743c1acc9a0f6c22
SHA512 d49fe242b03d1303e90f485a54c8319581dcfedea0d2a94713450d8bb00db5a774aea6e33d74bf5ca3cf1bca99e8b1d25b919ffc6c8957af4a0c86dbc2b3848c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8fe7640c20c641eef825dd39744f6dd
SHA1 81bfadfbb62c922be810e4d422f1d0514c43a166
SHA256 99a81977b1e6fa6b440da7e8f150934afa99c9ab6e301beb55b9608a66bd8529
SHA512 eb61afbfbe66509652ab57168b99888bb48498a13d43e70ca87fdafb08ee0c66cf473ed0c7c7cad71337c125903f4df272b69b5912e27b2c06f3b3301cb87121

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a3c42a4730a0215f9d7f569f6b51c41
SHA1 60ce21f7bc2e80977919bdfd3e8eb33dbd2b6cfc
SHA256 cb293b9f1175d7f8a4a1be2269656f3ff1ea730652af97f0bb03cbc019b3fe5e
SHA512 e8d53850a56a6f1c53cf9b6b8df93771768475d04c25a660f41487f6730a9f42d82d3052ebd26fb0842ee1f5cab2671a24f033f8b4e37fa3c6ec45fde2fddbae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2cdf369e39a658ca49a4b7555734b9a
SHA1 32004d2f49a75087e48aabda38131101b44df761
SHA256 a94b939dedcf5b016685014c78468e94464dc535a6b0fcb0b510d2808c23e151
SHA512 5d361330a94318098b46df4816dbb44ed7a011e87fa408086a761c9285396cc7bf143c4f22f1491f4dabe14a72b4820a03fa675c5a4b5866252cc43cc3237a97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a360693b98e4c8fdcb6f3761f241501d
SHA1 49681a88d842145d900afdca14de76cdf33f06cf
SHA256 6f87992226be58255fba84e27bca9af8d726de4c053f4befafbf9e09be882c6f
SHA512 74802c0cf3773d9c23bc7aa1e5c87c7d4e663fd3c73f2c0388896172e9a08ac9c741b60bf6a68d29bc6847fb08d48f56ef16b8636eabee3dda60ff06b5f9db9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a057400ed5e03c681ece4d26c4490b72
SHA1 c0ccebd638fd28329c7c9d7ca22bb322dc49ce06
SHA256 7c13bcbc6616a103875de34b9015c688b55cbafdecb368e61a7cd5dacb56425c
SHA512 2601aac4e0ceb917fb4198992eaeebe8b58670508f212ac3bf5e6136e81b844f86bcd1eed6253b5bed1e8526ca39e90ad1c133e48eb0c554b839d8da85587e2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d81c8cc82f4c0ad54ba4bb9aa47eb690
SHA1 926066de03c106c23ea6a97b50ef6f395700ddfb
SHA256 5889e3fda79f7e37b587d8d876338b0ef07a63c43db9a66edfb1dab8f33d74a8
SHA512 d32228e407629392fbe37769e3d7b740ccedc6665281dcd2c8255f2215bb4f8d0fa544f27f53facd3bdf6186cdc761797c614738a0db2e9b0205b63c7fc4ce9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 744e2018359965a8a3e69ecbadc99ee1
SHA1 36c6c02c620c86f3104e86040d7dcd78636af949
SHA256 88e85b4af071929c4a3dc50810b1ee1ae5b8a18ad9925e039eb6f13b5576c77a
SHA512 f05eacf39be1709bde9bf308f95a57e2a5596326b34606acc41476c1f705c2c57732d3fc30f8eec1d2b30c0608e4d457a8e8104bc8c020d619d9d3aa7290bc45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0347fdcd8d2f24534dd03f098f256b2b
SHA1 8673d921e8dc32bdc820f171bb1f73dcf9ebebb6
SHA256 85c2a7cf7e9682a6e1dc525a5af20dea84637a9e8d67ba28fdddfc82af8091b3
SHA512 6003f527a16e5912ab2470634a3900cd1bb19c081abd7fa298360c6ebb073eb62fd6dc90545903c700c609957c1e80383a6ebe4552ed522e12307ff079efa4f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 530e6fd87f4553b77d56e790ae546763
SHA1 4600380edf7c4a04975f77f5c035b0b0f262cf35
SHA256 03c7069a5c092beb01702fc008a2c656753ef30b73efb6c9ae1499768076109d
SHA512 715ae3900da4e2b3651bffe83bcda408ae09208fe629a957f29e39ab1b511f700358de2bef9174997771abd7158565f9bedc104e42c1d90d8e53fa4f657d408d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7284e8a5488cdb4b57d16afe4a455f24
SHA1 f0b151efa3ae5eb4b976efd42335f7a6974b6851
SHA256 647997f01bee4d4c061b9082b2ac31d481f03252dcd6e6fec944ca5306c6e20e
SHA512 971edc84699b58991fc0bb44c318cbd938f8df4f6c04fd3c032c3f075da6b5cb8b4acfcb9ea976db4ed29698bc06698e655f54a3534106d7c20e09b5fd793af8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e26e93448ba60fb1e146c6c990c6697e
SHA1 8ecfb18af47666b7d6ef308b4e39a3fb4c777cde
SHA256 5d07d428d91b82764f74d870a416c7a93bd0bda1045d67ac8769423158a06f7f
SHA512 e44c467da6708d800033b01996fc7bbddd39956fbe97584352990e0f74efbc574319cbff41be17bfec6a0d7fdde6d3f4da0dc02d8793a9a31b8f904aa0238727

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:01

Reported

2024-02-12 05:06

Platform

win10-20231215-en

Max time kernel

299s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521879130504113" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d0957c9c705dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c6284796705dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414532010" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4436 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 2460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 2460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 2460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 2460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 2460 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 4428 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 1840 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1312 wrote to memory of 1840 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4388 wrote to memory of 5536 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5536 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5536 wrote to memory of 5616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5536 wrote to memory of 5616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5624 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5624 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5592 wrote to memory of 5628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5592 wrote to memory of 5628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4388 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5624 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5624 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5644 wrote to memory of 5676 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 5688 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 5688 N/A C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5688 wrote to memory of 4772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe

"C:\Users\Admin\AppData\Local\Temp\985e0f7934e50b406b7709bb63237e99ffcabb31d8f59d59a9a1351f76a0e80c.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffa03809758,0x7ffa03809768,0x7ffa03809778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffa03809758,0x7ffa03809768,0x7ffa03809778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03809758,0x7ffa03809768,0x7ffa03809778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.0.290956169\2068546742" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1496 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5009dacf-bdb0-45f2-bba6-c43cfb0e8bce} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 1684 1e15afd6b58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1856,i,9195273466378304327,17375232309516651295,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.1.510007265\1038234563" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14d2ad54-6a68-46c0-adfe-aaa327406b81} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2164 1e15a737658 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1856,i,9195273466378304327,17375232309516651295,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1812 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3720 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1208,i,11285784782156576907,13122006822425068678,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3744 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1208,i,11285784782156576907,13122006822425068678,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.2.318493278\367268046" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a3eefe-50a7-4d70-923b-e3e21432146b} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2960 1e15af60058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.3.1437098009\1312463463" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fe5f8f1-9997-4524-86df-1d426de405bb} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2792 1e160631858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4628 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4652 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.6.1961117945\215648098" -childID 5 -isForBrowser -prefsHandle 4872 -prefMapHandle 4876 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36b9a8f-a7e1-4536-846e-1ab0438ba5e8} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4864 1e161ca8158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.5.665788452\139292192" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4680 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2594ce1-80e5-4bfe-a55e-85fa0c686f8e} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4760 1e161e72b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.4.1265220874\1501966865" -childID 3 -isForBrowser -prefsHandle 4592 -prefMapHandle 4564 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fc6260e-f325-483c-a369-6dc039e1a377} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4568 1e161e71958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.8.1310219634\247685498" -childID 7 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a35268f-cc33-4b59-93f9-327b47acd8ee} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4676 1e163384258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.7.745499420\1067938290" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 4932 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {686fcb2d-1db9-4a3b-9048-5eef8ea60493} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5264 1e162f60558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.9.755159449\134070612" -parentBuildID 20221007134813 -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d836f6-c8f1-49c2-81e1-2510cd1f4e86} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5844 1e16387f958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.10.930699634\1718882801" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5860 -prefMapHandle 5872 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d3b23aa-75a4-4af0-a0a7-79ec03236696} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5964 1e160630658 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.11.178094673\598167979" -childID 8 -isForBrowser -prefsHandle 6208 -prefMapHandle 4080 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c249339c-2c14-411c-be2c-34a994c8eeda} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5740 1e161711458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=2244,i,15753607483823957898,4287111374542485926,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2.sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 39.57.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
GB 142.250.178.4:443 www.google.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:51224 tcp
N/A 127.0.0.1:51246 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.187.238:443 youtube.com tcp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/3640-0-0x000001889EA20000-0x000001889EA30000-memory.dmp

memory/3640-16-0x000001889F200000-0x000001889F210000-memory.dmp

memory/3640-35-0x000001889EC50000-0x000001889EC52000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 b55c8f8b5265ed44f856f5ef1e218965
SHA1 fef93c4c38fb95131093dbdc199e71c3eeacf317
SHA256 d1794bf43d7b049150c45b8b88f537a41bc9e4b84acead51820a3430490bca79
SHA512 7998b14d6a1de7a9e29ef6b43a1454a42e71df63c52fc486a5a1163fb74fe6a00ea4dad9d4569a26022d873f268584ae7ee11668712f97e9cfb08c1bce653471

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 9675aae1a73de4ef168a4820ff57362f
SHA1 53c01e536cc21926ff010146abe563026a0b40a8
SHA256 df58f2a6acea66c5bb5facb12fb7447ae3e2140da6512ed218d276e603f75679
SHA512 521235a0c59c2259ef38474999ea50e2ef01ed10d56173c00e0c6012319583cdc5af5a36208b0025a7db4b47f9fb9d33a5c9c60e93c1d33679608124b9f25895

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 a7c06342d9727ac9d8c7bf1a649a1ff1
SHA1 5b527eb2f42026879b3c902f98ba51d2922e6ec1
SHA256 121457474ea0df3d179ffdc86401d9f3ecf212f32c9ca2f935f3e7ce9de57162
SHA512 d2316c1276db0544435ed7b7cd787a1ad903eb48e0ddbae276ef89fe04a9db7f159bc3a9efea35a7fe1d014b5da8363bae264db9c2fc2b37fe89c8d961b46978

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6769c3ba0ef6730f5d1e753f0083bbb8
SHA1 2f0416fa16e32402573d921663d3e755ce9e6cbd
SHA256 a87b351fe0b7a692a508b56fd3ce66b6863a64f6060fb9f702b1e7ce157541ef
SHA512 cfd03009c279c856b2811b61f00c2f0295445494708ef0e08cfc71672635133cb8a6d4f3ce60885be4eb71e83065be20f9627b36ec28eaac5147f16061ba9a40

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 128364e05c842badd9db9a816ea522a0
SHA1 05c5cf75821a649ae992359caff8ff1c2099e1e4
SHA256 828d63dac5729a1b54be8b77d07537c655ee6809f676cc7f658f32fd6f57b9ab
SHA512 dd4284804c46a4cb0d1e7225f7806c35164416e53921cbd63a3fcb2bc1cab1e44608f23051d1a6ab5c63f62063dd08f4185ffb481ef2f038fba69704c9224f1c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TP37FJ99.cookie

MD5 0fb440cf2a7dd0e97040de8716ef2883
SHA1 edad9df9a450edb54aab39a3f07f1f62b4a4d5ce
SHA256 c729df331adf13f7283c4cee94c486f2dd3ac7f20af0ca517311280289092191
SHA512 b222fb102d3f5b6cc827f9db61151e7d3e4e89f0deb2a4b892fa7e3d2c9dd1e437a3de2ce227f292e5573b23e195c2c8cc0857e090435d602486a1e5c8666f53

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BU0F7RAE.cookie

MD5 4f1308b41d748212590f933c3f4345f8
SHA1 a9f868b17f9feba330534e48479f51a8d028e1f4
SHA256 de59d4605614cd446a1db5f05ee7b3cfb9d4a4749fb21b38868d578fc08c1900
SHA512 e8d03eb2909b7bf6db0196112d409bc5644ec3c937bbf1711d7c97c4c90cf752b504c514f4b7afaecac4de9bbc02acd0bb43cf18c931df5523781af83e3ea570

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\49F32Y1F.cookie

MD5 ea5b0a9d16f50b1dd5c0884a51b3995b
SHA1 4318dbc1e088de2a08373aaefce18ef02f136cd5
SHA256 cfd03bbd50f15603cdd6e554e0581da0da6b784e678efd7d5acbc7215c84f570
SHA512 32f69696f71ec3a396c8eab5ab845066961219b2f39745c8f9c830b4e98793d88c32d3f26316303ddb91a57699b539a49fa82c08b31184b5d991ffea3873919b

memory/864-166-0x0000020A31D20000-0x0000020A31D40000-memory.dmp

memory/4436-168-0x000001D012CB0000-0x000001D012CD0000-memory.dmp

memory/864-186-0x0000020A319A0000-0x0000020A319C0000-memory.dmp

memory/4436-195-0x000001D023E70000-0x000001D023E72000-memory.dmp

memory/4436-209-0x000001D023EF0000-0x000001D023EF2000-memory.dmp

memory/4436-222-0x000001D024400000-0x000001D024402000-memory.dmp

memory/4436-226-0x000001D024420000-0x000001D024422000-memory.dmp

memory/4436-228-0x000001D024440000-0x000001D024442000-memory.dmp

memory/4436-233-0x000001D0250E0000-0x000001D0250E2000-memory.dmp

memory/4436-241-0x000001D024690000-0x000001D024692000-memory.dmp

memory/4436-248-0x000001D0246B0000-0x000001D0246B2000-memory.dmp

memory/4436-251-0x000001D0246D0000-0x000001D0246D2000-memory.dmp

memory/2460-290-0x000001AD7D8C0000-0x000001AD7D8E0000-memory.dmp

memory/2460-294-0x000001AD7DD40000-0x000001AD7DE40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d0ac02da68a89f5db48c083103011c79
SHA1 f776a818226cace919ece1f14344f47b1480d8b5
SHA256 6de99ab9e9646aa5374a1c3f6c2b4c0bb7930ef6de2d14f2df3f91feabd40655
SHA512 c61c998ed9656e405bd7a2fbc56775354e144c08b009eee926303ad70464ea1ec8f2942819a9060480a3617f9fa3269c58a3cebd496be52876cb7a251795cf17

memory/4436-366-0x000001D028000000-0x000001D028020000-memory.dmp

memory/4436-368-0x000001D0283A0000-0x000001D0283C0000-memory.dmp

memory/4436-369-0x000001D0283C0000-0x000001D0283E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RD34Y5YU.cookie

MD5 fbc36b017282c26c89b88edc99d001a1
SHA1 b5c2ddbb0db8e29c74332f28463506bef067a4a9
SHA256 89a55059b38df1a71b66f3649d46dc0db8456984d100c0d7233851e9df761572
SHA512 600a0a013ad64d6ef5ec12dc53057227008509ead946fd28933fb742b8034352997e79564588e7798c48f71362f614232ddafddb055c790945ace9d9e25e4e89

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 3243b64fc870718b00fd97ed7e3074e6
SHA1 c0436f453e36ddbab13fa4a2f0bfc401f0100d7f
SHA256 80f3d5c0a87d8291b05db2d6a62f95098b32d6e4c39e6dea376c38cc40dc89cf
SHA512 ad008e3957b7883a45977919335f9b494b6bc62886e064cae6a94d75191f95c95cb429336c5382a4ddee90bb1101c8dad9c2395ecc0d6e4fb2e46d2e2b023bf6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2a5178ccccf78cc71a8a25e2eb6ae509
SHA1 bf4d50feb1b496db2fe1c8ff72ac2ce412c36ed0
SHA256 41c9b99bac7ea1d3942139ce7c87d73146ea010497f13a39d2cd0b955788ac99
SHA512 7ac91236bc59c5ae41297009113053ab52508d640b8155692e74edf8494a29944d7a67cdf7de259184e38b335bdab7f6a7149fec4fe64b8aee2100b31a56acba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 024bb2a65cecf25a5d6690390916009a
SHA1 2d7300014868274fab20830c44637ada7a88278f
SHA256 a2691e0f8c679c3c3921f8333445b860f6813e023fcca6ed9cd498847e8c691f
SHA512 767c7f5fa2a90cc7570fb495da8f3a887fe65b86fef162e57d2ce5ab3ee1f27f27be11ab1fecdd06ff751c8a949b084091309b9be4d6fa11a01285c9b7cd772c

memory/4428-499-0x000001E661300000-0x000001E661400000-memory.dmp

memory/4428-521-0x000001E661300000-0x000001E661400000-memory.dmp

memory/4436-547-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-550-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-553-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-555-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-548-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-559-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-557-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-560-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-561-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-565-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

memory/4436-566-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KC41FBGI\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4436-570-0x000001D0128C0000-0x000001D0128D0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OT96LC0Y\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 0cdacc2deffa8b497e2f8c8cc0d798b2
SHA1 74049cf442b271cceaba13556cf4123644883054
SHA256 3ac9e9c868a678959464a5de9e146445e4d0a56c1da3afb5b031e37333f2af89
SHA512 c540f0a4975ec119d85430ce7c7125ac8b60677cb68ac42ab332c5ab2d4b98c62e2ea6ea1a5c98568e560400270b231f89dcf582119806ac58e22d0a5a08e760

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\07LZVZBD\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\j8ddxpc\imagestore.dat

MD5 deb36901a466411fd939ff997b65be1b
SHA1 d64b971292034fcc9bf49f8e2c4e3a4a954b21cc
SHA256 0f7cd0cd97b9bbc7c13405f8fab7103c30d3fea1785893e023fe3a97a6bd7af8
SHA512 218883cf46069716025debaee2606fe9099582f6e50f986542589af5c867e6a6bb01f144c7ce7da1a4c3184eeb3140b37402cdec70e71160c8fa07c2b26e4252

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y5WM259N\4Kv5U5b1o3f[1].png

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\89TWIQ9O.cookie

MD5 ad7d7f89f2fbf1188a33e5b1d15af05c
SHA1 95c5cc3c8ac51d2f5671c5ea33cb815ab84a7659
SHA256 d54fd8f023b140d2cbffa9ece4136392c43bda1a552adadfdbf87de96b013230
SHA512 9e2c9f9af550e44321cb9a061e8c21d8d13ae0402d60806ae2daa2e250b80a47819da20b708b7a317e1c5adfba2d8e2e6767ab0d4d8ea031a20bdfe6d33fadb0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2ACR90N\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6EDVPW3V\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5FF6W4S\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2EA6GBS0\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5FF6W4S\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2EA6GBS0\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2EA6GBS0\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2EA6GBS0\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5FF6W4S\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6EDVPW3V\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6EDVPW3V\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6EDVPW3V\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6EDVPW3V\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2ACR90N\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 5db3937cf077b350ee46fb05bc3e9eb8
SHA1 6301e28d87662202d139c052e3933dddf59f7bf4
SHA256 78d93555307d332579bcac86d394a3280597569e6691a93aaf72d1773a733f1e
SHA512 88ec2234d938c3368e7c8e7ffb619ae679471973b95f32ba6132be9b7c42d2734cb452ebc30368aa91e890acf286814a885c0dc114eab2f57a225da3d69f7de2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NGHXW2DY.cookie

MD5 bc68a029db2c304d3aec6d8b89a36540
SHA1 9057fb1b2bafcf676245a044d1b760f2441169d3
SHA256 ba8bf9cf93318b1729a0509fe6f4d57a811beb3a8e3a7ca9d5097444244ab968
SHA512 b7baa7509b3c74b67fb6dee3149cb71873a4c6205caf93a023350facc79ce01aa4d4ec57233883fafa76940c4798f9e65d15e457c976aff545e1b03e468c5c05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 de44b386d3d0fd76a324c01340fafd62
SHA1 28ce79606e732d3a57215b924b2a47b46da90773
SHA256 907a15bbcc33824a237e2d170b6a0fd92d411b2b4a1df95d58fc315becd18faa
SHA512 0d09dddbcceebbb331e372e65722c99f643b24d328fd9c6580a33d480842bb186cb1e77482d5740fcf1d23d834c6ba52f12f9cd82f9da2e1815febee84723859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a3fb21f9b26e99f31a1254b691a3346
SHA1 ce2fe93f7695d16b8cc5290fddfa8354f1f96359
SHA256 940a9bad619ba925f3ff9e003a7227cacb21d76063abd9404535b3ccda1971d4
SHA512 b0f4df72b4c4533aabff59bec728afd8f5d3c7a7b3e065462db2b81c766e71ef5feadb9c79bf602f4026e6336cdfdda1b6fce8b5cc181814dfd1e5a875ee2b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7941f05bb893f462f101cb97d899ab77
SHA1 e995c1b200892e166132b42e8371bedec7013655
SHA256 6e41f6ec3438272af64a77494c9664257c15587af9517899a530fe6e8ad784f2
SHA512 e01fab173c9e90db1bc74234ec16a72d74f9fff3cd9c14764cf3ae022a53b5f443c4fde49902e9e194f2b978502cd1d1bc0a4cf83544909adacaa13b000cf071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\1a6d0df6-2d45-45b8-af44-2db44e9db847

MD5 0be86a674217fd5a6c76d4c9db61b7a0
SHA1 323adf5b1f14b84916eacc2e16efbcaeefa458e5
SHA256 8096aee2d0e25b8281b60608e4059fe37e681b2cece954e10a32b216b93e2ed5
SHA512 8a1d32f53eda29287857e243740f2a98e17b73ee7c4492e5d480da4424bc1e8084340d6bb98bb0cb98db95b88f37a49db3795b511035888b0dd0e065d3048a4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\a2d3741d-e52b-4917-bc57-afda77ea826f

MD5 23b8cd9479662882def66b4bc1981449
SHA1 ab5f6c9c5578ca8e40bba6fa0082841882d182cf
SHA256 36143504b458d967d6f05f7b088f8201545f4d931f5abe5813f2c963f82c9122
SHA512 a65012f4b4810564898e7e061f73248758edfbb9b8600f7b434ce13cac9e8ae056a816580986b5d5dd8ecf024eddc67c9fae7d26f959239a2ac90096dda10628

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\db\data.safe.bin

MD5 4c12dae01553736eb37c892a7bb66bb7
SHA1 146242b6f22d159a0a0d11d514d687e01ad1fa18
SHA256 2a91c1e9f1ea6e4756ad3daa5eb74cf23a48c1f926def48e1eeb159984365836
SHA512 17a04ac83c1ed3a5f4cf136ce165440434e81cd7954b723f1db5d1b5fd0734efee712fb4e548ee36c72fde09b87d4a19ed7dac53c4d10b001ef4d639f810785e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 dfd4e5c837d1cd30eff7bb5fe4ed60b6
SHA1 731e7b6ec24292803396c494bc3598e308b7b2c4
SHA256 36fd09c0460d9ab944d4cb106e5de2678cbf22731473c6757176d9a59794d399
SHA512 f2e54bec771d1e4a77979097c921662e0dd7d3784418daaaae338c00b09a362e9dcde62b3de0a864e3dbb8bbc15d0aa731c32ff40c03730db865e7d838bbdbe5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs.js

MD5 c358dcbd9da5d96ec5769093d49a7402
SHA1 a084d9e3e5efac787af9667d69a26749f88ebbc4
SHA256 2622aa5e94c739f2c208fdbd1818541bcccf9232672ad5a8b18aec87749d07a4
SHA512 12b514627ae7083cac4be1805f3460b4e1e88235e53ca2aa0e17f22006fb4b98fab56c627b7ab78bf44412ad83d95fc6aad0442ea41cceba5f7ea9055eff8bcd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

MD5 298f1eead42c704c1d19205080970546
SHA1 b2e260dc01f4047fb8df37eb108819f7bc724dd2
SHA256 480c57dc278b530b12ac2bc7d3e93a757af89fae571a314fb0acf0c1157c03b2
SHA512 afc385b82128fdd23508a7dbc9141613494bbf6f8456b098da4c228a8524e2a4fe9d68010f5bd7cd7c78db757c14e32613fe4b9016113cf137140f209dae4be8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

MD5 9430aef3d227795b37b4ab7fc453506a
SHA1 cf43ebf27ba3a5fa496fae896c488ef5d3092967
SHA256 e41bcfd255d775f43aa867c1e9a0797049923bbe1833281a842f0a9dfa14442d
SHA512 8a60206305e9f3d11475cfca5fe40c65b289431dcda172c6d08eea22afe5c68558799b9315882ec56af447888f6ac43a4a82fcda92bf7af52dbbf3b8974ed578

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89c2a38647ad3926bbb5d2baf74ac84f
SHA1 a950ca0fa7ffb5e1ef3108cdfbcd2cc0cd311f5e
SHA256 cad634fc33b55f53403c1cdea27776aa1b972aa6a68daa392d4bbaaf7c88fb72
SHA512 bc7ab30e8e46fc57511009e0bd1769a56dff0bd68e52bfe6373fcfdccad878e7e4060f147e76b286ef2cf764c0b29c3a1f7a783d4a7ccf91abcd5fc7e4fb5e3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78a32dff34c4d6c7122973f6258f6545
SHA1 810ffc682c55c44e950875793ec5abeba2e02a1d
SHA256 eb5c89af4244ed208738f88f420c3b12d02a6289126df2bd43557a43c64db763
SHA512 8701f82daa06a82c8c8a92f65483ad6546e6a715f6962e9e918ed7ffa21ebdc78e9617490a7c0e6c8add9fa1b22423d644e0ca69bbf489cb21dd67fa3ee5a996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b21a3b2f8773bb68f0f0bdaa420ed808
SHA1 626fb243d4c82e9723b59768be2299ccdd418e99
SHA256 9759aba9b9e205fa2b99cd1ad6192be1ffae8416dea85f92657eaee48870ad32
SHA512 42a2fc328c25c8b5801489d234d57ef4dd9086ce5803758304312d69f789222842c146da91177787c2268446fdae0cfd417dc3b3c553fe06d0353b30667bb61d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7MP3NYDO\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a00debf37d83e453e506ae0114d80239
SHA1 f7cb31592e8d3b1c777d6141cdff2c910fb483f8
SHA256 5c906a92014d179c8f794aa3e1d10d5c0d06b1e0210015ade4c5cd9a89a6ba8e
SHA512 30d7358029a453377cc5a5a68981818dc4f25c457a108371629bf5452904af7427bb42cbf4e78624df71a5233fd660221f57f0de2bdb987e9255afd37429aa9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 f6184bafee4be4e0179664a6696289bd
SHA1 5132c2d40587621f20faedd954aba04db32dacec
SHA256 c2c037e92cce291e16693a597a77733b8e2121a02b4394ea9326654d1d76a83f
SHA512 d1fdf95816dae49ff7178f68f92c3e94aec5b6d0e96f300f1763262674e888b4b83950f051471cd41c7974d4c7100e9439be13ddc057a0605da86f88c3f68d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 8dba1030059c0a051491a85bccad695e
SHA1 1c19373c7dc5c388b26884b9146095e44070bea9
SHA256 5de42bda76cb9cc03487866621cb78532ca595b367489a8f9b392ed0812f0ddf
SHA512 26ed74980321134cfe68c3eec3232d3f01b162d5f1b074ce669a966b453c5885775015cd41a6a89fed9179c67ac9dd644c6b263da0231bdcb61a5708632f60f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 e2175cc2ba741482e8db4223ac827364
SHA1 2a400f429045f34db9f6136c4403592105ff0531
SHA256 0844dc81e0e09409c6d04c2b2c5c5198398d977630593a0150ad2a1fa442f8ab
SHA512 ffa838cca12287e132584832ab96af96bf086a4b35c31ba1e70bc4696cf4528b9819adc3b949c3dad77ac09a211e8d0cb867870019496b34b30f5139390d1fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 e0cfc86d6fee1e4fcb2ca7b79a374092
SHA1 1c441e7210b4534b6523724b2c1134e6f8cf274b
SHA256 07d7adc683a9590cf6582cce94e0425d43a44590adb22f9fd9de54a792ae8562
SHA512 9f10d004710526accc20988a118ad9a48b736122a74cc2f18f55bdca45bf631724dc3a582b0e7c9f823f9725870a9078e80ed0be5b3cc7a629ff980c9cb01d0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 a7d020971edee484ea885fc4616e9b94
SHA1 8886c765643c22961bac6d7b2c3c8ecc81b06bb2
SHA256 b883ef00d35c211c6e80e81e27765a3a13cdc958461edb8c2c04841a8a6a44c5
SHA512 57532c64e20bd6e59771a201e5c35d821092813d6838b13752ea2f85fdcbe02cd22b2d318a4aa0f154e1490f89d6f7e5d20adf7211829c1e052fd5d7ffeb5972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 56e3e875b29a0cae43b48737728bac29
SHA1 0a5a802c85eed15d048686b009b1182301cccef5
SHA256 71e4d8c5202caf26873b23c9e42e307a159ebf5c6f100359f76c1e31ae3124d3
SHA512 8fe62dd500fbc102c77051381916276548c941e9bcf71c5aa7f098eb2d99253b14cdd086bbcc02029b8e17cc706deaa5f796108cd4cb5f6dfa43ca2df9425790

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\default\https+++www.youtube.com\cache\morgue\139\{7c81950a-e5ab-442a-a33a-c28be7c1988b}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 3996087854deb58bce448589d3e48050
SHA1 fc58748309652eebbc7caf9926263a86abc90c33
SHA256 705dc3ac367ccba0399c7f6f5dd8dd0ec20ef0a83a4833e1fc2b37d7093fae34
SHA512 80d1351a99d86ab89e81524f30c01e9b5fc1d4b0eccb2f7549bf05e1a3495e01a5f85bed8d8cb00fe88a8628eb07c30d04c45bd5b204ca3afc25d31aed5998e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 b4e7b0611be0c72ef9f8d8cfb44648e5
SHA1 25919b50f907e6c2271531ca36d39c967ac52260
SHA256 2333ed572e03337e2094f3b107d0238edaac090a39ba8e225c5702d7b82795e4
SHA512 20624022fe7bce39aa3354778da856d50197f3e7242b788de51002655e37d3b369185359c9ca47acd1aaff707786ceedada21893b30161fcd0c75d9afff5f8e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 8cfdf88db90ff471a5cd8afd104ad2da
SHA1 d94aa61612b550a34a2838b9980511b95d63bedc
SHA256 240b24115757561090d8514cae0c5f01fea4de27b1e3c3aca254d87661abb5f6
SHA512 f4485d545c2017b9dacaeb2a15cd0c91f1c0d53883e9bcc2f622a3ecf26acd12b13ad541780fa6678e150784640875ff22c42a929bc95329b7c7effe676e17f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\default\https+++www.youtube.com\idb\1460898964yCt7-%iCt7-%r9ecscpao.sqlite

MD5 9c66aa54b2a6cdb063d018d6c3d09ea4
SHA1 423c143e3291dc468a2dcf291f6d31be048aaf14
SHA256 ca42dc2f8282ba89269534120ed4104881ede786b8c6a75e7f5cf4fe4484992f
SHA512 ad56d44cbc80bbe8532ae8dc8b00f92633178b5060092b64fa981a6fcae349fb398aaddacf41b2dd589d260f6f8da38cedf38119af4480ecd3a9e9864ac84ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 564dcd1168ebf4e80d0778fc98523216
SHA1 93c5d3b2353fc1cce428d44083d5cc0f3518fc3f
SHA256 23194dba606cafff7505682555e42916a8e91bd5b8c8fef11c93352f4c5bb814
SHA512 037e1dec682f041aed675eeadc421970bf35c4cce65ab3367ebf8d63cfebb9a97c6b4b0aff3eb91a9346ec28708615b335a82d94643f09fc96408400b86ee6db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582a47.TMP

MD5 a60d73e8a4e7f45d67ab8cd03ecc3053
SHA1 b53ba27917b718566e93e69231114dfe54492092
SHA256 5471cfbf8b192ae7424d1b885f1ad5c8afce108894224ce93ed5c01dcc923ce5
SHA512 21561a8b1f94f7dd848eb7a4e990c177551287dbd531adb73f694e723097429395ffddb130ea901750a642cceedbfd51101a9096fabdb4756412434f5cfc0e91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b4674162bde4b9d1f34aa187dd6a7d3c
SHA1 6debd389e0f2fb98c8daa6690392a6819494300b
SHA256 f2bce2b5f8f400549406daf9ee46f50dd6c059f7c8dbe5e9a5721f543dd17390
SHA512 aadd6f856bd3bb22b61c373f9019bea22d8e8394988a337e80fd13d88b11383f95f99bd67569aaad1e0b9d2aea806d47228cfb2f32073be0b78d319f85792ea6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4d7f3641ba4713094197b3eca5213165
SHA1 eb8eae4fb7c3bea493d5e8e5858f21a01403d574
SHA256 f9c84770fc831cfb0d15acae81c4059f478720031428cb142192d01e179f5a8f
SHA512 553ac17961744d4c296e40b2e19dcedf5058e5b0c2237771b45081a91723f59cb2365e7e7b791a0fb6bc401e84fadac964fa934a846d21f386adcac8f4b46857

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bcbe77f5d9ac86f30d84410bbc26b38b
SHA1 b4ab4bf399aa4590351c90d95412c7ab944fd3ec
SHA256 ed30f0edfc66adb5b36c21088b18ecce0d8db9608ea0cc8ea3082fd930d478d6
SHA512 e4316b655db483eeb57a789e41ab785161c613b8cd606bf74f1837a75a7e8f6f0865bf5062071a1665a84d51560fa115b4399f409a214b0624bede6207cf44f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{a62aa73d-0963-4264-b995-2f89dfb5a37a}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\default\https+++www.youtube.com\cache\morgue\69\{f5dd5742-6a86-48b7-b036-22ae3e9e3245}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

MD5 6a359d980ee21756aa65faad3cc47bff
SHA1 4c229bec41b0ca446b5df07b4094e0802465e99a
SHA256 5793fa68c329e39e59dc29d3fb5d626ee881cbc9fb7e3f408d59cc722bda356e
SHA512 ae1167836d1b8f49564d809aa4e95409c26976312fc2b5bb3b221704966cb539070dbe25a5d1b48cd929ef98a5c3b66d49892a6e19beccc24f795bfc9fe60962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 906a639de05b064bd8f378f6c8927e70
SHA1 8723a8354c66910caa24abf54b78a2b36867c97b
SHA256 2202adecb4392e944be3c93c8caaf356f241295dc17198de0dcde6aa4d575afe
SHA512 66a00670249e94b1dee3b8f1e93e1086a9b2cd028b1520f4f3d24c7504ffa84f9d0e7e9a6bf161c1ee4f335346d8a4dc44a5208bc76e20a85defcae0a9cbeaa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9f9025b815a10a15852da1a4001e1013
SHA1 5e39fa7cfe935d605a63e9397fe7e1b2cf5f6200
SHA256 526445f4a1d9e983ee0e5091207ec13268f56310dcb95e88d8d56a94d907067f
SHA512 646102da5878ebeba041cdb0b72998d31044b78963ea1336c34edea5a922742241b610c5cff9f58ac9566af0738588586d9116ef5aab4761aafc83a08075ad36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5878b5.TMP

MD5 2f6b3a03ea8ebe416ded353ced2cf15b
SHA1 416ca8f3452e32d5781773bccf1cca9c900d2e7d
SHA256 64616f688c2ecaca1474d8ba2774c04896177569c3d0c6df4faca04ff2cd17c5
SHA512 065f39b477abedc4de5d64af2ed2bbc4fdf97c4bdbdc81cc606b095df5732044e54427ce18778025d20f9e5e761a170bee091f34fa3aff1ab591f9091ee572b1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1CER50PQ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

MD5 fb802dc1dbfba8ef872c669ed464a436
SHA1 5a89a47b69626318e28e4c9696be62a9c313abd1
SHA256 ab69939fdf68c8f9e57c6fdac15584a000ac39e3162a57b91d44c5a9499db8d5
SHA512 3a30d7b1257ec921df6fe97bde20374b263dfc69107a0bfb48a675b217047a8a980d3ee1a473c8762eed8b09688ce9b61e2a28e5b07b87db2a479a54d2168329

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ff8da98af037179b7059b314e64358db
SHA1 f622fe004c599e868be103ac1b1b4e79359bdd12
SHA256 8330c6577b0207392333a0b29587512efaf3f06bec4e9713742afb5b2fe98cc4
SHA512 6d0f6059a8d30be394894968d8ef9fe67eed87c5b2f67b9ff02a1d54b14220812f0c07fcbf25dc5197f156810054e4157a446237ef5304727c6d2f0386fe4a1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e491ce88e7853102b7be0b3a89500bea
SHA1 62db41eca4efccb5d08272a10c0dfc8250a2baeb
SHA256 e54ee9e2b720c5194263525a3c2eab0e6d47461029cf47775bdd1280583029db
SHA512 9117274f3126d0973ecae1f230c5e6b15cf46db3f6b0deff26b3eb3c238e6593e27b68fedc043606a1cabcc2e6b28fd04ca676ce886e1e3319350d7694210465

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98614255c0d055683b734519c357b4b3
SHA1 2aaeb2e004d891dbd8c450f729292bd3d5266ff6
SHA256 c437a19d2f537a31b71ce70f2df74d566ff80eb0e74acb70a8b94bc0ed7cfb04
SHA512 8e85aa6b1373b800a925f954446c4eb5a5447b33e7e81d509b65e57b52c33c7d4d3fbeddf5257df6d1e694da48273382c26708a0ba7a25a658c883ae51cfe711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0a89cf390399bb674843e679374829da
SHA1 f0b4f7ab5677ea78f1b03a575140ea1d212be2b0
SHA256 f20e953a5e57d795db2b622505d493b088b7279898b13f474a6bf92de3ff0250
SHA512 86df45ddca96f6533d9d93cba73c8e305d231a9e8444f636606da2f9b2a57cea34223aa69ac3710154fbabc0f3b87e30758eb0b6c394c24496e556f60e7d5deb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e16cc6860ff086aee4457e241e5f1b36
SHA1 995a0e670402bb3b0964457e799eebbfb17f259c
SHA256 d543276183a603be2b79a4dee3089cfe03ccc201104d160f80132e41ab5d3677
SHA512 6b063ecc1782526fcf835c813be8a48efc6fec09102a5b3022e23270ab0827c008a118d220e1a4ad7ed90360732f42accd1ac9e0b67864052ca45d886c25f53c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c7f788b04577c31c5697c5b3e25331d
SHA1 e5e478fb04efb7ae8a288bcf691ad20901e61da6
SHA256 dd53847726fa3241d73ee90f68f7bd7a3b013a9a8dad5caf3039c94e1c8cc380
SHA512 caecc81bafd4e1ca03b6e1b18bef5aa825dbaa3c1fafb2b81ee6185c590b39cf79707a371e6261f42f1cd5f8f884bf399471d61dd732ed66c129ebc7841f5547

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 beafd0124f92b28ac4add2404bf03e7f
SHA1 a6b9bdc91f31847a5d4e35fc43da978f89e8e7ab
SHA256 788320139d0de21d9c4bf6c87d91f9f400e0337b69497846e8104df0a1d2ee27
SHA512 0b8ed729f606ba84cb84a4d1ee5e4fca9e5b96c6c1cf3e6fe157196c9ce0786f50611896f413a5f48157a8c170bd700a5851a92e220d8ecb88a066034739afe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5e1ce1617655607b0277e25426c4af49
SHA1 968c8d5f26215fda69ed09c924497d20d77c2c6a
SHA256 c546734eccb89c339e071714190bd6a05df9352c144aca928f7dd681bce870e0
SHA512 d0051bd184a9380e09786b04c0c98da859792938e24b078a872f4764065f55658be99c3d3dee5c4397b32005fe941e47a6f0c1afb027d60eaa6a7bfe0ee9c1f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 44d00dc2a1258917ebee2295aff0d354
SHA1 973a4de4d0df8f16c2bedb250e3501d94402b96b
SHA256 94df4c415ec8dda030d417f804f2bee1b9f2fec77a0a1c280e906974e5eda319
SHA512 ff0dfabe106a9db7588242e45647777f4820b3f18131aa64d9f71bd3575cd156853ddc4a033501a182e230599b8746b06061837f117d8b81c2d1ce8e83678c06

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7c193268fa545d88f911c7c9ba1ff8fd
SHA1 128bace85bed8d791725f4f673f8b8e549aebeba
SHA256 73d1354efd96455bde3c9e06d045f4db58db11c95217076970f7e7c9d2c96c00
SHA512 d0fe1ceb4b427d1f3ec8844655ac028eeb45bb525c7ab8cdc25f0440e079bc5578962687d9493e9930c16bed26711656513e14b3a83acd89cac30e7f504b9ed4