Malware Analysis Report

2024-11-16 15:50

Sample ID 240212-fqywgacg5v
Target c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b
SHA256 c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b

Threat Level: Known bad

The file c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:05

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:05

Reported

2024-02-12 05:10

Platform

win7-20231215-en

Max time kernel

61s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000006e14a0225063f45b0845bc6027ca542b9504098062e27d9ebdfe44680f047267000000000e80000000020000200000001d0570605207535006ec8031cf5cbbad923a1ea30b7d9305decd803c70b7b3d990000000b099a7d4758d7220232668b5ef9ab1481ab934d946107de6cb15e54ce4d27d48301915082ee718c3856c8c37d5f8ff2b45435045799435db9e512626eba9143bb4d973a629771169527366913bdc1235ca150fa218d579e5243747c9d2862f4d7e8157bd2ae0930572722b5d4346a0decd26deff6d057f2aa81596e3a1122917eb1cf221fdc26f547490dd79e2a529f340000000a710ffe04805b82efe9be6280c02ce506002b78d024c195fa207cefec5635781c3b7852c69f71a129efcb4aeaf343377d7b3f210b40f544b8d2ba40e778aec3c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{531907F1-C964-11EE-975F-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{531DCAB1-C964-11EE-975F-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2424 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2336 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2236 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2236 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2236 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2236 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2424 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2424 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2424 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2424 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2540 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1644 wrote to memory of 1056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe

"C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6219758,0x7fef6219768,0x7fef6219778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6219758,0x7fef6219768,0x7fef6219778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6219758,0x7fef6219768,0x7fef6219778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.0.2082115851\2039433873" -parentBuildID 20221007134813 -prefsHandle 1188 -prefMapHandle 1092 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7493a3-e89a-4d6a-b105-4cb47d439890} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1264 f709658 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1308,i,13916971594934227119,16015597200612309528,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1308,i,13916971594934227119,16015597200612309528,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.1.1645993177\1356178875" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4479d42c-4223-4d32-90dd-1c41c3ed9fb2} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1508 420d958 socket

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1280 --field-trial-handle=1400,i,10819728902228344837,16216208301798338309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1400,i,10819728902228344837,16216208301798338309,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2628 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2564 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.2.659613970\1049454579" -childID 1 -isForBrowser -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {394603d0-5d85-4b4d-87ef-167df1509aa3} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 2392 1055e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.3.557246172\1102971795" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb018916-2591-4628-a6c1-10725f3aab40} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 2836 1d574c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.4.189560883\1366671864" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3736 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c898ae8-39f5-49bf-a5c9-48f836f4b370} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 3752 1fe93e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3140 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3560 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.6.7876548\314357859" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec76431-eec9-48db-9894-587c7ee42501} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 4056 20c40958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.5.708752569\462702139" -childID 4 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efc18af8-71ad-4bb9-8bbf-6b81daf6f72e} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 3844 e64158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.7.1989772997\862654565" -childID 6 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {060321b9-668c-445b-8a5a-98a3b55f5094} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 4412 e72b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.8.1180697897\1846494398" -childID 7 -isForBrowser -prefsHandle 4512 -prefMapHandle 4516 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bbc1136-cfe7-4c42-adc0-5721caa0cfc0} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 4608 18c3d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.9.1762031306\679881295" -childID 8 -isForBrowser -prefsHandle 4428 -prefMapHandle 4500 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99ea5e43-1c57-46f9-b03b-a7d55b498492} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 4624 18c3d358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.10.311954137\145900164" -parentBuildID 20221007134813 -prefsHandle 1940 -prefMapHandle 3480 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58198991-47b2-4e33-9795-9d4b28ff09c4} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 2056 1fd77b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.11.466058540\40109382" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4572 -prefMapHandle 4580 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92040c4-2b9c-4d5b-a0c3-ebc26d6d92d2} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1940 1fe90b58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4292 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.12.738516856\366738803" -childID 9 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2864446e-64bb-4e77-9a3b-9ff9a38f6d92} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 5068 17a52158 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x574

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1268,i,11532825506238301712,1852311123027709982,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50127 tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-hgn7rn7y.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-hgn7rn7y.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
N/A 127.0.0.1:50211 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp

Files

memory/2424-0-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{531DF1C1-C964-11EE-975F-42DF7B237CB2}.dat

MD5 463d6c7674a66125ab91113e4ab4aea4
SHA1 6cdea76c426c37f79a7122e2bb6d7d7db5f46d3f
SHA256 7a2dcde0d864550638144b6ef19693c12a582a6bf0908808f009b0050b3b9ef4
SHA512 3566388cc0982e37a9df25c61857e30d71be32859de338733e0009a04b218388d954bc2a67075ba8141aaaf4097a34971320effe7e87c42a471cf4514c80ba4a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{53202C11-C964-11EE-975F-42DF7B237CB2}.dat

MD5 dc352c782dece48f7928f1981dc47725
SHA1 9c68e66d168364873058038e243e318a22f60e46
SHA256 6cb47ae2a2a1fbafe11c959359bef1febb845cfccb3834594aae02a28bb135f0
SHA512 081e9f829c6864c7adef6d9dbf7e99280ac9ffc690118f7a3c278c3a066b8a2b61165722cfe1d550b10848d8dc5514bbf4d695abc95d1c31b265bfc082bcb7ff

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{531DCAB1-C964-11EE-975F-42DF7B237CB2}.dat

MD5 3aea3b788389cdc8c2446020e461046d
SHA1 772030d89c67eda1cdecde77131707cd9cb10f70
SHA256 c1e86395fd1df107033b4e56f5a2ecbaf2633dc88c550fefb5b859acbf0b9105
SHA512 45837661adeb04cf20c5fc1866daffca1b80b5e3c798cf3c8255406af6dc396508477fba7564f7e1c159140e6e82b0fea5ccb034bd4a68394c195705604b745e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{531DF1C1-C964-11EE-975F-42DF7B237CB2}.dat

MD5 7408f9922d10306639dd50d518f7a56f
SHA1 501ee6a3bd6e73829d706334b5b326655ebd33fa
SHA256 e59261518e20c76a17d6f086fccb737fc61fe48e2b98d60a5f60609bb5290894
SHA512 530a25eebd2e8b270a16ad32ec811980d8a31ef7c321af68ad98d19080cb3ea7afc00ef647ae7aabbca33273637809836011eed43b8a3f04bb0e1058fa032df7

C:\Users\Admin\AppData\Local\Temp\Cab4482.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4484.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d33bf2ee1484c55ae3b9e396e1d9c0b
SHA1 cb26d117928182dfcd806ea8ed28b4b141db8f24
SHA256 a3af152c97d50ccf4e9f0389e457e9c3d383ae11ee7ed35a082dcc81518fe0b4
SHA512 4f05104ed7d7167c97702968e4399c261edd09d4ff2943bb1ca25b2c8affc75e05cfb8eeba7c632feee4f439a338937f6b9fda9a4066f72b45624dda27d6da14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d77755568afbfdea7655da77d2b5089
SHA1 3e7b4cb67691c6b28ae1c297aa979bae0e0f219b
SHA256 488c848881b13d6e081a0369f71ee5f7e3dcefc876dfc03eb697694f1db4e865
SHA512 2b65f558f12e372624910be296ede657b407bc5cf41540980ab56f9a806038616a2efd9107a8eb0473285390ba5efa54f975a73ab11dd0fb8235c1c3877b4dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3e2b375566e5ead7783bc742532f9867
SHA1 c2e10c9a9f85dcb26f3b2a414475954732d2a51b
SHA256 91f35303ac3866bee3a9101c22c0e28ca77d7fe07e0fce749a81a927cf278539
SHA512 5d5ba0ec76fcef22f73e6b59ad59e55e694854f2ed6024029a677aa866cf0fcae0086cebdbf4db107e55d272605c8d96f0ef5335dfc6c6beb6b0d312351d4717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 23e9dcee60d1a4632d6abbb506a42164
SHA1 ee04694cbb6fbd3ff944cae163100f3d509f0e6a
SHA256 5df852a29fc650496e58c2cdab549d3bb6573f0749283f7567ec0ecdd4f09f1a
SHA512 2c9b02f7d944e81468e55a0766190501d7ca96133b1b1b7a39fa4bee08675d1887e40d8cd1861e4693de9dc44514b49fe1af1aad3856d1d316c48955f0ca7c81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efcc20ccab30a11717ea9bf94dd4e5a4
SHA1 205b9d2fae544e6ba3eb0a912ca7944cde9e704a
SHA256 1aedde05e2ce62b866242c5a161d05e9044f9151ceeb6e4a61bfaf0d4226ddf9
SHA512 e0d9a316d67167c84df0485e08374f2a95208e64323ff914456ed4601d1be840b70e53a746b733bb59255fd30f3c7131294959eacf5810e8d2a7148d9a65c53d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74a39dd772bf26e54c53077360550dc
SHA1 7370c14538008dd0eb93a2ae4c5223fe483a3f4d
SHA256 87e48d85b7832b6b909398dd5aeb101c485a45a54902640eaf49c1dacadd191c
SHA512 44fbbbda337b6f6315a2e8ca3873aff8d624a6811514e67bfc65bba675cc5ead5921f723b86c9ebad0b372d071a8334b72bc0b6c6f670b5632d1e72c8f1e09a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 05446289450b3b5b0b8b254118648e86
SHA1 99fabcf0b04905706c70e1ea855361ba86b244dc
SHA256 0818a7ef51cfcd2a10fbfec75862a227bb942f806e2f7e4e3a8c8c9d80bc40f6
SHA512 7dfdac441f02e2688319af91aee10eb1c64ebc1e44b621eea5afa6bc87745341d1b72ef31a038495da73c2f5832c955d67e900e1c73a51b8477e506877ddc014

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 56b397041c61457640d76ee7029d5e65
SHA1 2aa7dbb620773a06db30fbbb9a585834247791b3
SHA256 f2c2d6e2dbba4e2dbe94b24a9842ee8fb83ad33de506a0804eccf95f68b01929
SHA512 51ab448aa594440de2478d3a177a04108244e5b8b4786fc78ffdef5f152653bb074823d5f156dd141f540af13d9382e69ff755f8eabf46fe381b7f8f989998a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 b07db9cc2874b62a55544ed685b02e5c
SHA1 ebbb80a0f3edfe31419ba7f12c3bc4b724362ade
SHA256 db2d2089fb4bad2fb86da57bec86060480179900d410bf470e31f85133fe4ae1
SHA512 edcfc5673cdbb20592a89fde2635a5c6c0470434be68191ea310703c9a42c682ecb06e409d7f927e5c9a4c39da751b5fb83207960caf4b415f8f1622d5f9b273

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2ZZSV4KI\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 718276703bbea57470125a093c8349f2
SHA1 0a9d9591c4d1aeb10a4c9923cf3d2e6feae33d06
SHA256 420425222b0077db4682430f5800bcd72347b3885599933b1be5aded3bf28e10
SHA512 efdfff6e1aa766e24c43f8e4ae0fda69f4a6b280fa0f9de748bfa180a4b12e0ff5cc6432e2eb4850aefdf2f0489ad36c32920f86de986fe5546d7b134f1a220f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3RPYUN\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6F8M26U4.txt

MD5 29d905de5b3926222aea74f7d4d42678
SHA1 9df596c4c37acfd3046e43c2f2a185701a25c0c1
SHA256 59a3b2797fdf6d195e3982f92adba111dbceaae9c181bdd3da634993891abd4e
SHA512 4af3337d4856c7386315c45f50e9250b2bdac2ed203ad632dc072fe10a098526e3b37270d2dd86ec9dc701d7d62aae994e6b8066adaf009c2164287b033aa9a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 3c654adbff9b8876e1cec0ed3319be9a
SHA1 d054814ce53136437f830380fc8e0cf0d43c77ae
SHA256 2f571178e485f6cbd9faefac74bf27fd62c5319df0133db53f9e6d207978fec4
SHA512 c6ab326017ce57dc9415e7a04ad728ff1f304e83feaabaddae5d92844bdac1be94642c8dca1c5391551d586a50a0ddb8a60eb5b4abbaa66009bdadc13b53a28b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25a01508da2c5f82eae3b04ddd933fd2
SHA1 b992c224da4061fdfb09cfbf6f060407b69af5cd
SHA256 837f3cb9d9c4b93a54bf875f2e91d87a22d79d310867097ab23e5eaa5342b32a
SHA512 3b25c80faf1d5bcb6b31b2065b82f8b03d86c6136d7c49fc553cc72399af9ec2b436c662bd27267c2de3f31f875f573a433f0d6c2f71baeca5af857baf589b2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76b11169c66a2477e67c899aece2d47d
SHA1 27552fec9638fa6524080b58fa1b49d3ed9f203a
SHA256 d8931fa22bb1c7b0033c205dc96c498d67d528d02a33732f6f4dae38eaf9fe52
SHA512 072fa92a6374209ca994e50da92b42b4fe07a2f6b4e131ca4f1d117393accba232d659e1c5c818bb5b347f4fb54d9b909dcc8a36aa11e4bdab836545ca072c2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf9b662c5c9ea32f3218f73bc35fbf3f
SHA1 ec198a43e5890fbc02b41750f01f0d5776f30549
SHA256 bdede0dd66114916260f99974a321bb33b15d96fc54dbb5d85e8e29cc247dc45
SHA512 c24ea3f4437ce5876fbcf2c2f4f6f5ce6cadcaad75ff37e0dcd9d9c7312c20457791ecac7c95a16f5f75c1224571db898fad6e5a1aba211e30d30e799511bdc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8042240a94acedad5bdc3bda52b93ecd
SHA1 4ad3601d9b424692e4283129c22a1654100f74f9
SHA256 1a85253f4f8fb817265598ecdee3836ba13d443c2852ef8e7c0177bf4b5c32e0
SHA512 9b4e85cde47e212c949e8335d8a9ba53254fd805381fb9f25989116a120dc6346c672c8cd35e502e44b9b37f3585df0ed0a86e472ba59fc093de0f126df5d283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 981b3d6e21a9a0c0315336f73432cb7b
SHA1 b5b43217603cf5de8b086450ca60fa1134b4aa37
SHA256 94b196853aac5cf349b2df01a9e57499c3f38c98f471405104db29aa6d1a8c4e
SHA512 0267a484107dce46ac1896af865cd6d8af64d963949a2a8be37d937bd7d62fb80f0b77d4a09713dda8c2644edda03225b3cb372eb392f9cb1b6d8f3772e566fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d199d62bc30a762c8a1fe451becb7ac
SHA1 82dd4d42c49301513e340ee64eb08d6b98c22c93
SHA256 5712c5c4ec78915687e4ebb65bb79e528e8f43677f8026cf1a4aa45832ccca5e
SHA512 bc0c26156c5f9fe9fc6a08b186bf1d04883ea84a8736853bcbb42d83dbc3916c40b8e47a768ae4efb9cf2bc7c19ef5950f813c26344ee654f9846c48fbed9869

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7743cf22fb31192347744fb8856e4e65
SHA1 cdb73d1758367af88e9db1d31fd8990781225045
SHA256 3e029e8063f1b7e9f5428348212432e4e488dbbeedbae9ea4c8f6d99166cc6c0
SHA512 45deeb4681f7a9454a265492cb32922a6be7d111b5c605ec0155bcccb809f894445c9c9673ea94ddef797d11561eb73caccf5c88c955473b04a2c87601c45b94

memory/2424-832-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c45e0616ec7c6b20d34f0f14282f62ef
SHA1 eb2336c1ba44a8932127f515d4f9e218c5379aae
SHA256 ee6a697a8106b3fac3486f60d6e5f0e42045f873c97455f4644a5f070d029132
SHA512 30573e4fdfa88c62f6f3a30b265ed6f794ec5e86a528922d40ce273ad4c5108b56119e63eedd639f7d9c29c36e3634e3e9800a0212d569838e01d10051b666ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf769f5b.TMP

MD5 589e746ed8178f7a19d0bee5fd458182
SHA1 243471e673d859995184a6be5428f8c346151419
SHA256 abfb6fe60c3a24b00db0f15e840a096ad5d99cb9bccfd2e574fd54392ebb0d1f
SHA512 33b545bb7d856b53c649ab0448134530d27485a3155b21e205e6ad2f35fe52b2ce8d2ebcb507e02bedb81edb84ecf8d5df3d8c42665ea17aee366da448c9f0f4

\??\pipe\crashpad_2540_WWXNFNWIYPFNESDM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 457384fc1002eccecceee4338b9c4dd6
SHA1 e018c51ffffee54ba304b2f9febe47e8ce44e662
SHA256 2fd47b84266e78512a6ec9abf97165d8b7bdc2c747c67a25c5c2b4fd8196c253
SHA512 40cd92f1bf7f1ff7f948722046eec445b8743c7b2e5f43bb6727b8753fa0ee066840ab60b2df79e10c90b5a5a3b9a05f32be7038b7d5c3e03e0c4177d2648aec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\db\data.safe.bin

MD5 7874742d9ab651ff6089365dc72c5c51
SHA1 1d5b54e1188ef008582ba97107587d6a41e254bd
SHA256 75c6a115cc9ea344e8e635962e868c7931bce9f6009286383121c91f9c3d1405
SHA512 df994f1c3d7ca7d7abc82ee6edec3f88257141bf5c038e426d736c7e778f4d377bf02a2742c477302e6b50815d73766cf6cd2ba70418e8b53f2050404a51f3cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\053d8705-2dd6-40e6-ae42-0bf8cc9d8775

MD5 25d09e342aa9e525e46d1aa4075b090f
SHA1 6c5248b3a1441b90a7a06776f55661a929081d29
SHA256 b8b89fa8f5d2836da0bd3234bc7731c11d1f3c5b110757fecf22d61f459e0832
SHA512 022464b11ebcdfcbef0678a4ec5bbd1e5e4190457185b11823dca0c207ac207b55e6b40d45e084a312060005afdd6a84ec0a45ff16b3808b75372cdd8d954c65

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\5c04d2e3-e39f-44ff-a360-760dca88d2d8

MD5 21a637357f89fdba66515829e08d7310
SHA1 561b97645334e9b8d179c07556995687c929f219
SHA256 a4eb81e3b2311a624ef2b388c12d6024225e559d8c8cb2ada6c598e3f225a3fa
SHA512 037561544e00e680ff8eab72e00762bcb65d39c7a05038c43ee8de4e085778c92b4ff98cd50e8bb4d028530883e0f5880631f7878a13d832b4734b25e14df957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs.js

MD5 b080b1a13b85352421c42628cb8e3918
SHA1 40617faefd44e4d6fad4eb4c6bc5652bb7b6086d
SHA256 420c5ea50dce225317a60e8117285e8824e892250adecd9d789f36304dd01adc
SHA512 95d6536c3114ba8842cf8348d2b9f457205d1afc6f75cfcae29330377747be51bf5e84a0b028bb2e4d2d2254cad8e6e293c97fdf86563afb005339c1b5ef3fef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b7fdfc050a74dfecbf4834ed5fd8392c
SHA1 3d124888d65f80484cc3e5d9b43ca05d94dc0bc6
SHA256 261d7591c1c63892412afafedb0fda9d3180595e256a59e6e1a96058fbaff88a
SHA512 dc685518ae0c203f4f101bdc8477efed869345bed5ad22730babde1ef587680a046bf052342e6691a3412a10a4ec5c17ddfd98224d771f09e8378b36a70f6598

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs.js

MD5 0008dc8ecf7647934795c90d54c388d9
SHA1 f6725f8bd3e9b5dbfb32ae217d796bfc408d02a7
SHA256 0087481b85ae47e68670bbdd68407af5609bf5355063cf4eda2a0d07f78c13d9
SHA512 17a911aa5bc9d27402ff48ce32cf83af199b22699de86f2882c1a4305a1466222e09df1f0624563c9d699be067d5cf8ab70c8f06d95a026f291004d6fca832e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 c3ade9f61c4af3c672b8b18685772ddd
SHA1 1ee0c8db6415a4c12c08b08904233306c379fb0e
SHA256 c957169e068df2559df10773a6f634c1cc4b36c8761996097c18ea7ad8f66c74
SHA512 b8bffff2ec9530abfd71eb8da36e1d57d4b32cd741e5ff4a3e94c58f49c7f79dbd62fa179a7bf7f84c22f33e17bd13e9703f04f38c07d7bef544c85f4cae2b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 8679d38dc91801d42851252414082da2
SHA1 5ba12a477c265124466f9bb4e8b696888c961bf5
SHA256 f962c449172fc68b3a275a9e450f1ade40fc6078209f166083600112baa6e82a
SHA512 c613beb4d12f437420af16e941f752359996716ae6ce5697e97371ba48dd1d176d9e8a3aa7648e5423e1c08e577dd0685bf75062e6f01caab54cc9f136ceb6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 560735a75143d6e584746cd80b1a76fe
SHA1 745e347a506ab8c2e19b08e3991bce44684cbae6
SHA256 6e55c8d572ddd3e9f56455d2b7e42d60203eb163a49ec64d74c50cf649e7a2b5
SHA512 b786f11182c0acbc3ce3d23199fe5f6aa622b0bbd39f6b127bd2f0ad06244a63e956708c5d9d26c22c334b3fd2f1dd6bafe9460d9b9698a86d28c309825b6afd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e2b23428b38b61a440319ce1854a4add
SHA1 60075420d5861e9fae7c07179838653e213e86ca
SHA256 1b3a2f8035a2fc45420c4a1ed831e11b74df9d9d7a21d8f43cfff6e9a0bead88
SHA512 d0922f9d040a2324d77c5d02cd3b5aa37008e49048bb7010184acd421a2759503f4cb2fb346073e202b653e840b766ba4b3beb66ad9f37846a59f526b904b284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 d417c45b62018a3c42a5797efb85f486
SHA1 4465e9755ed7b852be9f8c1e18622ff1063b1798
SHA256 4996858327f2986a67a16f8795805cc91ded5233519cefd9440109e659b5e8aa
SHA512 dce96108e12c6e43d8cfddf0b07c4194047cc9f3bba13a8bd3115c0014f9967edb8eaffd4355ee1e3548f03b3c8e41cc55d3d2c9c6145c71b44d171279f6fa95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 d294492c3db21f09908e93c17de9a8bf
SHA1 b81fb531eeb4fb4a2a372d484b71a6a6cab8fa11
SHA256 afcc2deb6717cae76123ade9cea3d79f11dad83cc25819fa2052106d4e0742f1
SHA512 79488b7bb2a7045d67eb52acfcac85a88dfb9f94dd0b4402bce730f254aef228036cb1fd6c1fde91e9f34c062e6c9780380c6ba0d4cc5b00e9187b31e6ad972f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 9eb545fd543052ac2c4f1c41eda5cbf7
SHA1 70c4e64cee4d28055a029f363dc77dc11d11e06f
SHA256 4bda908bcfbcb4ca4897f1613eff615e36c2ca7f3184e7ff7f426c4672b29538
SHA512 23936423a15f3d49f2cd877e2e23d5c265de3a7d8339ebd4afcfdeed7b01d98f7f69bcf83f0c7f06d634e35b98bbce850a0d58f33d804b29e6098559f7d22344

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 28e5581d03bf14af6b961df022fbce71
SHA1 5d98a3ff50b8d8e1aed0285fb688be935703bd09
SHA256 114e0990a5ce2a7f39d99188cedac2aff4177dba9b6e1c56709fdf80e0852128
SHA512 c192ee87741989e8a15d79fb5f15cd8395216432c8f8590c659ca191c234d2796bdbcbc713e161682a7cfa20ea85ef8c2c0c34df5e8e9001d021ced0d3ffc837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76da77.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 04c0660e967c4b2367da13ea6cc0658e
SHA1 f07d936cf5284661ca3416cb5db2e384ccff900e
SHA256 e930667d7830f8a62822531a6710f4b5fda4e9114a81045e938ae95318b2f21c
SHA512 1d7def2686547e15de9d3bfb5cb739f626439835a9c3692ba109fa5edf455963e0c44608cc155a45317acd65dc2dbdf2ec010f1b1d0ea8dd9f2067b875f20a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0dfa3ea2655a17a7991e61cc94392042
SHA1 f2bebd1591cb1a669019fa8cd32a16812004852b
SHA256 c65e9cf58da9224b43177ddc1ce2323870a7cf41fc5441dd21afc67bc3c360c7
SHA512 bea203b1bfa882b294851124f34df492240b1346d78ff723694bbd69c9c1281d465a8b9e6015d2bd33226d91e92e1c3f6c862ae29363cf424ee0ca78ec69d4b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 f6184bafee4be4e0179664a6696289bd
SHA1 5132c2d40587621f20faedd954aba04db32dacec
SHA256 c2c037e92cce291e16693a597a77733b8e2121a02b4394ea9326654d1d76a83f
SHA512 d1fdf95816dae49ff7178f68f92c3e94aec5b6d0e96f300f1763262674e888b4b83950f051471cd41c7974d4c7100e9439be13ddc057a0605da86f88c3f68d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 8dba1030059c0a051491a85bccad695e
SHA1 1c19373c7dc5c388b26884b9146095e44070bea9
SHA256 5de42bda76cb9cc03487866621cb78532ca595b367489a8f9b392ed0812f0ddf
SHA512 26ed74980321134cfe68c3eec3232d3f01b162d5f1b074ce669a966b453c5885775015cd41a6a89fed9179c67ac9dd644c6b263da0231bdcb61a5708632f60f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 e0cfc86d6fee1e4fcb2ca7b79a374092
SHA1 1c441e7210b4534b6523724b2c1134e6f8cf274b
SHA256 07d7adc683a9590cf6582cce94e0425d43a44590adb22f9fd9de54a792ae8562
SHA512 9f10d004710526accc20988a118ad9a48b736122a74cc2f18f55bdca45bf631724dc3a582b0e7c9f823f9725870a9078e80ed0be5b3cc7a629ff980c9cb01d0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 e2175cc2ba741482e8db4223ac827364
SHA1 2a400f429045f34db9f6136c4403592105ff0531
SHA256 0844dc81e0e09409c6d04c2b2c5c5198398d977630593a0150ad2a1fa442f8ab
SHA512 ffa838cca12287e132584832ab96af96bf086a4b35c31ba1e70bc4696cf4528b9819adc3b949c3dad77ac09a211e8d0cb867870019496b34b30f5139390d1fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 a7d020971edee484ea885fc4616e9b94
SHA1 8886c765643c22961bac6d7b2c3c8ecc81b06bb2
SHA256 b883ef00d35c211c6e80e81e27765a3a13cdc958461edb8c2c04841a8a6a44c5
SHA512 57532c64e20bd6e59771a201e5c35d821092813d6838b13752ea2f85fdcbe02cd22b2d318a4aa0f154e1490f89d6f7e5d20adf7211829c1e052fd5d7ffeb5972

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\189\{3ab6da50-3da7-4b47-83f3-7b5d78feefbd}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\idb\2360409493yCt7-%iCt7-%rae7s8p6o.sqlite

MD5 86ee350046fea666bd7a0936128753b0
SHA1 f9ebc123e1e60d1207a6a9ad7c8f507daa0bf783
SHA256 d831ff2d4d23ffd689eb6fa9572b512501f8f0385c3a3544027858c98232e5d9
SHA512 e6868da071e5896b5eb024b0390577a7fb67d1457b99ff1ea831cc450ee9e6e6eda4136c8380c58b3c563fe51912afe35b78804a91be62da244552de1019747b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 497cadf8d5b244acbff3b32f99beb250
SHA1 3afc86c8bd8026012fbb83cd973bf4614236568f
SHA256 e385343001e8edbe1072ea5b3f7a6042c1f8ae64d20ea9dc39bb565183909ac7
SHA512 863dea76c464e15170758b53767354cd76e572e30c6af95d9171db1930f5acc56bf6331fe3123cf7663355bf90e6527909e67fbe9c609f3c828a9d85fad67a47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 97027696541a7fb94895ccbe93e12aea
SHA1 272c4de36d01426c8591898c29e5464800cc6d4a
SHA256 c99218ab5a534efe5946016d7b531d14819ceb6cf1917276f41947cd1b38d542
SHA512 43cea545308f976848f42c4619e88405b28d544ba4cb601e6a6fba00244ed0f3689f14631ac6b4870d6e0d9b6b5756d007caeb3c847085e8c83fe940bd9fbad6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ba1eacdc4883c091fbdc1b2a8d636fa0
SHA1 9345e1e8723d6072b6e8f7993ae04f7bc437e260
SHA256 b0a0122c1b7e2e4c2ed34ee40989c97fa018a79c3be98df2577f82714c70b404
SHA512 0cec405f896b1195106cd26950b85729e04e9098eaed6c58703425045a138c21d64dff77e5562a3ff6574f4c8f73d1ef86a3b27ce8011332044c767ab68bf094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99d3cf1dda5507c6d2da1e3c54430ea9
SHA1 03ed04b364c0649e2888690d2e71ab0a68494fdb
SHA256 410b8e35f9dfab164dd745abc3af37f81ada7640d67c6518606ea39a0bd1f745
SHA512 4f4dbbad1268faa822dbf2f74bb244ee13da02ce606ec6463299524c94040298e424aad1752d4a26158c143b3e0cc4c83c14f20731c2b56e3009caf7f14c4338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b94072771a43d4d191d2d7643a8be36b
SHA1 fafccd02f4593bd4223481e032879dc4049373f2
SHA256 86138044cb878887b99c924cf88984a9431c933381a601b23f4692d52be14c7a
SHA512 d1cf915494d12a8e70fdb3a04943c6e42c6a9cccb0ed6f470be49dd9e1fec25c3229759258704d2b89ef5e2819045716e5746fb7b1f40e80d3634e989bdfc9c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3e85f777ffce3d70d0c0c063e2a84936
SHA1 b9cbc950df2fd33cf690ec10058afb12a77aac4b
SHA256 e72f53ebfb7551f79e68932eefe257a75a8066fec71b88beb36fa8af782c26eb
SHA512 47532d0e730eff7e57181d3fc34fe0f8474f4865a6784c074213adc89f145d81f0d410af686b0164aa0a08743ca8f8e740e88c642b3c93b17e564f708fdbde37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aca8a5e824fe0b639772ac75a27239e7
SHA1 b6f03b775f43e76c835c075439f4c1012f64b7ca
SHA256 a31faae682c32a1d1311ba8ea22454057e06a932005cfe6dff1010cc0c3bd1da
SHA512 233929a97db3c296ba7e7b06957a6ed6f54c47c8d5e8204399c1a91036c726703ba1b30e77ed5a9b6abd1ad12c43ed8eca33094f94980d4004ffc210a91f3365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b71eac7f2799703a5537627315051a8c
SHA1 26cb5ead241631bea47abe5d938420c40cbc56d6
SHA256 4eb60b16a3a8258c1e72be27b138fd07cb071f88ccddb9c9c842cf09789b1481
SHA512 341bdab9079d194f4f60f3fac0a30e76eec08736548a88c64cf510a43e93ddb1cb98264e963462bf54e7e62e9a22234208e295daa8d83063cec369cac22bbc4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ae7b009cd074ba1b33d510a5146c832
SHA1 c659723c9ce174a026dd4c3e065917264bb9c43c
SHA256 a90a23902bf25e56d6c221f5e17852858f43213a930c7ee2fc77674d6f5e91ae
SHA512 7cb7341ca937374118b91cde5d338a2de641e327dc5e1cad088e7668e931783b223b4f99663535afda4848708923ce90ce1bec7d20066958eb89d9c27bad9623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2da3db3e0f9fa33116e5caf613fb0e2c
SHA1 ed6c215df43c643593e82e821dd8dd65c09164ba
SHA256 f695b75fb06ccc9d513078a8a7e6b841ab7a10f3267c58bc720c683e528b7936
SHA512 79dcf15da4c1a209d0616f44dbdc27253a2da0a3bda0edaa6eb2db4e56b890fa482a129ce4ae627c3b96654e3f191bb3a00e5b0be20132ff27b0a2788a4e218e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7665732527dfaf7ea34a7e960b29c6cb
SHA1 28dcfebe16f2ca21a20c6a4b5b91a444e1da8b47
SHA256 51fed1ab9db58a517e36e280d0a13684fa22d71b2892bf69c7900d588a0ed3f6
SHA512 780c07c6e8c0e178b1eabf59fceef49aff14010c0461fea3760c0d01001b491caf36ebf35054f7e2ec154a9d7d4b62c8318b3912d2f9453793fc02275a76f0f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 51307ef12a071b6d4a81de087059b306
SHA1 48302155fde537fa33272b126dbd5cdd52050195
SHA256 cd2e294a14b33053a55dd4b402ddae8b0d3e5d0a2837bea3041b3394d4afce5b
SHA512 c946b497800fead336fe63bb8dd04133030bfb5d6c5675430379a973565b0d05e5344e3a7d892364df6cb8f0bd1d56e1348d672e826d61f8c1afff228b90a5e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8113c58a531a74f64e890bf32035997b
SHA1 e4f60698fad8b42e00579eefd697012ba84cbaba
SHA256 e3e6403b8fff2dc250ff54e215ca4d9f36a8e151ce1197abbd3aeb381c0559c3
SHA512 b2bd28ad5e42b296aa7f9fcf5c7e3cb4af61ecc14decb93e3c0f1989ec71f2af1be35be29980ad657a330b1cc952481d473871a417b038d91fa453624822599c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78fa204b3f9269cbc234641070cd692f
SHA1 ce320df801c70b14430a1b5c7a50fd91eda02ddf
SHA256 d30df9124126ee908d2a490ba685ea35151a2822ddd3a541eda353fe7c164920
SHA512 88a9614c37eb7ddcf1b9b06ed28e7cc1fe970326cb3d9f623f2c2ab1d72cb5311966eb41ac84eaf98bfb7309bb5f24576dec8b995538c62e420fd0c3f235614f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b98238204a6baa3dbd9f71708c9f620f
SHA1 e4958a4bc495b5533b904e8145f9588632b5094b
SHA256 9bbc9a1d32ffbcce579f1d92a70ed3225650dcb0e6b674f41d65333b801221c0
SHA512 ad007c45990954026a8f31f41e34b41497f6c7f823cbba0970306dacf97f638e73ab1ca1735f4dcbd1f73ddf35bc896bb8ad001aaaf1367441fc00e93647b7ed

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 1022309773724dfefea9b159a6fee426
SHA1 95eed60236fdcaa3e32e5cd7b9f22bcce50ff202
SHA256 b31cddd7feeabfb22108b0cb79f9113a3ec5afc6c633968c9a70c43db185cd6b
SHA512 e388c45fc470641ac2449eef0e319ae17c9b4a117d396c1ec62d86f364f74e7d4bec085240102b8add815c14739cc85ae6c74821ed96383f8846ad3229d62316

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ff1629109497fc29a78a705c86beded7
SHA1 005432dda8d097f3dfb27a9b951406a35cca4dde
SHA256 e9f547e5974ad2c6f27f4702e68d8edd7c05552ba6b313a8c4581eb4040b187c
SHA512 067f51e2af1f765b49a218725d91db6ab4bb0ba8fbf6d6d0648d973929fd8be016668c797d6de48584a77c07185466f3781962faf370f5b5d3850ec54b317352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 771ac8691e249d7cd4fa63a9a8193878
SHA1 a3678851b238b933646341bc98e63556632e1a00
SHA256 9282c989a6730edd11f6bde1e3c3d060a76d5aaef4bf3e6233e87bad68f3b751
SHA512 2992d8ec4feb59dd66645ea7a01e7d6272baddfe9199ca79d4bebb16e227030faef0a973fa2ecd3b6facc9a56c4395aa38b64a92532b034d0ac5fc27fb0a3d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1b791a4d-6d89-4bf6-910a-4649efceb156.tmp

MD5 67698dd109981525119001dfacfd11a4
SHA1 84829650da68e4070267851f1413ee2094d0d267
SHA256 fc4b48899f9ecad55b0febb26a3ca0b55e545c8ab08ca63f322760efb2ed6cab
SHA512 e0f4c59b9fc889c6564f9f9d04e0ecf05085f823533934e16ebb40be1ff359b010d19f715192733d1d020c76b12771cb8b2743d395f7b9bbba5d31609713a4ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db9cb2c4452710b5cd0349c1134adec0
SHA1 31ba44dade303e568a11758b9cf7ab506707a0bb
SHA256 ae29db78602caadb61408bc9ea10d71367c5eb04ca5ad1b9294df8dbda58ce04
SHA512 eacd24e4559cda5e11431437dd126efed0556cdc00f85d3803e301b40cef187e159fe356014e97fcbe7e30f3cfd65214ce6a5aff1fa57663ec1bd9ccbad8e49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ffb746863cac5d93fd32156c51604b1b
SHA1 d6c1cbe9dd006e1b2038573f90950ca17786bd16
SHA256 acaa8adf6a71b52bdb1a0b6d05785e1a2b0f30ded10144f4e5f7f86f23244c7c
SHA512 e1b117c792e7242a22f33b444053f203ce9126237c54065a55ad8e2dd4448b7e2e114a17fd09f44227a9ee3002f7bdc09eab863d2d123a4bfd2ae2cc9edac714

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 79220113575495344fbe73bab52df4c2
SHA1 86b702ebed53c91a8a8e60e28ef08e26f5e6e0d4
SHA256 a66919604e132216f427f7680828fe52bb08cd7c15afa6768e76a75980dcbb54
SHA512 220fb37e2bd0786d9f447d11f0d975b936b9f5eaf9d3e3f443bce30b1a6caa2f0769e38c741101ad51f31cd7c27460b7f818fbb52129d4f1ecb407935420179a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d4604c5ed0acf217d5c6eb0595bed611
SHA1 55ab0106c164ae450d5a032aaddb33a0ae3e027a
SHA256 9c42621975e039f21e0cd6254542345f8904ac50db944da6fcab9d111bb73b14
SHA512 36b73b8d21feec559396d34edf1e77d508fae1255931f5c6873858064f566beb30050f528f29cc2460460b1ed705b04cc72fdf93250dbff87319fb124575a57c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 de86f7114888af9461aae6dc405d067b
SHA1 e644a6275b3ce7e40dde4fa3e485d8924e42fbd9
SHA256 ed8fd005d5ef22a8035bc9655196ca9b441cd8efcfef83a28b5af27663b6406b
SHA512 dc2b5806a36aa6f1a2cbff9918aa3f1b941610ebe7e62b16a95d8a016bed930b1628a0d65bf5e45dd0367386197c6309a4a03d9288ad9eb7c1509a9f56cd518f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 41e168303a02f09288f2066b0c86402c
SHA1 faadc612f2caae2034ee746488def3e14e614dc9
SHA256 b1782eaa5f3aca4e86300f662428d4a6b20228ffb25839a56c89f212541c7f60
SHA512 c0afb1c21ee1a32ee393e9f2ac508fb54bf18b61a2c3f4fa84cc17912ad9c25c2e15d51c043606e2a3e2114bd3d6de366bbdb76f9040716ae8e7a0c2942d4f8a

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:05

Reported

2024-02-12 05:10

Platform

win10-20231215-en

Max time kernel

300s

Max time network

296s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521881239845645" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414479470" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414551133" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5de8c116715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4f56e11c715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 83aea716715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4780 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1224 wrote to memory of 4536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3936 wrote to memory of 5132 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5132 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5132 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5132 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5352 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5352 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5352 wrote to memory of 5368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5352 wrote to memory of 5368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5376 wrote to memory of 5424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5376 wrote to memory of 5424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3936 wrote to memory of 5452 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3936 wrote to memory of 5452 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3936 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3936 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5452 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3936 wrote to memory of 5576 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3936 wrote to memory of 5576 N/A C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5576 wrote to memory of 5588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5576 wrote to memory of 5588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5576 wrote to memory of 5588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5576 wrote to memory of 5588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5576 wrote to memory of 5588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe

"C:\Users\Admin\AppData\Local\Temp\c95f625c3fc3ebd26d0f3d7503b38e49c2da49594188a656ffe28e5ef55e640b.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb57929758,0x7ffb57929768,0x7ffb57929778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb57929758,0x7ffb57929768,0x7ffb57929778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffb57929758,0x7ffb57929768,0x7ffb57929778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.0.517064313\1268821802" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9d4a340-6d6d-44c2-9e1d-ec1669eb67fc} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 1780 25fd2ed8b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.1.492193221\778422297" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37caecf-a0de-441b-a846-b6f5a5cddc5a} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 2144 25fc0be5158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.2.470120682\584087946" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2880 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {937647d3-97ca-4f98-8a77-34a07c3e9f8b} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 3084 25fd6cf3858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1848 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1856,i,1386978948896165956,5426713301247998465,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1856,i,11956228949179197216,13272891301295928856,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1856,i,11956228949179197216,13272891301295928856,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3928 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3792 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1856,i,1386978948896165956,5426713301247998465,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.3.1715938277\1330054076" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3538bf1a-32d1-453f-bb0e-28820c2c8016} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 3516 25fd8206b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4724 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4880 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5108 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.4.2114926095\1199215387" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3504 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3691cf2-7050-4df0-b7a3-04f8967716c1} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 4184 25fc0b67558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.5.2124721089\982309612" -childID 4 -isForBrowser -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d7ad00e-8fab-4550-bcdc-cff8cda8f89d} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 4736 25fd95fca58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x418

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.6.619642000\894545455" -childID 5 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6966b335-5b7c-40d8-a1e5-106f66344523} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 3156 25fc0b66b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.8.842658577\1964052989" -childID 7 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e1bcd8-f409-4572-92d1-d0d0c0150a02} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 5388 25fd561aa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.7.1134505474\1670443495" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5252 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29d3bee-4e3a-4f5e-ac29-9136f7b7f64f} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 5248 25fc0be4e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.9.1598953170\1583104578" -parentBuildID 20221007134813 -prefsHandle 3688 -prefMapHandle 4320 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90c457d-5379-4f69-b34b-d1c11557fb97} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 1540 25fd2ed6458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.10.1204428053\1162700321" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5820 -prefMapHandle 5812 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb5ed96-f08a-4768-b21c-3d911d74392e} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 5824 25fd9205658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5536.11.1247802378\1984056008" -childID 8 -isForBrowser -prefsHandle 6040 -prefMapHandle 6036 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdaec6f2-15d4-4ad9-8e95-25cb3efac690} 5536 "\\.\pipe\gecko-crash-server-pipe.5536" 6052 25fd9b05358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3212 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1880,i,795315878775076300,8771218519928430171,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-q4fl6nd7.googlevideo.com udp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-q4fl6nd7.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-q4fl6nd7.googlevideo.com udp
N/A 127.0.0.1:51163 tcp
US 8.8.8.8:53 rr1---sn-q4fl6nd7.googlevideo.com udp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 198.140.194.173.in-addr.arpa udp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
N/A 127.0.0.1:51172 tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 google.com udp
US 8.8.8.8:53 clients2.google.com udp

Files

memory/4720-0-0x0000027E06B20000-0x0000027E06B30000-memory.dmp

memory/4720-16-0x0000027E07300000-0x0000027E07310000-memory.dmp

memory/4720-35-0x0000027E05CF0000-0x0000027E05CF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 dd5500b1e95a28c9ce6ba7f6cd5b0dbc
SHA1 53855b48a3afc4dd3d020a110082e03b93d58ae8
SHA256 f53509ce859bd4bb1f2d8ff9550845f70f3cdd44d4e9d0cd04ef54812c4cf255
SHA512 15415fbd19e46b293f27f60188934736f1d655a8c9a18895db3d81a78afe78581347aa29fde5ed8699b622b1098e079324a290b17a0c4a1c7bfd8d45088b3552

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a19dd63029001bd4dc9159c66c68636f
SHA1 a3848eb31c412d8d111e3b1be734b27b9c65967a
SHA256 707128f00f1df2326fa155d2e0c2be5b5d6f3689048fea7b24168db57e8b17b5
SHA512 a3112e4af7cb0ad9304437b9705ca7598614041e61a83698604d2e7a60324440e8848405bbd7ba93b0668db4227b3e52541a47ef1593322512e0bb82031152ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0UWHYO4Y.cookie

MD5 182d66091764ac9d1a0204da0ad7f154
SHA1 2a0b387e6b2e86f225a928dcf8979b1c2c5566fc
SHA256 cc33fff2f87533a9fac24745aa7eb853d7d3d954f1a8e0b6132bf4693e497df3
SHA512 571d5baba3bc45c582feb181a62d3104d0624869cb29cb59674261c926506a15a86131393578e200426563a77488f9323ff3f2971885d34f983d4f45710a9eb6

memory/3060-120-0x0000025599940000-0x0000025599960000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CV9BQQ58.cookie

MD5 206f452c2fc9c29f8ae75614b9c1883c
SHA1 62ee1fc729d1da6b4ab7d2bd3a84e317454fbf6d
SHA256 66a1ac6e650e873a9b24d1d3134ecb75a0dfcacc357520115e8ff2898c0e217e
SHA512 26a0e79267f22b113afda524d729eb378bc27950bc5beda33cdee327a6350d43adc614dd1e46355c66e86478672d3185c0aaafcd52887141c5bafe642d4f535a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FHSTAQ7S.cookie

MD5 a525b01c912ad212186c799d3f1395d8
SHA1 dec2ff1655691932aa74869e439f4cc4d370b6ec
SHA256 f954b38c10ab4f8872313ddb917bb09f0bf42d0226a630dd00113820005ea3c2
SHA512 2e5e740850b0d3cfeb639d33d5ede062f1349ee42517c0860eb1e4872bfd71e6f774238db135031b074c37d4a7898622e909ee62010ab79a2a3c3317f6946cdc

memory/3060-131-0x00000255994C0000-0x00000255994E0000-memory.dmp

memory/4532-162-0x000002894A290000-0x000002894A2B0000-memory.dmp

memory/4532-187-0x000002895A9A0000-0x000002895A9A2000-memory.dmp

memory/4532-193-0x000002895ADD0000-0x000002895ADD2000-memory.dmp

memory/4532-202-0x000002895ADE0000-0x000002895ADE2000-memory.dmp

memory/4532-206-0x000002895B0E0000-0x000002895B0E2000-memory.dmp

memory/4532-208-0x000002895B900000-0x000002895B902000-memory.dmp

memory/4532-212-0x000002895BA60000-0x000002895BA62000-memory.dmp

memory/4532-216-0x000002895BA80000-0x000002895BA82000-memory.dmp

memory/4532-220-0x000002895BAA0000-0x000002895BAA2000-memory.dmp

memory/4532-225-0x000002895BAC0000-0x000002895BAC2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c00c9e8c95ce29a412e9ac17b256102c
SHA1 8355ee1cd7db01a0385893fb736f530311db716b
SHA256 1d13932cb23cfb204032edc9ed7067af147450f3265f5046b8732dc485e7b57a
SHA512 d60a82361e36230dde7d99670bcd278c1921f71cfda549397106245979e4a52c2485a50c214904edf1b85e7bcbd30fdb1a74a7789cb0f6c12b7af9869ce1bd43

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

memory/4780-345-0x0000022BF7080000-0x0000022BF70A0000-memory.dmp

memory/4780-350-0x0000022BF7700000-0x0000022BF7800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/4720-453-0x0000027E0DF10000-0x0000027E0DF11000-memory.dmp

memory/4720-456-0x0000027E0DF20000-0x0000027E0DF21000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QSHUOPQL\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/4780-484-0x0000022CF7F80000-0x0000022CF7F82000-memory.dmp

memory/4532-488-0x000002895F920000-0x000002895F940000-memory.dmp

memory/4532-489-0x000002895F940000-0x000002895F960000-memory.dmp

memory/4780-492-0x0000022CF7FF0000-0x0000022CF7FF2000-memory.dmp

memory/4780-494-0x0000022CF8590000-0x0000022CF8592000-memory.dmp

memory/4780-496-0x0000022CF85A0000-0x0000022CF85A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O5YLNBE6.cookie

MD5 c8dc0564a1ac95e6b1111e553b322ea6
SHA1 6f6cf4410c1892255016be2752567e7744699b8f
SHA256 1b84075695bdf09db15e349bce9964f832cedce501727489fa246be790a774f3
SHA512 3b068104355eecbe656bab09bf11f64fe474516325a914736bfe1fbc305ead584903c009c963e6000021ecd26a17a4925b02730e099738b029c3bec4ddcb6eab

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 246bad092d1e2e19d5c570e16ef97678
SHA1 a88f6b554c315bdb22ae33fa073774bfc3645fcc
SHA256 04f6b7e18061534d9e8b73d6f2f468ba337d61729307eaba24f659fe2cc57b35
SHA512 57d32112ded0fbe3789fc784084b005d9f1eb1438238d366a12b5716b971a566d2a5928f33ae451fd9342bd0581e36c746c455b20f1c2292372bd4ce95e638b9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XHZOBHNR\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\efrqlxh\imagestore.dat

MD5 2e32e4f706bd9ed8013b87955d9b3592
SHA1 dd631176f3c8a193ac1e0b47a843c47cdec524c7
SHA256 f25d57bd6f6e3761d03e185fb9f377906cb8a67cdd466b1dc08354d8c0eb1cae
SHA512 b989a3bcb4534a77d6706be6727d55dec05efee75ec52b1bdd2c0dce89424daf339d2099fb0370e04df4d9630387401f1f4a28bdaae6f052278361f781197237

memory/4532-654-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-655-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-658-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-659-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-660-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-661-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

memory/4532-662-0x0000028949AB0000-0x0000028949AC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\9S84R7HT\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B0IKMB9O\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 f9e94c7aaf0a706fda64dd4bbd122059
SHA1 d6b386df1d98fda7427e4de37508392be375ba27
SHA256 00822e7e870211e3dd9d35a895e866b077b46a87b38ad4beb1cbada17ad87e1b
SHA512 fd8a1107c371a52a1ae7a39b1a246babcf2dfa55c42d08e5f11a8202e1c6a510fe9a87c938c3813ccbe759a274868f062bdf7ad5e776dff23fa4cc0a0a83b87f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HQ9VIA8R.cookie

MD5 d420ad6e81a1f02784240313fe4b093f
SHA1 936abb1951f5ed68e8784df73a5e1cb204697247
SHA256 b3dfdc170104311c68343b52b78f83c9ba7102c2f968df64591230ae40ebcdac
SHA512 e8d8258b3b1d5c6b6e9f9b913df757781560f1a2a0464a6071179a5f2f220bf071fa10b4ea390e5db5588abe622997e371af5ef8466c19eb9550725e9287b9b4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZV1EDM5P\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZV1EDM5P\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OZFI000V\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OZFI000V\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OZFI000V\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OZFI000V\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OZFI000V\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\desktop_polymer[1].js

MD5 683991804259da3b23402c3a0abfcb44
SHA1 768cdb2b81cc6b9fb8f7464bf1deda7b586dc274
SHA256 1d62b036ee8b74a47c131ee8f4a941a10ae1e5de9e404031542b965fa798a17d
SHA512 aae423f8eccbcd8245a6d8a038805f4c79c115efd0abd49e4d402c8ea5c1d2517050761921b41c0aba3ecd869defa93aae56bad572b63f24d1a9ce334b2307b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ce5d2510556c8ad0cb39c8d4569592cf
SHA1 caf92d96271359b752e07b632d0886aca9161a85
SHA256 d3576457eb09ec0d539a6337da44f773ac25ae2bc80f038b6cf99813b86dd92d
SHA512 6755d263b60573cf813845be095cba5f1d6367c18dc969247fcf3be6362ce610717072f4d578339ae35a260268294228d139cd34f3659fdd50e0684bfed495fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 0be02078dbc9121343338784b2939a34
SHA1 6384bca01d676168c73def8c5b3183c84fc106d1
SHA256 1f428668b12a1eb4f24e70d50768ea15c2b14847a5dda5439aa52d57fd3bcf9c
SHA512 2567c510f3737c39b2169b4486a068262907d47412c9b12482b2393d4b33f4c6bfce0cee719a32badd7b55d6dada42d57e28bb4cbff1b9939f674df7fa686b03

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\174LFZYZ\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\174LFZYZ\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZV1EDM5P\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

\??\pipe\crashpad_5352_KJFNYDXUVIRHDGUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\e4a82c45-cd33-4c58-8388-cc5084c02bea

MD5 6ba346e8d7214456d4ac985ce1619241
SHA1 ab7df9428d72d013ddf6b180c4b4b8da9dfb2f58
SHA256 b5263d4ae776a540f32a928d33be61827da5a71ee3500dfc665cfb192ec59130
SHA512 9b403704d987bbff890631d79a5d4a8caabd6412c3bd2c299333f6404825e972b620fe4d4885524f804d1676b23be4ddd88439c795f14dce14ed1f94f5b22385

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\9ad2723b-060b-46b1-8c60-43296484e9ff

MD5 47d30e7a40ec6ad59144625f7c1780ad
SHA1 e5179f3661c291dd334d2fb6b5887c5d91508e5a
SHA256 923cfbb0e7cb1ae65d22167bb273591c778008c94828bc75fb9d5097e59a337f
SHA512 18f260b97e5127072338c7d0ca71080801f27c860c0d4b9c4b394bdbefcb8ffa1b7bd9b2562bd72e5850b86ea560d3af8a7090fb82366a76b3f5d0a3c32c0e4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\db\data.safe.bin

MD5 d954de89c165609b2f524e60bb8b3afd
SHA1 07391275383dcc00203eadb740553a4f7493a32c
SHA256 6f940221629285412d72959f61145a41194b2f0edad4e6ec4666bfc04ab3d7ae
SHA512 e61ab10ec17943f11a2424a6877a204bae14e38090ae8d27c11965f4350fce014cd94f1b8e717620bfb69297f89e5250b5a2bd4bf90ab7016491ae29611c0919

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\403e6374-b8a0-4fbf-9d20-4e6c9a862d39.tmp

MD5 5ab4763de365f5079de45623e39f79a8
SHA1 6bcbc4512be6305b1e641f67cef206175a5b71c1
SHA256 31413eb31737daa6ab48833208967b53c8aa52581a5ca24d45e5860a6a6d3cd3
SHA512 ab29c8d41c1d764ac7f3c6e6d563c0b3385c00b6ad444621220d30f00e25428d774fc003c5597a6839370a09743d147aeff55a1c85a34f025afff3921a9eb9e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a5cf00f761c78bccb97e42bd05dc227
SHA1 76bfc5aad8a41ac391307eeaf1c565ea8f1b492e
SHA256 226c5e08bf2524379166cb89f6c0e1ef541e6e93554f827784fb81db1f5ea0c7
SHA512 f7d05a730aa8b387670a1a663f64df9cc520e358045841020ed3d1ba21d57e4f5508c484f2b8ec1fe23efb5316279482800edb80dae51b8d0bb1ab53dccfc1d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 590fae3b076707d35940ee5a857fce36
SHA1 4c77ca04be9bd4f6605de0d90ed095fc498f2557
SHA256 94d8de1f75872cffea65cf2a216119af89f6c08e84aab766e30bd5b96c152093
SHA512 4591b8a954ac7fb6e9a1b5f885d320b9d6988b78af0cefe1e2269df5359127bd51031b24ec235a2ab54dc5ba2bbd049347553fcefdb9cc075650d6470de17986

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs.js

MD5 cb3b7543215579ec03888c69c087d63c
SHA1 fe67ebfd874116dd0b57d44b520ec97b67640225
SHA256 74a54aa79faaa59e435a4dd745f163933e433462ece3039f3ac37e6a18384ef7
SHA512 e0c5d6a9f9e64ca342d836720682c60cfd9965c8915352f4e683da169e5b7c66772726ecc24ef73fa9c3f7124c40e94efb09297e4e2d5489a2c99337e53561e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs.js

MD5 e7cc766e89333455643b667b0f5f1593
SHA1 579284829943a0d92373e6eedee6b9e5d1093a21
SHA256 533463846b7991a3124ad16b5c0beb8c616905566306b7b95235ea06055fd708
SHA512 0fc3c3674406b1f75a141ad9a2ac2967e52af0d3ee2301b4188c2182a60fb123fdb7b7ef81aab3e1255dde4669dc9bb2b52ead5271b10df8beb5529210d05aec

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\174LFZYZ\KFOlCnqEu92Fr1MmEU9vBg[1].woff2

MD5 08c655068d5dd3674b4f2eaacb470c03
SHA1 9430880adc2841ca12c163de1c1b3bf9f18c4375
SHA256 4fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e
SHA512 b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5VG3AROJ\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GGGYCJI3.cookie

MD5 33cc1bdadba694c88c61f67175afc14b
SHA1 4e357f22d0385c23545af1fa6954b5b87b0a9cfe
SHA256 75bdc1d16ce3345668aa31b64fdd83d78d10e8d9f3eedc7b37846020c8f4d6b1
SHA512 ebae3ad84691cdd8e69b065e835bf4455cf52234c54f0c4dfe763d97f1fe10cf75407defacbfdc5434281f08cdf5abbc554e0d6cb23a78e8a5d0690ba0172741

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cfa2fb905aa7c500439edb3609b36f5f
SHA1 23416de1309bd640a7d78309638cfa2851fe7fb0
SHA256 5cee85dc8a534412dc7170e215b9bc1cbd1a08ac012d1d7e1d971243ee39d0b6
SHA512 b37b45c2f28ffcb82c02b615f7ad2c9f6968acc7ce3634369aac9234e71ef1646feab7a2c307f5730aa2ea727ff9e5ebecde631c0d12a964ae3687fb462a5926

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 38ec671d2582d83cde1565863f778529
SHA1 07b1b3fe99055949831538d503a02d87f9a4c603
SHA256 562219e6562064d2f43ef530c14f62444d8b07ed9c03283d6f28b0eba2530221
SHA512 709a28107f8f75bc795265b226d9f37e4da2ad0f641aa3606f164e511d3b5413dfc8d8e5f4050e3e91177d131f0222b6a012263a5a113267b322631171e3933e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e34b.TMP

MD5 e4a17b452837e322020941cc2c466910
SHA1 22e59495cfce05e89e582b47092d8b3f910fd0e3
SHA256 71c95a718dc253fb486556af23cebb92b51ce966437793d10ffd776cafdb767a
SHA512 0e030c2242fffe49cd0781ec0e67630cfa326bd45390e062f9cb6a2be5dd5d49f39e457c6a6aec0d9f334251af988fad1a4fa20ed320f10b706a13ea92e7bcff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 12b438b9e0d55ac0c229a08cafa137a7
SHA1 2ff047986ac8cf577bc2ee87a0796433eb927fa7
SHA256 4d1f80bd26623ab681495895b4222e7d4658018b527ca62daf4d004b85464dfd
SHA512 a66331571b263c2e0701f3dd0955665a14e50c1a47c49a61b80acd80e5eda8975845e15c9856df93e24c8503ca9caa34b5859b1bc85defe22005c5b35d9fe9f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f27947da6e6fbb7e50482d21476e1515
SHA1 c67b7d9823593226e927a6c151b522b3d5d6af8f
SHA256 6635394e1ca85c8ad05222bf8b7c07b68b19469727ffd069bd877d123ebc2094
SHA512 18fec6a794d9e76abc50b43ad2ca275f458e448ff9c15d6987ee77d4c4bc9c5644f976566b0873c9da94bead00d791bad3591ff1416b2f8ad798ce37ed840989

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs.js

MD5 a4e3c62f1baaf203c9d841e07a07de5b
SHA1 495680978f531683dc85d6dcd629eef5ff403213
SHA256 8834d7a9933aabc14e04113d0513c90d9e98b13d6c0e1fa15b91e57387aa8f0a
SHA512 dca2948bd8e096f7641dc5f827b0a73c029acf2307a01ea29f7772002ad51f14eb2d8dd5795c01f123990ac79161d826fb1e4fa5588e96f25e10974b58ed06bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f23c674ba14c90d257315e05446bc785
SHA1 110acb9a9e1af26bd7082c143d3a20f5e5eb1ea7
SHA256 d3a45a2043d8e36eedaab25370b3837db3305833f89dea8b000f247fce97642b
SHA512 5730ed841aaf952bba0b7af93d46f91f403c51525b8f626607d89db42529daec7334466fdafc939c6396cb6d0d255d55d62fb418614cdabe8b4ff9b6a8f40b4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7b11b87bd1a88f1cb9bb7bee7e96b3e
SHA1 72e70a7d1c2196ab7f75a5b25d7f7f3f31f9b136
SHA256 3aa9e8ae7edf9dd18e4ad328fa8415622282a33b27e259c54addb30c5ba2a8e2
SHA512 7ccc9b39ed065b4e6d62d7fa7635c9c57aad04588f12646dacd70ce9db49addbde9b12a5bd96862a90fc4326c22c799487e0b1c785de2dfc2e5c7824d02442ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5376_1602225945\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZOE0AFN6\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c1ea03552cd3d07af6dcf9012477d46
SHA1 e222cce8c810d1c3e623251637c1dfcac8b3ac41
SHA256 cca83cff263cededa74043eb2b24bbe0e003768c3af8e4460dd48d572106e932
SHA512 cd14cb7603fddaec4163c06b87927f4ace1ddedd475ff98f6431580317a54b917f2065e0017fbaa0881e879c4cc0fd565b81ad021c0d1911c62caa8484f724ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 957437ce829555cae0831162bc21c26b
SHA1 a336748818a7121c2c412a1b48561e7705326997
SHA256 1e65f4c7eb5e262862cff2b75d3ec2652ada0beecfd71a1af7af9837bf762482
SHA512 f42eeb797d443af72f2fdd0ebea861c5953c4b6fc3e97054823e61d38feec971c9e6d5b6b4778951ff766fabd5d1a71f2770b1f60b82d332872c183fa9c07d63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4be8626f109a6bdd26e8b77d0aa20dfe
SHA1 ddf9bc8060ad5c49a8466b8bac59cb2655de7fd0
SHA256 f3fa7b600ccb1c1c92b7fe73642e7145988057ef6f1460d548e9a8169d929c94
SHA512 dc6aebf38c4834c94d835b03fb05fb6cf242b81f84a11f9d91fef75af9800d46167f891599c69d4d834b826f748741c8c4253c34ac1603bf6286eec7ecda8a18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583350.TMP

MD5 79db7868f4e704189997aa6dc2c253c1
SHA1 add865f9c6e4a29697220764f351631460f84dec
SHA256 ce31d1be5784fe6d56643e2b9a0bc5b3e9d1a00e0390472f5e2dc7c986bae681
SHA512 adfcd5fd98989706994e7355d37aad8b342677e9a81d5bb37756f26aaaed923800df85f51f19fbd622fcab9fc3183dcced9382514f72636f6f422f51992174c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\cache\morgue\183\{93515903-44d9-4fc7-b5c2-13e76e6ea6b7}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs-1.js

MD5 825b90e22f4c50d6664f182ad80299c1
SHA1 36165c9a8d8f293cf099693b61121300e5855c14
SHA256 4698f8c27fe2ac88a48f61c5fb633f6e01f6e69370a8c694b3c077a3e2d58762
SHA512 3c79610a1b6c1e8a7d4b644f442fecd62c95b151f3595a8956f2d2580f10a346128aa002f38af58ad3bc9b016da02b8c39cbd9c93c5cfb4dce5f28b3306111cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fdee3299db37adbe5c7d99560558a8b2
SHA1 9009aa5578bc280b710bed64a35a0900a51ae34c
SHA256 faa3559dc36e623954ff020c9c15cef85a83a537238c8e8695451781306bd25c
SHA512 d31f4c0502c282547f0e948feb2aface27cbb2ac61db0d55daf57505c339eacdcca8b7707163cc39409f3c33a31d0edc07af732066ac73b5393d34ed8d56c061

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\idb\1387859251yCt7-%iCt7-%ree2s9pao.sqlite

MD5 f84f38628e1ae40cb19078ed7523394d
SHA1 efe843328022695b5142757bbbbdee26895cce23
SHA256 7c298f8a2993122883b6c5667d1c20c30510b1346715d39cb0d1876f7a10a2fe
SHA512 07823b94432557717ec042f7b91a8b6dbf13bdc7c8f59064f3feed1b5228a9a20a271772a62f7024555281f0e3b3ab84a530db5aaaf57473c1a4ea4b182f1210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 deb1e68f2eee0f2d813369028712b8d1
SHA1 787adf3678c232abc9a946c604ad2b7546888728
SHA256 0486a23fc81ac83117dfc53f945a5118419b67f699ff8d605f630535a9c6e6fb
SHA512 e16b92486fd72c9fb6094aefc5d8e00bcf598cf8f7a3e8cf4c8d38c8ad129b57978f049ca4def96aa1955ce68d12eff6e854494ebe8b10986b732d5e832dd649

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ba3f809-94b2-4c2c-8a9e-581fa5233db3\index-dir\the-real-index

MD5 2eee8f6e08eec97030ac7621adae272f
SHA1 def58e011f2b2206bbf3dda0ee8086df497fdc6a
SHA256 4ae615e7ea2ea9a6234166b0e6e33cbaea8e4f58f96ddabb2a18b59387b94ef0
SHA512 6c7fda29ee1e3e33abccb9a5fd9cbb0b4c30d24c4f6c0748a9a5ea721dbe2f27756f01a9241daff49deb470d4cd9260b544d1b658764121ee9da0824696bf9e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ba3f809-94b2-4c2c-8a9e-581fa5233db3\index-dir\the-real-index~RFe586906.TMP

MD5 132aa1351af62b44bde227ea9fa44e51
SHA1 970065071062dbe498635b4d70b29cb6c5b19f0d
SHA256 d427bbb54457a3cbbbb930bf25c79abbb1001a18d21e63c0f2aca446f81ca124
SHA512 a3b17c850fd159ce93d2048fc7bd39a3b2228431ef739ab7f2c4f5f59e511c34bac331e8afd719add0b994ac9d780b44933e809032654bda373b5ad58b2f77dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f4db2329a260b5792e5fc19b407334d
SHA1 dd5d9b83d5453356235749097b80c9fafe1edf03
SHA256 f0319fd1c0a6c81487feed7178ac967221d75de843a69301b0114d97b9eb495d
SHA512 a18586aae7cebbde22e29e4d58511b69d9e8c3a0df065a788238d8056a519081adeed136214ea91082997f6b0cec47aa364118c08b9c0950e21237ac88b38399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63dc95ad137ed159304158f751f5e44b
SHA1 005d72cd658a24adca3bf52041ddabe282622b54
SHA256 c49de0bb0b32cf422b22e80b25411f0fbdc6bd9ae59b6b727b28681cacce8f9e
SHA512 726e02531c3a042326010265bdb8a2b5b81e59de4cfe4f6ef384f56513b336c03abe048af1be4f6f613c0c03cf90da589d4aa06ae5794e4f9747a5b22ca1a8f0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\prefs-1.js

MD5 0c1d31443ffeae873d6954a947dbb99a
SHA1 9d45c91c61275028d57e127adc05f2a3b2b4d4ac
SHA256 1adab4d93a97e9bfa02cdd1839a5e745e60812a334b6e1ca38743d7a3d41f3b6
SHA512 b50a0ae6afdcfe8d71b2f01ebc4636b923bdcd68287266b5012ed9238464fbac5b479720faaf91b7f063b0644ec70269bf8993866421a715b520f27b5b3f4dc2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KL6LR35O\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 72fc3d3b8b87fb3edc94f5031c32a2a5
SHA1 3c61f1487ac6a99bd68f7d147d4b6da1d51bc34e
SHA256 0d4779a47dd86749d764e566679e523787caf77c06f6e8b3d113fa5cd741c646
SHA512 fdc232130d47943d19bf412a99bbea6773934ed29a8175eee6a3adfb8e3e2379e07654dec97dac94061e2158e688a501cd5e01e62ce177bfe786290586ec165f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 9a6a9b2f091216b1013f1476bdf144cc
SHA1 c54e009158e690c5a15c5ce6a26e207f41261f85
SHA256 2d1b32c53328592fc995df95009d4024b871cc51f2ad9886a1737c3dea3ffd90
SHA512 f751dee4d49f3c3544877155666211a023c4914ddbf16624bab3f2e5136d00c5c4346c3fdf462af7eca6a7ad65bd43d5b7de07e31d06f9a571e63b94ad422962

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6b7239cac47400ed1cead031e5be38ec
SHA1 18f518c39cb0a9fbbd1995dddecab259da28b6b3
SHA256 fb55c5cc147d3b14fd706df8629a9eae78e5dbad379b52f6a9969a02155ed0ef
SHA512 139be68248c79d467065de65db4c0e7ebc5b91aeff0d6273c93bd9cd9eac28641f13a557b3d75ee2995cb59357c2a7f6d98fa738a3da63c2e5b6aff627b712dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee7b8666ea7e6c783af81642ce85d12b
SHA1 d506a5a6e455f4dba6703c3ddb075c7d912352ce
SHA256 eb7603d4bb880514ee3e935d16752ba0706b9235079e634d9c39d5aeaec993b2
SHA512 fa1744c547367b0c3ea63451f3682c05597c2641b1729dc476a0d15e643ae36e1fcad041e24170c1b589803286364503db54abb7ceb7dd1d73722c04718684bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ba6d4d2d5e498d42a22ffed7a0366d8
SHA1 a407f2b82f53041cc0e000b53348d44ff50ea177
SHA256 0864ee6fc01bcdb61d3c7ea66bfcb1778a95f3d345e3b592d35d5820897b0f31
SHA512 e719b8bd71fecf27f424c5909af71b828f5f33729d2f0770b998bed3cd98c2c262e7bf6514cfb980763af51ddda47927f80ea183f13f2c9733db988e0e9d8de8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7511e8321ef5ad2f7716265de934517
SHA1 f029d72488ad867603b521711bae74cd306a1852
SHA256 1a4e7ba9244cbc9a2993a9e903e86d17c9a17936ccb45955acd497bedebd6e17
SHA512 13b21db1e7ec4a5ab5e8b180b02ac0ee7cc429ca57cc0ba210c848fc3815ee2e1bd8107b0365b2cc9043e2204953db8c3b5a47504a9a133d3f6c7e37889898f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d975badadaefc6da84168bdf1443775e
SHA1 4908a05186332c25366d8084fdfb549064ec4782
SHA256 f8e1dd7e490ad63b6f5bf292f6a7442c652f347b1db0546701fff356205f66e4
SHA512 8f962ccc119794e77ea54d0dd0981872d6bf9ea97c7f6dbc8fc19af74a48fed1626ff5fef9aebd40d8d24f00084ef4d70125ef256255ee2c4bfe5a4ea1bbb49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 739de29034a07517115facf10268e551
SHA1 6bb33ad1f2f287c24ce65e7146b360f10cff512b
SHA256 4c5ebfa8ddfdaf2c15cccdff8088a6a21cf9477fd2d3c18b52aea4656d7cc2ad
SHA512 717dc7548cd8b963632feaba0b2dbbfe7faf7c8063456bc34610ecceaeda5a31109d4f9661861ff25524f115e9faad84b56c58168e781769c364e396ba293001

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d7382e2520cda5f17f7a5e175695e583
SHA1 f8a3fe12682eefff0b66dac72fc248e16808e464
SHA256 9f023f6bb67ed8bfe639a8cebc7b6bd5001357ef2a5b1e639dc7dcf37feed0c2
SHA512 8d63d57f709058fdf6342a8ae9313301c240bb8aa88c7914edee34d250eb35e49bb7233c3996fcfde9f5104adad79d51b9f5cc07f7477ea274a951d61f2fd4db