Malware Analysis Report

2024-11-16 15:53

Sample ID 240212-frwshaef46
Target d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c
SHA256 d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c

Threat Level: Known bad

The file d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies registry class

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:06

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:06

Reported

2024-02-12 05:12

Platform

win7-20231129-en

Max time kernel

77s

Max time network

278s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D915A91-C964-11EE-A497-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D9394E1-C964-11EE-A497-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413876288" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D9181A1-C964-11EE-A497-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2944 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2996 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1992 wrote to memory of 2488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1992 wrote to memory of 2488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1992 wrote to memory of 2488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1992 wrote to memory of 2488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2944 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 488 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 488 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 488 wrote to memory of 580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2944 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2944 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2944 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1244 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe

"C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6569758,0x7fef6569768,0x7fef6569778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6569758,0x7fef6569768,0x7fef6569778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6569758,0x7fef6569768,0x7fef6569778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.0.943043854\736859328" -parentBuildID 20221007134813 -prefsHandle 1168 -prefMapHandle 1100 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b298a7e-e1f8-4699-8975-9944fd6f1527} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 1244 4206158 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1268,i,11248136182931156429,12978597720036957911,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1308,i,11890911701535454954,11240383919158799980,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.1.1488213085\966310404" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {114d0d61-106e-4d47-bd90-b0c891e74674} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 1476 f3ec758 socket

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2080 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2072 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1308,i,11890911701535454954,11240383919158799980,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2908 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2788 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1268,i,11248136182931156429,12978597720036957911,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.2.1654260274\1401952002" -childID 1 -isForBrowser -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {500cfe80-9f86-47cb-a218-2dd2220fcc31} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2424 10f5e958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.3.806784989\2060404593" -childID 2 -isForBrowser -prefsHandle 2552 -prefMapHandle 1492 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f138bc25-b4e8-409c-a544-4942cc619122} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2524 e61258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3308 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2668 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.6.1961167220\1235158597" -childID 5 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b08a4bc-4efd-4e89-a9d3-825fd6b5a3dd} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4072 1fc22258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.5.1414710427\905474110" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96fe24f-3e66-4def-a1b2-89fded30ff8f} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3908 1fc20d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.4.136899605\560724829" -childID 3 -isForBrowser -prefsHandle 3800 -prefMapHandle 3680 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18cd977e-e8e7-4d50-a734-e36af54ce29b} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3812 1fc1f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.7.2033570928\1050903157" -childID 6 -isForBrowser -prefsHandle 4112 -prefMapHandle 3964 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {677825fc-03dd-4722-b87d-fd169c8b3065} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3920 1ff25258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3868 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.8.1815802363\1626147441" -childID 7 -isForBrowser -prefsHandle 4536 -prefMapHandle 4496 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baacc1e4-e5d2-4402-9d2d-e1f4ea14ada8} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4544 22062258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.9.2082508004\1311302596" -childID 8 -isForBrowser -prefsHandle 4568 -prefMapHandle 4560 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43500435-5238-4459-8b01-bad18a12848e} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4576 22060458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.10.501903417\1010835416" -parentBuildID 20221007134813 -prefsHandle 1008 -prefMapHandle 2412 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8433c559-711a-497b-acc2-bd5abcc166e7} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 1016 f3ed958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.11.222511612\1761225628" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4676 -prefMapHandle 4664 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc48903b-56e0-43c2-bfad-9c8c34e07f7e} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4496 17711d58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.12.1750177942\1183690425" -childID 9 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e95c3f-dd00-4017-901f-c5e4b347d550} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 5100 1e585858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1372,i,8210991719129780780,3878610130483441378,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 44.237.193.248:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.35:443 www.facebook.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
N/A 127.0.0.1:50332 tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 rr2---sn-ntq7yney.googlevideo.com udp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50384 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2944-0-0x0000000000310000-0x0000000000311000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D9394E1-C964-11EE-A497-46361BFF2467}.dat

MD5 4ca8785c0a9fc9c44775feedaec3eef8
SHA1 9854bf54c16433148e346ee11a7d7a7322ce9c4c
SHA256 d9bd62158a1ecc738d675bc9205ba0a7eb049f9380e4ba37420039091261c4e8
SHA512 523709c9aae44fbbeb7818ab09b917d7a3368eaea17ba82296f6624d48dfe6c8f60e8a35df208a776224b90111e67cc6106fdffa6d92019b000ab9049bc4abe5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D913381-C964-11EE-A497-46361BFF2467}.dat

MD5 c021d1bdb63efcfa4295e1ca74480d39
SHA1 bc3cd0333fb33af6ebd3dbb48df6b551830ff580
SHA256 54194ce8b991eb43d66584822166b4625dbe85fa6ef84d283f405d726db3c5b5
SHA512 1ed54b1b4c4075603a23c10e7e6b898dc212c20c39b23e6c74c2280f11e24944e7c2d49c6999e66302036bc760e1bcf4f7d7d76ab5a5c5c9dfab32c476648de6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D9394E1-C964-11EE-A497-46361BFF2467}.dat

MD5 ba1a83d24fb1f9b1ce42e06577978587
SHA1 5be4a0d8c6f77978fedb2fb2fe6753bfbaba203a
SHA256 5e3c2ce7a386a60abdcf23a406e8d634a7bece2449c532094fd8dcff08cc733c
SHA512 c5173c8b8840ab777c5fa8b855f9d0eb56324a9970c1d6c3d469a23933fb654ca50eb1b2a56e6490d6fdb5e4f7533caca382b6d19d957f9c222781f9afc912f1

C:\Users\Admin\AppData\Local\Temp\CabB18.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1ca4e4ffafc47450d48a616c9520ac2
SHA1 271a1ab0247e810ff389c4d486a5688b226440f8
SHA256 fe60f8d468e2c16defe24a977c12ae19a39b070618706598da4480c86c879fb4
SHA512 30b28e0a715d87de07fc5eab64f5bb6b1f54228727891433a281f641ed7191457d2d0b2b8476db3f32ef68cadd6eaf432ff63ef7f71a7ef846883b0ba910268a

C:\Users\Admin\AppData\Local\Temp\TarB57.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D9181A1-C964-11EE-A497-46361BFF2467}.dat

MD5 c048756e86caf163826f6c9750cf2505
SHA1 87568b89b20861014bf1b975e440e7679ec4cc57
SHA256 3f7e43e35812316603062e076aa4c74bdac398ca42f167f2e74a1976a23393de
SHA512 4d79243c810d21d9e284294dd6f3c65ac1e84b5d05df99ad51973ab293ba85b3d215700785177e81c1d1cb2d611604b3f6716ef699a9d3ac17134394081e7d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b711fd7d11f9de101a0ca518390b7015
SHA1 2c224aef71f76a8aa0634392d1965e31fa6533e1
SHA256 5bb782b2d8cd97b7f4cf700e391882a4b514400fdc4b99dbc100ade6fe2242a5
SHA512 4490edcd9ef7455fb792691665611f05c7e4956a2e3236abd3aa1cef8ffdcce720a26b26a33878f83499360b800603c052dcb6a40932f0507de2b8ef43a2a590

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 746de104abdd3554ab703ef1fc1ac9c3
SHA1 4db4dbb0ef8c1f866b9ca066e22670b1d0687c77
SHA256 1ba82a955542ed4305effba56af18d8640a0141a6303d0b1c5dfca5405607c30
SHA512 aed57af76f954ac21120339b28c0062648cf7e3eaecc5404b605d297071d2f605b28f87f53bdaebae7cce5078d4c6b9ad8fe16c24a5d58b213c93f16e09822e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1801A0BFF52C676E5F51CA71C5350277

MD5 79e4a9840d7d3a96d7c04fe2434c892e
SHA1 a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436
SHA256 4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA512 53b444e565183201a61eeb461209b2dc30895eeca487238d15a026735f229a819e5b19cbd7e2fa2768ab2a64f6ebcd9d1e721341c9ed5dd09fc0d5e43d68bca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 156bee2ab9b2014f3df9d40d79756fba
SHA1 06a33ac3eb2e656afd1a8200f61c6661959b5407
SHA256 c38066e3277bd6e38dea498ea3f4814e148edb1b64b2ca383f85d342f4efa263
SHA512 505994fdf378005b89a895eeea3bd66fdf02ffcc626fac7ea5fe10f0222cc62f728c85126d3e0c9bdc8a261a6ebfea2cd8673cba3ea6b3c19cd7aa23b0305d0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b4b5f8888c974c690c58acd520e10687
SHA1 45a76201c6dc803c370764d50c391117bf653027
SHA256 0f99edad3b6d70639fc8581b5af7b62be5bc2fb5e6dad1b0cd6d530cc8c38149
SHA512 6e0cc477c140ac19231ab33da9deb7b3e9c8a1f3ab2777924ba49d06c017d15460c7fa78956ee9cb53b384629011a9f783bfa032fca6b0511bec101fe853d03b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b7aa8081a336c63dd5c833717cfffd4
SHA1 b06f6c75042e85fdefc9e51eb5ed8d6c170490d3
SHA256 1f5b8b1e6c4fdbafa7702d87743dd21afe696712534ae6091a12b7f0ee1c0a6f
SHA512 dc2154a04c1b39d1b2b41273d87a9eb14e5369ff8549d78abe05c2df6fba213aa6102ed7dedb2177a1cabbd30261546d35a701b4e2b70bc463927cfb0ad839db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7d5f10f17deacc51f1fd126e4b5346fa
SHA1 b00fd6754bcf672ab673299ca3790d6f51c0a7b0
SHA256 f5e37e6ba6efa8c3e81ceaf4505aba9d01ffb3d0ec3f6adb882ad846a37f1bc6
SHA512 78f39f5798fbf4ae6377a6fb09ca5df81cb7dc40457f5da10a36800b12b0c69a3f02d25e353dc64826606f74d35c80ef6f666cb81280c02516bb87e93b054b75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f4cb3bbec41a8fdbba7e506534004a4
SHA1 fe3c04d1a6bb99a394f90232246c99b77204113d
SHA256 207cd184e84a4a2fbc5cd524cb28da00e709117120b2a887e93523aaa3d6bd9e
SHA512 a6afa1fc11f3a0a0fb147c19db24297c2ebaba491bad03b375a929c7cc29946bca585eca4f40f5551313df373b65e2978495d817cfd3ea8ff9e530a75e7ec8ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fa4b01d545c8593d70c64ca2e7e2890
SHA1 02891080e335574da02d521004183a6d1e8a870d
SHA256 356fbcab604e35076cc03382c1db822889cd73c90e6aef04b8cfe3151ffc15b1
SHA512 41fa5608c146826749489b30f2d8a79f784262316c69d297ba4962188b5134bd1d0ed763f563700367f983b332de2011d1c7f9f900203ae915b8165992f8d524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf6e3d179a6f25e4e04c25c7821c27b4
SHA1 52dd518f4000f0776180d6c3bd11e33462b49b86
SHA256 2ee82a42a08e7646853f779c0094bf54675e0238edcd8d6df11ab15ebd57dd0a
SHA512 85194336febfafc5a910c82306e638aa91e2592e1c7e509c22e6611fb0dc96748136fcefa0c299d3446432ad015d9ee7e9a760d4f2219e50bc0e3b24f0c3702c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c8eacd4cf318bbfa7f6dc1bc1061a80e
SHA1 f71feeb56c1e9faa3b22e990fc4fa09b02a359a0
SHA256 d17f1c14e1863c20cbfabce1f8466a395d9f79fb46e6a712d4a275269ed724a3
SHA512 79d8480f5f2d56746fb2d039bbe7f4ce184c3aadd1cf08dc8d7aaa52f3c084a754dd32b009f8a86948449a455c257117ef60942a223f06a00ea9a3160fc54dec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 2db5654e66ab9eb4933edfa922610dfb
SHA1 46a58ab311df057dd163e148b50836e40741760b
SHA256 addd96cdc826d390b46bd0b7bca79d3285b3a59978ec2b3bce6e06dcc4b4fae4
SHA512 43303887e3f273ae24605810db53749790d06862df2501c43aa7915190ceb943c8bfe2c550fa21ea434d707dca53b330f2dc5b9a5def1d7a5468245e24f43d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 bef15dfbaced68baa17063480d697ef8
SHA1 4c3c590f5ee28b14ab16c17bea4c9f01661626e5
SHA256 7a3ee1630e9ecf6e077a30b5d0513448b48ff2e67491f170fe54e77b1d3a15ea
SHA512 72400d18ec28c2546163562f4dc5a25aa4270691e6347a550a7b99273b1b37b9e2b9bdcc3e84a7f40f2d7662abecbdab6141f704de855e7b8f2876fea70d0182

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302QX1Q6\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 12ee4c50beee2cff8695b8759c46d9e5
SHA1 02a706b0fab0d8a7a004bf902fc0662e20c7fc05
SHA256 c18f2235a6da1f908012c39da95ca66c3aa7514cf6dfae0d5d7d221d0c7a88f4
SHA512 042071c80b68abc3d4de6ad030f5f9edfd84ef8157ad04fa8f3f7019a5e2411f188afec5f4d2c7ea2448d8b68baeef7ff61f2c91707c2a89d1c2a3305795c31c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M567JS1\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 a669af8e96adee621f62c991e463ab61
SHA1 1846337abba469e4bfa81d0085f9b9bb794d30df
SHA256 81a935f711c339a95c2345d983b366b9dbe825a3aed43750466c8b3377dd5efa
SHA512 8f16f565b63fce9548535be04b3332fdce7fa25f7eec5b1ec0d0883aac35931102b66fb758a790c19b310dc4539e2c40dc342fafc50dbbc2a818d3900c865238

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 74bf9373e162d1be14e179a83e134521
SHA1 73c83910a4d789992e4f7365bc56137e3bdf988c
SHA256 7cc85b998f05151910b6581c79fe76eed298e38213e06b128841e9c32ee73d18
SHA512 ae3b2847df5585acc95a3d0d250412a1a4be91ba418d5fc7dddf57b541ea8df3c47755f35b7769e98830e6cd55fcd38810924bfd00eee4f41c78cd070b431507

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302QX1Q6\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XNGQQLGO\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LF8MFNB4.txt

MD5 e5028fdb4aa823072ace8a675fed0fa2
SHA1 1f41f83b2d26d1488e301f3eea40c8d617250c24
SHA256 6b527d8c0b8821a733f9f7b6248e4affdf87536f5e3e5fd5bc21997d11965bc5
SHA512 864cccf53b6df7410cbad0f60f26afff2195fe0f9bc2a6bbb4a66ec984530d4efba071e6072d01263fd0f58db0a9495d03fe25d9f0a99f0262182db74947ec73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 91a29dbf5ec3c0299868311254d5b5e0
SHA1 122b660278ea824775c0a048d893e0fb68a85688
SHA256 9fe21325bed7175b8e7b934616a643aa2b1547b1d4ff312415e794765053d0c9
SHA512 c597131e8aed619aa8e59a50f837364117762fe15b03f1f68a9a2870316f7d872574f361e9693343b708dde6403188a752eabf3e74572944149c85118415d8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\302QX1Q6\favicon[3].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 2c06722ea46d08790173fe123df5b4aa
SHA1 1d8b17ef1a382f25c59c89d68239073ccbf9c8a9
SHA256 72dd57390b72c1af1081122a6e5117a7deef91d3e048c115864fc23beec5a2b3
SHA512 e6b895532f3082b7c95464635af2e8ac6262805dcbb8ce2528fe2fd3e8ac3e9576d98649bdad9a8a46ba256c78a4084fbf5e5c1a2d78571cb4ca4652a5e1e360

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 81a022d9c671da997b0560dcd294a91e
SHA1 ac16bb77ea9a90c7b5f40523c832feb22d071e63
SHA256 e0b4df3708d3198fa3f6875ccdb5d34cd409c69a16d73fcaf4bfe4b2bbf89c8c
SHA512 ab55aa6f25b99f97bb0baa07cb0a25869099a9f39602bdd6d2a19f5b2a2b5965a68d968ac5a880085c3935ddf408d88350e1a98b9591005400d97a9e395165d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13913b22752cc7621018621c14eb167d
SHA1 4637387c1a79a44f8108a1e69c067860080787e7
SHA256 9a00296578d5683d06be1ad92be0afe2390f427059636fb77ac5901a1142dbdc
SHA512 46c09687e4c4a8d346f111b9e259e0f1c5bb908245876d499414fd8eeb44e0bee0582f62e3b9e08099b82bbdb29c7afa3f03042a3e82c639cee562b2c85e7ffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d08b930f7efc5b518b871ca2b516fed1
SHA1 b8b0a933df058936ac08c61a7b31168ee53c935a
SHA256 afeb107605fa6937da06ec22f3753e644cff99ad353a3fcf79b0c1a7f51da2ea
SHA512 53b304ab22069abe17d696fd14b8290f9c318a1bf60d09e69a90da1a3ec3301523ff3ea930f24a564fb0c99296771f171481528bd0f5e50d5fff547ae1837665

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c10b47d588a6855dd7d7c6e1153bc60
SHA1 c8267f255f9e54cfa61d10c74acd05732161dd59
SHA256 a1883dd65f2643db398ca6b11557ed78c074332dbd27e9fb453f1861cbb5d65c
SHA512 246186105c44d95b779cd73a49844731d7d1c788cfbd58b7e469bef6d3e560e291ea48d2f0ac16802abdf70703521bfb60d9c07029059268907dff73e22bc66f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f85be1c893eb0c29a822c6a64d575f9
SHA1 931e1d0935fa55741773fb2f4406319f6a0a0b37
SHA256 b0a3e838070a000f20a0f1610afffc3aca64c638f9db0749c7ffe8ba4df1d4f7
SHA512 80308143b5364c9c34131a4e91dd2726ba48b21f41baf5ad66917d728701dedd7cdae969f2435195c13946a0f2fe13e83b42da8fc06f7aaa84f21975f5f78f2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54e6cb451d6279aaea5fcc1a63c0c938
SHA1 39464842b384f7d9c19a57c9ee441d1821955395
SHA256 577e72b7b929c09153e06751618f9f39bc2ab114e404ec9c53f435a38375eb03
SHA512 d86aa7e037fd965461a48cf43790a3a36f35c5a2c936b6c9134d650762790c2ac281f3b623f9baf280e9190cd6b856b5ccd5468ee9c5f1eaa038a77af8ac5f6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f802c22c8948ecc17a51d6808f4b56db
SHA1 e81b131d54d528a6470236899f478e99bb6eb5f8
SHA256 22bbc80d369a7a2bd344a8313581d6fc680d3105310634bde743f947284d8fae
SHA512 8fb652885113a54a39506fe86131b59f640e72e787bd8e364b2cbb4f15036abefc46d8bd77cbac368155274309a17f87e83ad6a3562b3ef703ac6cfc86047361

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0c37bd4bb7673eb9df977eaa0da8e6e
SHA1 ba85f23f0da413d559ec3abef8847c18dddb384a
SHA256 9701373936ae5f60b0dc5f533ef2347ea367758a4ef3158c2a921dafd0ecfaa5
SHA512 3ad3891ad13c3c9bc1833d2066b4af9c11bce506af327f15baf7a489d5a81cf5ebb5633d8d209c1cdd57f1171e364e09d57ad00a17f5fa2a8e2efc0b80459fd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a13f17a13955c1f62ac50369428552c8
SHA1 b4212fecbbbac02c6f4b9073ac8f4854df77f2f8
SHA256 676ccd3169be129d987021d4064d2eef900b12e4a7bdd7e6a842c0ca296473e5
SHA512 ccf0e009c9676697d9ad2a037cedfc8bb0f0ecec0427504cd805c4e21ae6534ec7544d6d89ab81634a38f1be385e028c550ddb2f40cc2151712ef3bdb2589ef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d83e9081d8b467991bac12115b7ac1
SHA1 9c988b79869db5eff4ba129124909480d4833459
SHA256 4f33a34a8d83352db02573f2f50a64522e9fe8de040ddd1dad5e3f95960f6d26
SHA512 30df6b27082253b9ea66908eeae6542c2597bc0519b99a18f250e46b5fb20aaec6c17044f8e7335a7d09453d0f69868ecd1d6ee720d30b5e82584efc3bb773fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00912f30c33ad6dc461129f2456d12ab
SHA1 24053de51b5c41835c673920726b8b0a6b75f3b2
SHA256 55345c971e66da307b3da623b359f110599aa3b84451170dc324745090727161
SHA512 8d8a00d2f9d8705fb7e6e13f473b68f26175c60ec79dcaa615b4cc3ea491ea4bb56de93765055c10028f8c592d89f8839ebf0ea99340fd09323965c6b4369885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15e115d6f2b4c434b5f813ceff3782e3
SHA1 84932538ba5f3ab8c5d91d40ebdf47d0f16ac649
SHA256 7ee5040e69ca6717bbb5e0066a42f5568b301db4544aa15b4f241151b5bdfc30
SHA512 5b14baba6dfec50a7b0dbb55b33c60f591bc9fd65e57a7fd0dec175f3588eae33b2c0a5c3e65333fdbe2ca3ac496bf7e973c98462b93fa3b3b5f63aa93522c54

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2944-1022-0x0000000000310000-0x0000000000311000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2960_NYZTPMDEOGNBRWEX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8b320c91c257655daa412d7e8a12ce07
SHA1 58337bf1b6361c90efc115bd09fb4cbca4cff7b0
SHA256 cb28c877ffe76d760357d6f7b4cbdac28574899012c51d4cfaf1d05c5e63766b
SHA512 3f95e63dd47a68a9f361639e0c30f522b75a70257d350e59474c37e285e3f65615b3cc70c8e62cefcc4c7874bfcb0c6938e6eccd0d3d51b801726eb962c6b73d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c9ee585885f679450d5f72f6aa513883
SHA1 c92a96a08a532ef320ce96930c7b575dda85b22a
SHA256 a3a3648e31f00853103e3444e190c8e201dd5bf9dcad0e8f22a846b1050f068f
SHA512 0b11a6da01ca28b385e264510bcc58c120508c6e9a46e87015f448abcedc7d478feed5c505fb330fd9820427dcf49955c9c64d7c51f4a283d8b4805ac43cd5b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 d0dfece2f05f9587032b1489feed38cf
SHA1 2612a6dc32dc6c5de65b0396e59195f075bdf242
SHA256 531ceee640b8739c26c19a011387e20edf03a9049dd448c958fedc086157b881
SHA512 001a2669425d1bcf4d4d60a3f3366d46129a102f1ae97f01c7949aae0f7b59b03768007ddca9a79f260bdfb57259d276707a4ef5005013be944129dc8cd3eef2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\be930d11-e30c-46df-a648-0b5cead30a37

MD5 1ac30b8a6e280af40e5642c9fab3c9b0
SHA1 8b01493f39241e3dba9a56712d69edcb34f522d9
SHA256 45a012cc205d56c0dca12dd2531c11f954939499373802171c302db59c2391ba
SHA512 c2457d352ca81c96c528fd6d3978b5a12fc07b7f5b6c513e3fed200f153f7625c31416ffed9db390a6ece4a3f6737bff86220363bdce48485337ccfdbac9d01a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\accb74a6-34fc-4d8d-9f26-9fa68acca253

MD5 80f51f98d379782fb0e583ec5a7e0345
SHA1 880486a06d18f7f657ee36e6b8535bc139e33c96
SHA256 4e9f6ebf09d68877cbfcbb56e3fcc4a255c8d1d6539ae6f0334afc3e95dac5bb
SHA512 cbf97e33c33aaab5a275382d46b8539e59bddf41a714ccc6374b4ae91e6f713731c1062ac06d97d3204980381035af8262bdf128c94b57955debc617284d8a8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 a3034ad0fb16b105055f21c070959436
SHA1 88d3522f25edd8783accea3497336721ba6c2a66
SHA256 0a7635e7c107eeac4c7c703d983e45af9378caa6e174417be17680196b0da4b6
SHA512 562ee4e6dcf7cb9c848e8a88fa88af4330a868e12a3ccf4f9214b820970d6e21857328b462ffd8a4e20fa67341af1d2c671cbf26164391fe19537b3c6d7920a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 92c86bdc0843f2bc8d8744d28536a162
SHA1 fc41b66bd5fc0a3dff8f8adaf77ee09b0696d152
SHA256 fd0a8563e94f9cc773d2526f2624f0eda4da1533bacef91938e683f3169f629e
SHA512 53e998a5d8e923e5e63ae1a8805619cb4e7027c8b24ba0b987973f6ad62f42210b959bed44ef935ef5454a75ee64caa32bf033509ddaca0d440fabbbdff096d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 752a13acc261ed17264558c0d30e6a5d
SHA1 b0ba5b03329ad9c200dfbabdaf7c280fb961e449
SHA256 8913b4803aaf50c98620901523ae2a109717f6cc2c01f18fa6a536d90f4fefe8
SHA512 4c5ac53acd65461cf147bdaf16a0604f9cb7adb0172f2b6f6b095a26e820ea11542cc951576cb05e798e830bb91be1791ed660a1043cb2496105bd54686f20ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 f0e0b973538324877d560893ecee6341
SHA1 d8ec2616645373ffa843b836e79eebc1fc0f5926
SHA256 60d2a542eb9d07ab71d11fde6604d9ee43b02c60a1eceffda9f3ab359cea3b6a
SHA512 881a78b1e286e21690a9fa4f6c776620ebe0325cf1f512213e2505bbb343c201e3c569ce03f2e626f40133ba8e5d8e218d41faa007078745788f9590d24f8e32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 f7f4c88dac71f80e015ae5ec30f70df6
SHA1 be9ea5c2eea7de386efc1c32143e12c014c209d1
SHA256 1bbd504e27c8f52250630490bd1e02f6170db114e0fccf4babde8965c0a0954e
SHA512 a85b3aca286bbd6851c2aa6e2a88c4eb6a71f48bdb361873f681cdaabbca5571dde33fc4f5a5b377d9cb90bde437611f67d78da4e94599ad4b51d537c22399f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 5420d87661bac0cf62acd7d72956e05c
SHA1 0375b6ec4628a0fddb95521f64c7b62ee54fd90e
SHA256 e119b54d8657989bec05166328983d0ec3b323150e99a1ce2a854054fed654d8
SHA512 9f2e0a5294197b82605e923413b14e821282b1d04f29908307d8cb46cd5fc09091dd01d68cb1719e3e97ee04f70c246356084849d502d1243dd919d7af13109d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7682c7.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2a1975840c0d94925b058407c562577f
SHA1 a4a6469d6e457e58e74ed7ee531b595e98d7f7f1
SHA256 285c7023bc9904e1cd6407bfcabc988e9b8efbec2b704319abc522f40e4f3c69
SHA512 0ad0ebdc189c1d1dcc6ea832a2c0a0cfbe3b90aff4a7fd391154457e591bc29d1047a1ef279f8ad99586a60383400c3fc0f2b42de112384dd42b1ac8ecf81b31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2960_998476570\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 064a3966f61376baa5435059dd8a29fc
SHA1 44864877c30dab5f056af64f81078b9df2d176c4
SHA256 806cf2c9733f3e5828c4e7b683aa7e44c99ce9a742d436303980ff29f17fe0a3
SHA512 b3866110f3f5f0a2d131109ecc46ca1e88e6079e03b0aa02402ebc4de190e58444753801dab7b7bfb2dbf3bed02925bd57cbafd2cd97c09b297f867de2742a1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\19\{d2d6249a-51c3-4f7f-a27b-94d47bec4a13}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\idb\4124805860yCt7-%iCt7-%r6easep8o.sqlite

MD5 7dd8d548e40934721409605db3f78110
SHA1 bd9016ec3b6243251b8b619d102be9faa0da7559
SHA256 a27cc6b7a0c85e08da6eb08b518cabe28c0e9862214cab21f975d775104242d5
SHA512 d888f1aa4c3257748914c3fc56acde608dce8273a35dd83295b1a38c39c039a18e887e76438c9e0e3ee9ecb3ffbef2d68fc9908becc80a66cb84d1552e67b706

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5d250bff75dde7c3e31c2b07891f9551
SHA1 4fd8885a4e286093074070d98200348890c6b538
SHA256 a42815e00df3ddc01e9f81a7401fd6d10eea409f609fdfd18816162b9012e836
SHA512 dd3d54bc2b8657612dfa28fad3225e5290e6a955b8aa9e46a8009f052f51190c6991da8d1138d2e0415fc092b712eeb502c1b36ab5db1ec6f06fea5b84c47739

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\191\{07fdcfe1-f215-4aa4-bdd6-45c488de70bf}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 4c2ecc1c1a13d4dc120f8cd5e6af4277
SHA1 ff5a8b6b35a3fd34291ebf46d4089334383c1c94
SHA256 78f828fffc24aba989790610e21d364160f07994a23f0eb1db0f029c278f64bd
SHA512 ec532e0988e962bfde104b15c2128be1b1790f53508ccbb1c82f89e079b8c1c930a3141e2ad12e9feb675b1a604f9dd1cb5bad8fc96f281d9e707f730e075441

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2660b9a088cd910eb29299c87351736e
SHA1 6b140ac8fda1ea7fa6af21fdf06cd4c956de1a3c
SHA256 285ebeb798d9e0cb4b0b46894b51bc165dd9e5de716029ffbb22d124a5b15ecc
SHA512 4844464c37f6c81ea807d1a8ef68cc8cbba309cb01df310d953665defeb485de6dff8f9be0b787c24e359e486ab03e3d388fb0bdc3204b2511b7ec866ed5a28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3a9d813ae123faed95aa05bff1a0a65
SHA1 963f31c4d106cd7bf019778440f734bac3b5f21d
SHA256 01f51490c97a62c7e7749839995fec9b3278ea0c5556242e5449e111560acf1d
SHA512 79e43a0984c30096b9234891b23876b9ed15b5299b96742383b8431e52510364feac13ffcaadcf3abc5a4cad3b75c015daaa3f86e1de268bb58e4ad5e05c4ed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fcbb5ba403e5b924a14b36dfd8f7c66
SHA1 b801b5dc907f072ca4a79f5b14b9531c3e293bfe
SHA256 32b6283e88d3b2c17a6f178c38fb91ce75a2fdc271daa24da0efcbafbc932d1a
SHA512 f269d9ca3b7fa3a089772871015cd4c5b0f457d0e975a5470881e0051bf28e41ac0e82db5ffb43800b0b4cd9f472ef69c24173c5628cbb8e30c984b32854679a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08031a6799498d44328d52497f229340
SHA1 ab0c2147936908f1fba30a28d6f4312a64b5ce7a
SHA256 cab3a21beadb59d54fb2284f8de696cf77074c60f9278c037f692bcd4d238436
SHA512 8bc0e6877dd8668e8077b5d6e7d864dabfe7a5ca763c58e2d4a353343a15e53e801a208736af5fd518ac54399dd55193413d64e736dea16238a847ae2ce9b7ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cba7360f859bf3f3d811cedd4822809b
SHA1 654aea5a81569d82445980cc61c974f01fb63851
SHA256 5e6abc2a0b2fed2f9b25ad8c38fd36a11b64b98254fae829204fe624d2a4ae99
SHA512 0c459763f9655532bde2f5f8eac27ebe29a0d9a44908ab3600dd77f623a00fa11b419f2e977b2b659b2bdf1a456898048f9d9bc8bc60a75b79939bdeb40b1dde

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 2b31d81533d618ceee0b41608ce54743
SHA1 63ed10b0a118c2f473535502549f9983d0dbaf1f
SHA256 f74fc620d840ecabde7d08b84700929fe9189938d3a6ea82b46ecea8858e7be2
SHA512 cd378cf92f171439f83cfbf1d4571de7b770241cbb2e1fdfe73185a1c3549dede5d661fd0d757e3834849931afd99ae860438fadeb3eb2daf7c1765f89e54b36

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fafdf4de-0b00-4765-9d45-f6383101b4eb.tmp

MD5 5dba55ad63e47c9f3f6f2d9076daac60
SHA1 fe86083bd96ce7e1709d41ea464c504c39b31835
SHA256 99c987d2a40f352ce7e80d58f484cf3e639036496ee0532f4c387f5e182604ab
SHA512 4375d0b3553e84da7c5574241906203e7997f603ed8260cf54afb6743ad1eca4e2eb8bd119635c5396f7b07af9d0193442a96ece2cb3c31509f03551cc064dd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25df04a5e72c7f568a1db5ee1a4c636c
SHA1 9f7de9f705cd60238918b8173cb41adcabc461eb
SHA256 38a148ba5a80cacbb1fa34d1bdf82816bd4f6b2e872cca4407620fe8d835d463
SHA512 ecba2fe5e7b678f106f5e32515daa7ee894aa09c7da9a369db08a2bd7b694feb7de4e98bb8d8ae5da7eac3e49d2c9e2298ff2e0dcb409835d08722074cdb4788

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 73b51b7832676b6921ca248575c64eb7
SHA1 f2e1b8d4c67e58438a53c02f453b84f6cd97c9e8
SHA256 30dca7b51709dd0736fbf08184a0b5b71d345ea7d3b01ccd932fbd0384e487a9
SHA512 fade27fd03b6d9f231215e43d6d24be7d73b42f176b0ad92c09faac03497ea5c909bbe905a49b2fee9c7378895e0b4129f382390c0c36f9e593833eaa2ef5aee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 61d6b8c8cfe04bf8a9caca12f56313aa
SHA1 4a0a89882b0dfd4abc0b93865d05204e453c7c9a
SHA256 e1d366e657700c8524c7dbeab53e5ff8bc76efbe2fc1bbacec25a10df512f6b3
SHA512 6dd9f1700bba1632e74f49b924805eda344f811ee289b83d31677efa4a0c2739c152da6569177d7168eb84e7438de21f66f89209b316c8387dc9691ef7d1c74b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a6374e86b47d060127f5212350efda42
SHA1 06b507aafb1bbea0778906d4bc0946a9178f4b13
SHA256 96e2982ee3bc03800dcfb98d063a958d2f2c83cd909b786f453332152f24212e
SHA512 3edc07847b89589c3ec8c029ca51e6bed6ea03b496070372bdff15c19b9d767f636642cb4965cfe80e50b7e9c3c933d639fec50a0435e62e632bb06a5c50cea2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80db93b9dd2c637f8aa97e8f7979b391
SHA1 2ae491a06280a338d1a2baba8ebf52dc03cbaadb
SHA256 5814ad21a22ade651c3aabacd55494b90e8128002c7b35990fd5888bc9e2f6d9
SHA512 860be661530002a16e37cbf0f8916dfe69689fd470c88163b3d68b6e8ebfddf7f149b375857579d84a7c72dcae1d47e99188cde7077941c4b9f8e116de1abeec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc06f0fcc0d082c01399481110c7ba35
SHA1 cb9c67a8aa3d2129ce0fdca204500268b4cd97fe
SHA256 d04c861aca3f4a88eaf8d7bba7e1cb55c31ce61a449eae636befc78c573699ca
SHA512 0f11b063da760b6a5fc8c542ea003613e02fcbfb52b82b78ac32ea6021f92cd9c0c911698871b697dbb815faeacd5462fe5a78149caa6dd6622c8520125a432b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e83ce68a36cc220e3218b7057eec8d3e
SHA1 62a5b90b0d6607496a15bc2750693c1a5fd9f846
SHA256 f37f9a31c26cd09c7864df92831925132ba5b5fba9481a4e3a16eddeaa4200b0
SHA512 bca5895c22d90456886691aaaf547f2ea1c96b3e7c947f4b50a2e66135cc79076434171bab49e27a0786209426cd1ab0845cd44792fadcd48df461744c00f472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a6386c27ef76aeec652a4aa4151ce607
SHA1 95a5028d6a9d7d978add90cba9c74bb2ddbcc0d8
SHA256 6a381e1423acd123839b7680744606475a8b3c441d4bf32db566c4005f0826e7
SHA512 51eab47a969b6435c962372556d25b4e400dae1606202cb0a883f36725a7ac2e8c5ac432869fcea8f7dfdd2aed5ed68b7b1176daaeb4daa49bd5a1587b43f290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 55afd659bb86ef88446c49821f4f138a
SHA1 c40638c4c0f60c26e7c71501eeb873401edcfe00
SHA256 fa3f67f5f568c2604e43ae91f4b788ec806df91333dbfe8995f2244b6ab84716
SHA512 8c42d9b1dad871e4745708b900183f0b7d3bb1dd108007facc881de3f683fcb8fea6a1b22df2c249b7f7bb14f2d72fa80404fae4a4efe2624ccc236e921a4481

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ed8d4b6b0b8203d4d94803e9f67eedb0
SHA1 113269fe8c5415deb52ed63d240bff7904be2d8f
SHA256 7a071d5d6fc7885e2ee2a364cd444cb9d0bc32676ba8ec796f2a1afb60a42b1c
SHA512 b76ad63d77ced2905ccb83e8c33a1edc469edf5518bd86d2894b210b35489ccef9bf0308134bf18c92cb7c1e1f3f9af448b193308fd671b01778ce42c4016c10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8493eb66b101dcf54865119ccd5bce4
SHA1 3d1bd3e81006e77eee587a564fffd9405a0e80e1
SHA256 5ae03feb9838cceba23a79c3cbdb870a88d43c691a6942ece39b1c41f4619e85
SHA512 4e12a40587cdfee4d8351e625f05eca951d4705fab70794d007d602a1593523dd5e48d0c87972cf2aec02f106b1dd3cbbfab30edd2d03528c3e08bae0101aea6

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:06

Reported

2024-02-12 05:12

Platform

win10-20231220-en

Max time kernel

299s

Max time network

287s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521882331989971" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e012db54715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{2BA12814-3378-459B-9F24-27799AD07288} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 79eae26b715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 9744e15d715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = a0c0a3b9a35dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2bedb454715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414516575" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 1752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 1752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 1752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 1752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 1752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 4380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 5260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2956 wrote to memory of 5260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 316 wrote to memory of 5556 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 5556 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 5576 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 5576 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5556 wrote to memory of 412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5556 wrote to memory of 412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5576 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5576 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2332 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 5560 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 316 wrote to memory of 5560 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5560 wrote to memory of 5652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 316 wrote to memory of 5700 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 316 wrote to memory of 5700 N/A C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5700 wrote to memory of 5732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe

"C:\Users\Admin\AppData\Local\Temp\d9e65cf3382676af2d06a842ab9a1e5459c9ef96f4818a935d44ec26fdf5f39c.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffc71119758,0x7ffc71119768,0x7ffc71119778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc71119758,0x7ffc71119768,0x7ffc71119778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc71119758,0x7ffc71119768,0x7ffc71119778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.0.164408319\1046945924" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fab18cb9-47ce-45dc-b75f-42392190a62d} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 1776 221fb6d5858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.1.1713469144\1741449181" -parentBuildID 20221007134813 -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de8fc60-d3eb-4191-a2d6-f5691166e496} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2160 221fb5fa758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.2.1163602959\333456579" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7941b995-196d-4b65-9143-ff66e1028170} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 2888 221ff7cf558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.3.1157015832\2076627466" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb16316d-a090-4713-9c38-7f1d16deca05} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 3616 22200765058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1848,i,3654282693493713064,15052694292428287365,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3684 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1848,i,3654282693493713064,15052694292428287365,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1864,i,17689712007963245795,12553304791062515201,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1864,i,17689712007963245795,12553304791062515201,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4720 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4920 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.4.1808246746\1282031874" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4592 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09d601e-046a-4b1b-abba-03105ab98e32} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 4632 22201d44c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.6.1119514157\1768734274" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4824406-99b0-457b-a54c-e06c1ad18b05} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 4812 22202089558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.5.959623781\926843023" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4844 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a0e6951-4622-4255-80ca-2f62fbe2a210} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 4828 22202088958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3552 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.8.681889170\517023223" -childID 7 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2eb739-d683-411e-a618-f47c378820d8} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 5412 222026b7f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.7.670149008\2135095637" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5048 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcb259d7-0f14-46c5-8585-4fdfc7dfab47} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 5092 22202123858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.9.385405016\619571489" -parentBuildID 20221007134813 -prefsHandle 5852 -prefMapHandle 5864 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {741df5bc-94a9-4e5c-9265-e040485a9c22} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 5880 221ff77a958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.10.326308506\304421910" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5896 -prefMapHandle 5908 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {013d94fb-258a-4172-ba6c-a393d9694318} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 6004 221ff7cd458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5652.11.2102983415\183316162" -childID 8 -isForBrowser -prefsHandle 6316 -prefMapHandle 6308 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c566ebb1-5b50-43ea-9a66-7f507b679817} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" 6320 221fb93d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5728 --field-trial-handle=1856,i,14922219899409634656,6735631991833637509,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nsr.googlevideo.com udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr2.sn-q4fl6nsr.googlevideo.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 199.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:51067 tcp
N/A 127.0.0.1:51075 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c49.gcp.gvt2.com udp
US 35.211.148.231:443 e2c49.gcp.gvt2.com tcp
US 8.8.8.8:53 231.148.211.35.in-addr.arpa udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp
DE 142.250.184.227:443 beacons.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 195.196.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
IN 216.58.196.195:443 beacons2.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4480-0-0x0000024331A20000-0x0000024331A30000-memory.dmp

memory/4480-16-0x0000024332100000-0x0000024332110000-memory.dmp

memory/4480-35-0x000002432EFB0000-0x000002432EFB2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WW1HZGNW.cookie

MD5 dc981b9b1666e5a10ebef3a374a50afb
SHA1 aa78af8f875df11e20603f74b745a950fef39cfe
SHA256 2dbdc277a3094f4b8c06ad844b558bd1476455fd9d01a1bbdc754f74930a7085
SHA512 ef870ff76d992158ed2b64fae43616a74d4d2e3adfda52a0a5daf67cc16653c98d9a258cfd4d3b6d754a7534a2cf0700b2064ff3987985be3bc1624642a0cf77

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 17a9b4591d34e5e9ec1adbc980e83647
SHA1 9bad272a708001064fb8ca3b3080aefb25db7cab
SHA256 685372ca6637b4b8069d101afac7f455c68488d6795a7f3abfd56d277cfaffca
SHA512 04647a4ef890695b2ad479497b6cc97fce07e34ddc9cd480f4a2ac2ce9da3148cb29f788d98ec530e859d93177e377cacbae50a9b5fb070d8ea0f199a64eddd7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84399671593da44a0ba79922793204ea
SHA1 052cd24bde192bb7a926a1a51a4eb176078348a1
SHA256 b1f4f4eed7d591d91a32fa2b554785cf5428814c0f861d1d92d4eebba6174096
SHA512 6119971848d14638060acb6359512ba9b59f1e1a2abb31bd093f691760fe55fcd7517eb026e587c93490fb0f64a00736fb247801ec2c19fa0a7e4ae612f0c264

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MFS41M3N.cookie

MD5 761ecd9b8ecd1aa88901d53411520498
SHA1 602e9e5a7f944cec4d4e5719fa76112ae98834f3
SHA256 8f74c90116885776987d16e05a3bb0d0a970fbb03348524054579237b3753c2e
SHA512 3fd464ea7309c31b38ce0a328268d15fd2887f19aba2e11f2de112d18a81a3b2803a992f21f6e9ac39c3a2e85760638531e22c56fca492ca0e5e0a0793fc10c4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YT1GDBA2.cookie

MD5 6cf29f8a5556a86be58248d30630744b
SHA1 8252de9d38f98efc599466e631f223f37e89d124
SHA256 a867b9627a7c3d4a101410ec2e690220216f239e236743496584d2ad1bdd8942
SHA512 5b2ec73cd93238fdf7c48424ec1ed1a437458bd0c2c13ce4a89b64ea20e85e98bf63999bfda2ede70825c724a2be96e4d92eaa7343899c3d8ce737a9d04638df

memory/3780-119-0x000001C02CAE0000-0x000001C02CB00000-memory.dmp

memory/3780-133-0x000001C02C660000-0x000001C02C680000-memory.dmp

memory/688-191-0x0000026DBFAA0000-0x0000026DBFAC0000-memory.dmp

memory/688-197-0x0000026DC03C0000-0x0000026DC03C2000-memory.dmp

memory/688-213-0x0000026DC03F0000-0x0000026DC03F2000-memory.dmp

memory/688-221-0x0000026DC05F0000-0x0000026DC05F2000-memory.dmp

memory/688-230-0x0000026DC0CF0000-0x0000026DC0CF2000-memory.dmp

memory/688-236-0x0000026DC1110000-0x0000026DC1112000-memory.dmp

memory/688-240-0x0000026DC1130000-0x0000026DC1132000-memory.dmp

memory/688-246-0x0000026DC1290000-0x0000026DC1292000-memory.dmp

memory/688-252-0x0000026DC12B0000-0x0000026DC12B2000-memory.dmp

memory/688-261-0x0000026DC12D0000-0x0000026DC12D2000-memory.dmp

memory/1752-283-0x00000184E7FC0000-0x00000184E7FE0000-memory.dmp

memory/1752-289-0x00000184E8540000-0x00000184E8640000-memory.dmp

memory/688-378-0x0000026DC4B20000-0x0000026DC4B40000-memory.dmp

memory/688-380-0x0000026DC4EC0000-0x0000026DC4EE0000-memory.dmp

memory/688-382-0x0000026DC4EE0000-0x0000026DC4F00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\13ZG52SY\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9F58T3M8.cookie

MD5 505b8041c33e9661be1bf814ed5162f9
SHA1 f51a692c3fb003a8dcc40195fe5772540306c9f7
SHA256 8d53786bdc03989dd7256a78f3fa2db14d3a61fca73424fb7799e26f31df8e8d
SHA512 31b6d55983d300a762c9f125c4ed4c1a7fef7dc0ba964193394e98c47000071bf1f02e70f72a09b4bad690aa4913b6e286d2238dd6bcb2b434e6bacf33c5ae2c

memory/688-509-0x0000026DC2BB0000-0x0000026DC2CB0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 7d4c4362d06f2124c2c46952cbe73625
SHA1 7e87758c1e93a331ca26097a0f456faedec2dfea
SHA256 2fcccaa39e61defa495d09d9e42c483c641acb699e0ff0c5cee00e4e75e94c5c
SHA512 bae11ff8180128970b6947b8eec6b4218e86a8236b0d98fdabfeb658229f8a66d74d8f19e5e902ae35546f27628dd487cce554e123da80550ebaabe293558ea1

memory/4480-550-0x0000024338470000-0x0000024338471000-memory.dmp

memory/4480-553-0x0000024338480000-0x0000024338481000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JCRVIALL\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/688-608-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-609-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-610-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-615-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-617-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-618-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-619-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-620-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-621-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-622-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

memory/688-623-0x0000026DAF1F0000-0x0000026DAF200000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 4c61d83ee8b645103548ff6c8d292259
SHA1 7125f872947c69b0ee82bf9eee86b0a66f05a4f0
SHA256 5ad4456b7d9156532d11d4b5d96c7c063dbfbdbfc308e9d02d4525ddc0185d80
SHA512 e6abb2638e19182d8d15984f8812e43996c4dd3905cdaa9e60cabf439cbf259e08abb0727c7cd92d148c48ceb164b1884fa8e893c8a918c10e5b4886697ed666

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 58588fcfe5c07e82aca70c67e5fb2a06
SHA1 fc098151af6d485ded2050d62904f6b534176102
SHA256 ecf7db7b395b4ccc84e1e900d197f2be7565f118e5780df94cf14d9386c402e6
SHA512 3c6e76178cdab88938e51fac168f295655fb1c055b58163eade45861acf9eb43a1c7884a1c4d320eb7d4a70eee5a2ec965fecee09b10fcc8a13d18500d02a4e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\jwbl0en\imagestore.dat

MD5 1ba179153b7fd90b3674980ac5822230
SHA1 6bbe530c559dea840ef60f708652602b3be00846
SHA256 cfdfcc40b0a529bcc94e74b4682702c14778ae28ffa93237b5ca861b389b602a
SHA512 26cc6a0e2f9a6675cb29852b280bef54e48096d18d8e62f6102278af83cfde90c76cbe3638fc30463d0d772c3180a60c0321180b4284780bfcc73ba62c023787

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FTEXSHIO\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MO7AE438\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A5X3QWK5.cookie

MD5 9b1ed74939ab4afc76bd7c6d57bf1eac
SHA1 3aa349ed70239273e4dac307198fda233421f987
SHA256 fcd0a94374e041b524d4b64196e9efb3ca89bf7329f32522ca7d8eb1b26bcff8
SHA512 dc224cd8345204ce22e9af4ae9790d068ebc7851aadaffc43eb1d1145e85a12e0af1370e031ce39e6b2b680358f40c72b998aea7fea3e14db7b124cadb3b717f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5CHAPQ9M\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5CHAPQ9M\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ANVN19N4\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S588HN8X\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S588HN8X\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S588HN8X\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHC406DD\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S588HN8X\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5CHAPQ9M\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5CHAPQ9M\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ANVN19N4\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ANVN19N4\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHC406DD\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHC406DD\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AJMJWHMC.cookie

MD5 56b24fbac941780a45a1d11778950bc3
SHA1 8b76aeabc557418f34e6b8f97427de0b38cb7f1a
SHA256 ec39d011e4bafa1422f04a69fa2f282be1090a988e78ab61d569de49a80d8ab3
SHA512 abb0d67b4fba7fd15574baac936375714bd94702e843a8d4a61b2592310874ed5c1cbb406b304c507a23eea8ba69840c392e8d804f2aea369cd4e9c397ee06a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8a018f5df0c818f74ddca85878733868
SHA1 c449236141dfcb55f3b4033c79732710bd97298c
SHA256 e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512 ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\eb5f13d9-7fe9-4388-b14f-d6f52d8fd557

MD5 c4b647f92dfbcb3db7b012ec825f60b0
SHA1 433bdf8ff69de0d1198cf6a163197382d9286631
SHA256 912fb2ae0eb064edea363dda7f70c4495e0be69dd91fc8aed27e8c21c725e993
SHA512 cf515a8d849a7b4a4d3de67a91c898b2cd66fa017d5c7c80b50e711038eb4c5bcc6ce219a6e4a78c7965c512dd19d840b48b73814eb510340906ac1d9a397a9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\815a35fe-4c05-4b6f-8521-7cbdb1b2d3f1

MD5 ae6e1ee10f5d3d1d5916bbda9996078a
SHA1 8bf7550b384676cef40bf2ed842fc07b0cfd2606
SHA256 a6aa44b9c8658bbbfae7e55a76997d1813c8402bd7364e82e67fdac866c6a1fe
SHA512 e4f7de4d31284868423d59d422a3dd4319fbbc6e764e2a2061abcda3639635b0cc4b6ffd4d9d42eb5b8c752b69f7faa78d5c0072b7485fb52e351b65c1827ec2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 fd08296aa62277189efa9fc039d6376f
SHA1 5cc8954819a1a9cc3152f86d58af154d2bfaa2e8
SHA256 ea333680e730cc462bff72b941acd506a4c3722b7a4fea606442e88b421f3c09
SHA512 fa041f2839e617a0443a8e2f902b068726025e05b818ff8a0cac6f60ca2c3ea885650df077466a70129d3b91bc700800fb9151f21664922a06af09083b0a6fb0

\??\pipe\crashpad_5556_XNXCUHCXJCPIUFJG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dd83665da418cf5636c5d467f97fb066
SHA1 f431126b98c309609c8c7f3ca362f1ef40832aae
SHA256 c31ca05e85c1289f5008a03fc50ba2c66ef65af16090d96a83d81650b6535238
SHA512 e858ae2ea17052c5842471319d341f44f548ab1b1b5c62d0a854586de87fd818f5c94ec0dc84e5b20dd45d5f2a9d6ed7907eba6bdadfd8c4dbba0a23189a29a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ce9a20eddd042c4ab6a86270fe6ad3a3
SHA1 fad2fbae632d1709b6309e6040e1068a36ec86a9
SHA256 5e030ab6903209fd97a76e8a423618bdeffafec0cd3bf67a65d782ff52a4acf6
SHA512 b73578bd6fac36a9c871b4f0245fbd71d86625f14a04e76b57ca465ec1ce064fcf21e3add52c367de3f5613e6214488566154b6f30b7bd413173d46b63c4c492

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 36e84c39b4071a07180c7ae5ba15e9d3
SHA1 bbe3b0a295018404fe95563d4e28a1019115b736
SHA256 0d7b085fb671c918f9ee122a2155448da625b61a58b4cb3b40c6287b5ef6fe0c
SHA512 7275395fbfab0bc74591622b8654cb8b4eb98d93fc50b572a3d5fd9039c4aa27f9d5d540cf18a2c188829a7c8484748e5dc84a2cd8ba0cae4d917c9ce8c9e057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 898e6ef32c15794796a778c26b4506b1
SHA1 eb3cc3cfbb7b6a66d4a87f576ce64a818f1ae210
SHA256 f5d66f84e75f2c35a54365d8bc724f4d8fe325acb6d9dae0a56f9cf913500cdf
SHA512 5d8980bc75138093d097413957de0fae8e48869da218e63640555a0ad23d6ac9b664cad2c65a53100549c05a36431af305940e90b1163007b065350ec8ff9bf3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 74f9911fdf77864a46189ecd891180bb
SHA1 cb47372180bf84c97de00169e633a9f7072a2aed
SHA256 a17fc964b5216541d3749e86d148d9a2d52785813c8844196f64308df9e3f70c
SHA512 5ccf8d7b1eaf383ebd965266488a03d8aa4ea710385783c71154253bc0dd8c2aa234d0b97d4042a3158ece6602d8a8e9100f4553d8fd9d62f237da5d1d474c2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 5658f99a8c4f7739e94396c22584effa
SHA1 037407ebd79a5f969e196ee5b5aa662b6d360f9c
SHA256 5fd338c9809d9dcfc0c7c696c963714c959a852661011d279d08e83d0673e1df
SHA512 5aaaa5510e4e7c90d4c07421dc5ddf648cd3f7e214fcdb42013aec34c1041ca397be52a021477be9ad209e87100552a45c776a635391d4eebe6aa70d6e01918f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 c5075f7d13a776145eb5f392739322c8
SHA1 985eb9bd94e03a677bdebd8d26c31cdd0575efdc
SHA256 bdbc84319c47940e7343bbee7eed5d4bd970a076efce4b9960876fedfab31b8c
SHA512 8e1d34f4255f16d2411870ef3d90b1d0ec54bd475264addc264fd0b929c0cc0af560c373f83abecf8b6b14026c15ea3d3974a0a31ce372ec185469b21ee91820

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d906146e27efdec141d99e64070b75a8
SHA1 470ba8878b1421ebae0107c8f6319db9afa8d9d9
SHA256 27ea668a7311fab0111a8a0de00a2c7f7a98c5a738612a28c06bcebe75bc779c
SHA512 8b1f0990455c89fba77074b8fba7f7ccbdd90c6836489f3ccd1b4b96a91c77b648aaa5b54cc88f29ef49222cd0efe4cd75a42cff20d173f270e07e5e2c0da0a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 24da7d2f1cbebbc380cfc9540b5c5e56
SHA1 50fa02115e74595b6322111399c17b8d278efded
SHA256 2095bd2ceb293b4b74b3c0f706ad3a0c0bf39e8c2f811fb76583950868a937a2
SHA512 618a6beef03ea44c6e4dc414cd8a169a1a1fbafe1e3ba1c5e60540ab105671bafc5a75a7bb8c772ef1f0d5413d50b3330b8228d1a9bbfaa2a837f144027164ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5556_1034519293\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b42ca0ef3f1dfbbaeb3065124f43777a
SHA1 72e291b2dd257b3b054e766a27ef7dc0a99b8783
SHA256 c44615295a82bc5265670bbb227cac357f515871325e8a04f40c626ffc04c26f
SHA512 17da8005e42fd9b687c3922791e8c5488adc5ecabf802f73dc7b2fa9269777ca941bcac3aaca2b11b9f8b0bc7fa192a7f4a46914c8d96f9cb760f143343634c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57f4c0.TMP

MD5 e25769de3d97f85649e011a943fcc962
SHA1 d46743289382c9c1f1434578e9afc99d4b63be4b
SHA256 80cf8a27c8ea7c402acf767bb9c74fa22ecd1538e67cfcfaa9fea1c9ccd3296c
SHA512 acefb44e02cb3008df840b19f815f3bec46c66c7b48b46ac1a8126b8790f045e8bfd674e9a855317b9cde307122b732f21cbe40e1c603546c823d2b62764d8c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6ff9db13290e6e0633260ec6e412e605
SHA1 61e6adc0b5435577694371659582c3756a4933b5
SHA256 9f7edb9d537072a42af53d8d97658dd2d7746a3ebf00b7505e1174688ff68847
SHA512 621a687d0224324970888dceacb4c4509f88a08fb3760c203c7465b35fab044033e86636ae7bc11cf43012ccd84b3dee6465b3424506bf6b486505b50f037513

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4abc134af2da785135ee830359bda1c0
SHA1 5899e095a448039d65f6077fd988eb4f2a91e49f
SHA256 b66bf071e1e56037922955597604d4a80908d4383adc832dfc1656644b72f11f
SHA512 8732db318ddbeb19a88b3d36fe9b0f15249feca7807c802a3101765762ba873501cab3bdbadc33e1c1365a5038979460afc2356c933087e1e997f6e5cd6f5315

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27b56ddfa12cbeb9a5c579b3e00dec46
SHA1 dcd40d7e136a3eae6c050416fbdb3de4af4c5bdd
SHA256 d131e0145db0304d9f9fd4e899fc043d2d24ce28a0983b281870c89d8f77e32b
SHA512 a498fee360d4766d6c360e5151a36410c90ef3b00d3806e1a50eab07237e88532b43c8233db8dd86aa335c43611c004fc7ec21858665dcc60bae010d2d198d77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{03a4345c-508a-4bb5-9462-d15eebe12530}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7edc4a5a060790928b66a14a36153668
SHA1 9fca3929d00ad04778821ce3a0cd868588847754
SHA256 9c0de2fa36b904497dabcf07adb88d1a871d5c7f576fa8308938a01133701525
SHA512 c2705d9c91ca2dde02da79919ee3c5f136055831c3ba424242d23b4c20786520f4dd9a3a6dd83db27f1d7dbfd99e8d2b4802f378a70e416500e9eed30f5c91cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\4088116773yCt7-%iCt7-%r6easdpco.sqlite

MD5 ce491c6365c9ae5edbdaf2f4c581ea15
SHA1 1efe4a9cab0532395e57487ecfd337303dd925ea
SHA256 1217d1396458aa0e00a85d4cb0162f1881a94c0180fbbf9820bf3b2df12a516a
SHA512 ff6c67e906451828cf4441f46dbfaeb06a7f02fdf088f387de60b5a6a658cc90dbba822ef1b77d1fd26f61e7282d933e9e94c044ab72cfcf3f80540451aa2a59

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 643275453076672fa0d03bf295b0cbb1
SHA1 dd48ba4de8b3d3bbc3ed741baf74473afc706698
SHA256 acde60cbf592d90435255c160c60a6a2927a216d5bec63fb934d3a8a8cd869a7
SHA512 3ff996936e49fac6eceafc3c2564dec1161b8a51dd86cd665847ad7769bffd2bdf1438d456565b58dd5d24dccea92ee0270819cee9b8ea1890f92a9c2513b545

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bd60f1cca4ca5a488223c201201785e
SHA1 8193f48d59b6f2d152ca52c6801c4e3a13a51baa
SHA256 129f75edc7758fd8a175383c0d83c11a32957503e0e8c90be5e3672b25784013
SHA512 a4869ca56c1cef696b1498a0bc03e46543c74b56c0a59b2c9e491889d0f465431c36c23bf221250713b31c69ba09590aff6dbf3bfbaf06c9439ab387af579d38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 796f0ce5aaddb6b66aec8b2951218255
SHA1 61506174a7af31acbb88480d1e69bc45da7044a2
SHA256 3fe1113f646d4c769bd4368ca84376558524f35d1d4eaeed4465b40e0fda3bc8
SHA512 d2f0c79566ff685b24f48542527be63a1fb147ed2076089970aa330d33d6a742ec48bcb0878504c71e97ab9e4f4807a0bf9e7a291f4d3805e9955eaf3a112eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58468a.TMP

MD5 13383deb6c7ce7ba232ffc185c19a1d9
SHA1 b1d50ea5f4390a66d518d3b76768b1cfd926f772
SHA256 eb3855cc7448fb732cc1aa3e75e854111fc9e668df0194cedafdedc6522acd57
SHA512 0c44e0ddd2b0bee9cd6192d23c261bf3d4a8e241f1115fa49c2ea76573f206505528b8f74fd5ff248801d189b560982f26d130c1be28d9784a54f3a4102363a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 50ae8859a9aed3ffca38f867fdb9a92e
SHA1 d55dc1c27879949efcfd9ee49e250af126fe44a0
SHA256 2dce700a3ab74647e86a227784bbe3edc28c995fa27e2e73c74300042f1978ed
SHA512 1f763f936d05eac9128e30bcee2f6c8e36b4aa1b47a21ae5c911e32aa180c2f673a006c9e7a40c635fb46156b30a6aead386130ce7f175c1bb4ac1570f6312b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb1029ff499c92f616ec0246f83994fb
SHA1 b385058e29f83fb4b972c6543ca5f46518f7832d
SHA256 5e72721d908e3b2a2dffb1c4c708e3bfef56eb8972d053476cedae3b826da773
SHA512 78b5d6c5bb9a714d338e96e094ffe45fe8b6567f6ab2cde35e6e675d4e98a2bf7f476738ab8e27e3eb783fa0b7514bfe4f4bba7ccaa35f2143e227b25ef62fdb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 19c0a75c0cf10e577b843e543f09a0d6
SHA1 cd88694e3d9704707ad8c1e754b93379184ae9b3
SHA256 f79874516ef597077a29f28195aaaecc976371c721ccf525b8f420063279f920
SHA512 c48a7517b60f7c3395aba48e145a09533b992b872e2a8b2b1162eb12b5ea71f0f69679b5e099f12b871cdc2864fd4b704940dbb765d772ba2fc599b1362ffc60

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 4c8a1dcb779513498ff3304069f0ecea
SHA1 64bcaf63f456760d8d5240e7157378a609a7f3bf
SHA256 7f4bb9ce01643bc68ab517a6cb954a16549bdb6c51c354d5f9eff68f3e4a504e
SHA512 3188919c688e2acb9127bdef10871f6240a75ad774333a918fb3d6591e94383d844c2fd55aa19e80dd9b8d25f62055df19fb4fe8d1630beaef19991f453f6bae

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S9CQTYTV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 345b07cf7edfb371e056c261742bf3fb
SHA1 4d3f0d8a2235da93997f8a20ca4e4e451d230861
SHA256 6ff6328499f40dd701487dd5441bd098b0ac2216944d62b573b518004a3f8dbc
SHA512 c48ae5ca7ea63de2916e68f1467da56a04de23b5d3c7cfb4d029ed6d47bc70cf6b2aaab41742e1c775df30e973aaf0cf0c4f20725bca14e8a44e4a81bb80f7c6

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4997fc9a622167cfe5ce2c062235c03a
SHA1 03aa36bd88563c760c799f9e553b7f27eda41aae
SHA256 cddea7bc89d96c7c4d731e5af84c8836e96141ad663903e74988999e9c6399a7
SHA512 cbeb4c3641b91b45de1bfa4bc42af1d344360291c54873173975dfd05897ebb08c6c2ccee8959efdd1c072fcece00cd249768cad3f103085f0a18939ff7773c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 563389e47deee7d87c9b2e9aa662d962
SHA1 4a4ba5f474386e3a195007aed275cf97b47e0978
SHA256 5e6185faaefecb64a8124c6818974da10b7767b8f3401e4b1e23585b5f69bf19
SHA512 9f951d64c7e4f68d80acdc7622a174a3e6bfa142c66e656e21931f858c96ac66d6ec6c7ba9adb03ba362b40db47c6ccf8447fac6be84d9fb899fdde8d0572879

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15a0dde7b1b56626a902bd64a3856e9a
SHA1 dea856d568b34e1eb917bf67f63678fcea01ae41
SHA256 8dd42aeb030f8bf30307b15cf8de59115d715893449191d6b63dc9a133576809
SHA512 6a1b2b70e8d89b6aae24aa8169e1b760611d7cc1c73e908779df84cf549fb533814b4f81da4b7359f17414001010e50807fe0eccb5acd17f7f867d1476bcfc90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 489fb59e1beed9c3250fa49d75ad5d5f
SHA1 64aad5b1fd823dab3afa0612d3e726bfc70ff12e
SHA256 0ae0fc0c9816c4594c7fa6a35f11512a48dc391f09bb721d116a9a99f40c2fd8
SHA512 c8616e48444f0e88e3b68cb99f4e18f59d2343957ee72bb2381d348eb74f51ab2d06c427e0b2b478d183501d2f2880de8dd28735b1a5d3140f9a446d01c881fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b022966042be79afe82755e24dca94a
SHA1 e0e15fdc0e794f27eee6b7c683d633ab6d4ebf8c
SHA256 46d859128d83a2148c31bd450c1a850125116ac5467945540488289c406f0426
SHA512 bab2d9135a31afc440dc90243e9439ec074bda95d163aebf831f95ec29fd9919ee351ac4f24b1f9c957523caf0f9d8ad22fd13a450580c2f6ce09cae6086bad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 daac500669ad31f09d0d7e3ed759e5ad
SHA1 0197416dacaa439d6fe5142e80b75f33780c1bb8
SHA256 26c254d5c3b8918dbfd5d4a851edea85a7bc827d85ba02e510cdf88787078db2
SHA512 c0d4f2660cc6352b662670ad420171e6651e13caa8b1e627643a61f004ae39706e2f8ed7983d4bd30d6c29d9c519103e5041002a7f6f75d23f289faec8b8e1f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 123366d48c913fc975f06aa6a7a2dce2
SHA1 5b2d4420460e84af5ad358a2c067363b8a99f7f1
SHA256 49748cb8a49b64f5800acc69345b8c6b2326e8af7f9a58c754228b2d4fd4e588
SHA512 0811a7c5caa443c2751766781b92bc562a96639cd4a8bf04614be418feadae68c5f47b6af034820a7ebe3f6f25b9947e01ba9937f00e92238b08bcc0c3543318

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7dd968b36fefa9010e07d4b775f84063
SHA1 f12fb0e3565937a499d3809af719baa5a5d14bc6
SHA256 bfc63c247b4280ae0bddc829435c1ec818eb39105957fa0f096b448038d0e939
SHA512 7b08fb1fd99a5cf07eeecdf20be542816a65924ba86798b6e5407a51e54516606d2ef89a5470e6eb03890bdd47d8dc3873573682dc0b2923d06190387938454c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 203c393fca1142ba3574852c0d56f09c
SHA1 7c13c9aa94354d9fad83b8c2f0b19235a97310a0
SHA256 f0f3351675de6be0ec39af7529b08eab0e103e985f369a9aecd1ee1932a08444
SHA512 7bc8a2d179bafeee06324cd97c6c862d767009014e2fb1cf37ae9290124c0a8784e41ef95d66ae6936ed8d95b73d8a67d2348cef8939db475f4e585ab0b2ae0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d406a2263284079eb85446b85db2d9e1
SHA1 10697109e3ace31f99a7727d9239563f6dfe4fea
SHA256 594a9884b63ba7c3ea49da3baf17877a885e667052fd705780fcf4b6e017d72d
SHA512 d9b94dab902a170ceba409be47279ce957c6d2c8175f0b5203c747a4a51e9d10295dac190c8c5a17bb40a4042452e8557e5bb091e73b7e306248c202a7c152e6