Malware Analysis Report

2024-11-16 15:55

Sample ID 240212-fsaxesef84
Target e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052
SHA256 e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052

Threat Level: Known bad

The file e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:07

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:07

Reported

2024-02-12 05:12

Platform

win7-20231215-en

Max time kernel

51s

Max time network

293s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0083987f715dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8ECDD01-C964-11EE-9673-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000e3c665f02fd0660458d5ebdf85349c7ef585d17b95c7898f7499527e5f6da23c000000000e80000000020000200000008344d20eee18180f7a056884a877bc35f392576aff29baecf1cff620e7432fed2000000052dba01d5f5a7f286bbf66ecd02f2bcd5dd4682b16f0bd8daf2f4649ace6f75f4000000060a96dd2d570095f87558430b5015c24f49e2e88490e4df288b9d641ed5ca6451841a3ae64477dd8a24db7a1c785f4272036f2cd8b8a6febcf3388ce3fd19183 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2872 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2872 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3060 wrote to memory of 2676 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2676 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2676 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3060 wrote to memory of 2676 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2976 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2784 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2784 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2784 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2784 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2872 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1200 wrote to memory of 2132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1200 wrote to memory of 2132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1200 wrote to memory of 2132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1196 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1196 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1196 wrote to memory of 2448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1952 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2872 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2872 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2872 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2872 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2660 wrote to memory of 2140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe

"C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6489758,0x7fef6489768,0x7fef6489778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6489758,0x7fef6489768,0x7fef6489778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.0.925624470\174144147" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd29bacb-8dae-4482-9cee-f6673660cd8d} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1364 101df558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.1.584865648\1603836874" -parentBuildID 20221007134813 -prefsHandle 1564 -prefMapHandle 1560 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7130b056-47ba-4ea4-9aae-ecee5a4e3b2e} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1576 d70958 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1316,i,10069540174170939077,15938842520733656013,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2612 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.2.1230557993\1165147641" -childID 1 -isForBrowser -prefsHandle 1296 -prefMapHandle 1928 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {932e1aae-03f9-41f2-bbf8-b1dadf7a7f46} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1972 19792058 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2576 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1332 --field-trial-handle=1420,i,10001711411355604257,8981308083112222105,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1420,i,10001711411355604257,8981308083112222105,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1316,i,10069540174170939077,15938842520733656013,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.3.1797584911\63926485" -childID 2 -isForBrowser -prefsHandle 2700 -prefMapHandle 2696 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ff2b120-83de-4a7a-8279-67cf1b0e5ca9} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2712 d61858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1708 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1320 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3488 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.4.1118133743\245727377" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d6c5e8f-fc4b-4e68-a77a-a915383a5fd0} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3804 1f96dd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.5.939175952\1819772293" -childID 4 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {163981ed-b0a0-4db5-8a1d-dcd20e1f7608} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3916 1f96da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.6.1156324053\1168778253" -childID 5 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d74c2a5-355a-4fe4-9b45-2ad26b29bd8f} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4084 1f96ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.7.1748979348\1723417666" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4200 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d53cbc-a656-4d31-84a6-533f3adbf5d4} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4000 20437558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.8.1583759544\655664563" -childID 7 -isForBrowser -prefsHandle 3932 -prefMapHandle 3928 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4cd7305-fa76-4868-9091-2f7142fd0b52} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4128 2043a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.9.918579046\693331333" -childID 8 -isForBrowser -prefsHandle 4508 -prefMapHandle 4512 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {faa9d953-fb9b-414f-ad47-40dfeb63ed1d} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4496 2043a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.10.624099217\263487275" -parentBuildID 20221007134813 -prefsHandle 4916 -prefMapHandle 4920 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb24805-8cc8-4fd3-8110-3970e244ed05} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4908 1b49c858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.11.749201413\2006213490" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1282cfbf-2b5a-42b4-9da0-3bcdd2ed9a2f} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5024 2019c958 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.12.2038250356\879197118" -childID 9 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fbb89c3-8203-48c8-b270-91a86d506d09} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2740 1a909e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4524 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1268,i,352663624165767799,5099845462118338722,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr4---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.9:443 rr4---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:50123 tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50156 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp

Files

memory/2872-0-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8F19FC1-C964-11EE-9673-F6BE0C79E4FA}.dat

MD5 5691a7d66bff2377450b01b8f4e569b0
SHA1 90cd5a1c85bdbcf10ffd4cfa05eae301f3049f60
SHA256 c5200d89f621139024be91ee972f47303b1ba8db7513aa2e25ac40f77c2eb8e2
SHA512 e927facfcbd15655c65b7be5d7793da1de6e2686e33efcba51452ef3d7db687d55b3254c2f333cacf7266db061f2b6bc3fffe301556ad98626283f04d06e6713

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8EA7BA1-C964-11EE-9673-F6BE0C79E4FA}.dat

MD5 af9bbcbf0013a02d9aefb502b915915f
SHA1 5d2a287a935f48527df146e689f4f57ee678f44f
SHA256 28ef8dab01b70b56fd98373badbd72d2e29ab27b6262718eafc71e8e6660eafb
SHA512 154264b7b404c5a161eaff7d3122f482db69c7e71add56d64357fe532a3f3aac6464fee43c274795fece3ce9bea0e07e414c0fb7ebf888e211136d0568232441

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8F19FC1-C964-11EE-9673-F6BE0C79E4FA}.dat

MD5 196ac46e681531312e4fdfad4f178a5f
SHA1 181c490aa16571eecaa64ab4c17144aeb4a5ba80
SHA256 22779c6c7c3b074aa2a638b4d4092a122bac8764c8967b5253ad5e301d178309
SHA512 4befa6d8445d6e0b81f4457e860abd08fa32a13898c2da65c120780ebd8525cc42b3beecd56a8976667fad800b5c880905b40d6317d67277497b034ffd82f552

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8ED0411-C964-11EE-9673-F6BE0C79E4FA}.dat

MD5 6409738492a2e7242dcc1accb3ca75ac
SHA1 673a3ae73af0b830ddc7d0f193c2cc37bb6d71b8
SHA256 017f6531f5b5ee193815c4851a353733fc2c1f334be7731121e410c12cfb7090
SHA512 a9987998ab69b98d067887297b8202b4e42880d9546b2c9ba90f9cfb4b8c394dbc997e6ef908e7fd831cb5524cc77324c2ac4810ec82d38e2bfa164235796400

C:\Users\Admin\AppData\Local\Temp\Cab4BCF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4C6C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1c99b3fbfa1e6ada299713af3f19d90a
SHA1 d44121a1ca0f2a05ab8b9bfdcfe984afc0714c5a
SHA256 835f5b827b8a578c461f48cc434284ec2a21a4eb59111192a086b1e520befe7c
SHA512 66507880380256abc6b46cb1417fc3df7937ee3daeed4e3b40376944c2b0b20bb38912d20e16296067b5a4623842bae13b1fcf0074f4c303607b881c3ee7122f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 dd5e8d8d5e4e6024a5d8dd8313039644
SHA1 63fdd921dfad38d73983e8b7b34f730b1fa33500
SHA256 95de51092c7a9fad6b56481b39a0625617230698a94679c4ff70e2aaf1e87189
SHA512 16f934dc2e1487e20ae7ece5ff36295e6bc01cdebc901f31111c5b93b2675969aa4e21f9186d390fe727193c967d93ec6b2530e6a5bb9e6eda11bde20fbc1a7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d3cb69445d56fb2bd2fa7e295ff7684
SHA1 e63e981cf3704fbe6b252dbcb0831745cb5f92c3
SHA256 ec61395f746f2cdcc53215ef7773aac00d385e68d4faca6410ca845e160fa7cf
SHA512 096f8912978ce5d78ad6ec57205c27e9aa471b8fad8a4a34d16be680cec134840fa207d13736ff492d52fc45862bab7f390eb53d11955bfcb478167a33c25a1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 07d36278e58bbcb327de76964ae5e7fb
SHA1 98add8bc125da7b178b3f5db3dd82ababe165948
SHA256 54e6e40b92e43ac9b245bef2899f913dfab0d4fffdbf2e0e74ebe7780548033c
SHA512 eb4b84aa95bf83a2e1a6867b4f5c775ef5108234511e752062f2a29974388f9150bcde4ad37fa8fc01d6355c64e8845f48aaa9ed76e874c59786fc5ce9295e8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8db4b7613058cf966c8892274529d4b
SHA1 f1215608aa32f24dc4c53e2d65396b3c3ded1af0
SHA256 461a07094f255b8df887763a733db18e116123fee14f3687e76e54f1e5aa83b9
SHA512 5392f1a4c964cb511ff2bcecfc9ac992fbb26da25072f53fecb9bb0b3b904e84bce857ad4ef9fd5943022716b8099c7baa1fb5c36c10b6e75de1325a751e8826

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eec9a2f2c011cf285215bc22b6b1eab
SHA1 b1d1f8d306f0bf2c6125f107cbcb6717958c6f30
SHA256 835d3540ca4bd35821ae79b61d6b36c40e9688e604d4506da08a6d6a21a0e7ac
SHA512 6045f4e1b523a29deb31807cf47a2411dbaf5587a3e60fa26e98135507d84c57fbdf8fd7f1cfda7519fe3d539089112a0e4713f651084ed408368b9dfd2e3d7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 eeee75adfbfd249f6a89781eacaef063
SHA1 f6fa5656b2695ffcb262b66ba12190d919f6e7a6
SHA256 cee2ea5a6e144ed6a8306f26a1feb94b77e3b3d4be1dc6d71ed3833d504bdde4
SHA512 78afc1aafa191a3c94ed33561c093d2a8ce081bb51ce5cd757a040bd3acb549ede3557f8a3b7bd7c85bda1d3a44a2ef23a3fe6ff39765b955be6d90876224b01

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 0ec7331958bdce60dcff0a5640fec6a2
SHA1 591c0aee8288911080e5d8d52fb1222eeafe33a3
SHA256 991e3d8a6d0c3e40964483c0bf3fb92d3220026edc7c155aa58c352c6de8e372
SHA512 e496e06eb994d503d6c4dc9c49f0dce5aa8b9283785c7b84dc71f8e93b49f064252b0beec8685970f665793266d1bb22cb2fe35311c1acab149c5c31ab6ef90b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 93f1a3e08a37a5cce0aff632d3dec4eb
SHA1 d364e71da9723d6e8e46daaca6bade6c8a6ab416
SHA256 b452724dd2a271543e4ec997aaa66e7f1eb1ac92db9f9db3f77ad163910926de
SHA512 cb1fe722a8593e03c98b85a8db1407bdb715221178751659697aee477a887c15da4ddd10c99271e4df7135c3bd2ba36628da6326e4f3d2ec2db9bc8a30e1c1cb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\D55AOHQW\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WKSYHX82.txt

MD5 b42170412479e9a3bfe85e42b5877dbc
SHA1 9d8c63aae151be63eafd9690c3bc8ab49f2730ef
SHA256 73d4d39551073859e156cd2f4f958c69ac3ef61d53748588933cbeef6f136465
SHA512 641c36aa52fff14b87295dfab37837988485688430b7ae547d9fdf865610eecff64671c098f9beb23814bb986240a17974b3b53695e894e90011278a417b180d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 4fa28049fbb26dd67c13bab9b99f6cfd
SHA1 a59e958ab646941c9ffdb63ff749fec56c3d23d1
SHA256 de11a0ae691bf3f773db3ce967521e3ddd013fda468b29372778a8573c2ce51b
SHA512 b1e9b361491e47aff922f8b4b4e543895b262461aaa76f33172b2e5f07f9567900b54044443d559f5f20eca7bede1e131aba419872293e14b96192f556ac0cf9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 4469821559f99e9dcf07db634b7b2b49
SHA1 6d34266e753ed5970780026a59276690bef934dc
SHA256 1c7cc02846660c1e7a6c2be242c9dadecda1b210fc83d6bbba1b27956bd12dae
SHA512 c12e50d3832265fba3870347d116e98b79ef81eb279c7c5b4de5c88be65e518aab2f5dc0052c011828cfff20d4035f78b7a41121e91145467c6fbf21a9d99e84

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 d847cce0b996daff02c3382760de6a89
SHA1 c2dc777adedac75dc516938e59db1c2b2d832c7e
SHA256 b7023571f3fef409d233a9576e730dc5d0e80441ac54c64f09e20d9610143043
SHA512 e03284a9ea67fc56425e6e6d0ccfa5c63e083fcd9d8f24ddc2a260e2cb6469c7a051fbd28a7ef0010dee41737faa90ff85928d38544abfa1fcc943325e5e8fb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aab20d6df1161d3eae72b7c814f521af
SHA1 484b8eb2571b5781c9851228dd6762813b73e320
SHA256 0025911ea9c60de7c50f51d45f85c7887504c7f5a4992df09ab0e39fe1a3d039
SHA512 6951edb635b0d813eb7507224948d3ed165fcfe68aac92a4e34aaab902c53f6d6832c98d6015fed446f120b2303845f8e0dc4a2d6fd01b406dae6d6552158ffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9ffffdb67fd0201894d7990b2843550
SHA1 db992b7b906b304489e6927740cb482534b54b95
SHA256 6b1d4340cde50bf9aa082599016f112cb419d2653569af17391a403bb2bda117
SHA512 494efb43af39c4add79ac5d9b17b9b2077a7ed2fe067a808e80e4a11d2a63cf8887a32d2cf01c6af98d325dae823283f000c158c60eb099163a204b8476115ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7efce6f92e73bc5c4a26d0379fa9c65a
SHA1 f0c07ec218440e0635f062154da2e2f8239df3ff
SHA256 8f0c5a95693664ee6155a332ce40eafcc7eb812192d9de1d99624b5a2cba0fd7
SHA512 784b93d59d1ba77a3a82e4410e7be01cdd5c24630d3a8ca387634acb9656b5d2e3efaf60f39c2c21a93a114d3df29faf4567b702e3af7d877bfa03a860e200d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 643ad4a274f646963b38e538d3ef328d
SHA1 ab30254946c9f0eedb7e15f5acc61be7e9a0da91
SHA256 ba6136895775b4f94ccefcdac9197ff16ec3f0e05ad4c89974766f1bf0f8aec3
SHA512 53c24f6ecf405093639e3223f2a347903d6cc07b7cc77c8a644aecb0e23da9903378fe9b6b6452e79a13f2991704b9ae75443308f816fedadfbac5b4e5701410

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c0c957be72168238eb0c4d3b6996284
SHA1 deec4494246bd58ac480d1c9feb8d2f82312a128
SHA256 ffe95146e5b52b173b1b34c12346c4ff7bf8cd4ef3cc09bd04ed9b9e90c22944
SHA512 198cbfa034fca82b054c50cf3f6456c3d7a1f51719564dc409534ff3f7ce1d0e205dacd759401568400af7822c465a6c0e5f4d1ea268dda21510461f4895bf86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41cf0312433f13a1bf24321159d39c71
SHA1 e7581d8b1c9cb201783fcdcc3f7e99b71cc54588
SHA256 6d53aa1b6816413eb4f645fc7e6cfbfa4eb554cc2c7c7966624e529ca16336e0
SHA512 96048bbd3431a5ee85966d2c7582f7b185194074be0c367ee42d979b553dbdff5cfadfa6c3c400ea1d7fbd0c6f4e2c764d34cf5dbdcbbc148d67e11714092bcc

memory/2872-855-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c45e0616ec7c6b20d34f0f14282f62ef
SHA1 eb2336c1ba44a8932127f515d4f9e218c5379aae
SHA256 ee6a697a8106b3fac3486f60d6e5f0e42045f873c97455f4644a5f070d029132
SHA512 30573e4fdfa88c62f6f3a30b265ed6f794ec5e86a528922d40ce273ad4c5108b56119e63eedd639f7d9c29c36e3634e3e9800a0212d569838e01d10051b666ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 149969ea06f98c09ca097bb7ad206e0e
SHA1 6389985ff82c89581952ab2148e89b04d695bc35
SHA256 b32d1d334556aeb6d263b6f2d631423be7600b89af2a2852dea6d4db9c321ebd
SHA512 8e013c04816b7b7e22998070aa593c664a4955685dad257016f1eb637d6f5d591db38658ef5bd35a82cc57a3fb68eeeb7c2f0876ad95d351c8e2db9147141f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bfd8da92-8d7e-4d4a-aa15-ff61054df573.tmp

MD5 f3cca733548bf8cd35821d1f2b18312d
SHA1 6fcb23e60f6ac3c5725fa5e7e14d6644ef871b53
SHA256 6db6da44e5dc9d7a3d3f9a143151fb4738b8d8a6e402801eaab402e4a0781393
SHA512 8147a9f91336edef313602806440a47c00c8aa0ae0b2ac28a376a15b3d7e72edbd542d28198a269bed99920f891ebe5e57b7ca3633b8beecfd1b557a0f86db12

\??\pipe\crashpad_1952_BAJLBKXBMDTGAXCU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\d1368565-8b67-4e6c-8323-8e4566934d61

MD5 dbadec04b9a8fbcca3dfda61160df3e3
SHA1 0d71b69c48e6225ddd1f47de523b5a6deb046075
SHA256 9f6cd2f7accab07f721acd95c1fe5e7aa7ec60b2a8d48aa6285f7bc5987aa322
SHA512 2b344d02b58461b9dbc815c03f85640c17efd6780cda451e244f3537625afd28e0b2beb275b598d11a5609db693575963dccedeb1fc18eee663ad0de8c943cb3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\b51ba231-4697-4f79-b2ce-d3aa4f280376

MD5 85a91ef8e50e89b5e7d3674d991da5a5
SHA1 1897b764620a84e93be4ed2fa31fab93c0bef606
SHA256 5bd25da199e4ab9a6fc5b2c4651e483aa6f52aa135617676154432560273dbb5
SHA512 13b889c022c5f6ee5bb95e023cce00258bbd08493eafe6e04c5abe939b57d2a68abdc99978b54954172743e6676f1d31cea654d8ff6357252942d847bdece44c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\db\data.safe.bin

MD5 3c7dd803682bd70985d79922a2f3659e
SHA1 98a094a5f2a2f81cc10c02a6e872a4e8779d54e9
SHA256 1f80f4f7cb0ded0ec45851ac88a37e27774c353d028bc9f80a74054f33634f68
SHA512 659ea8982aa1bd24de2f91358e71708bcd06e58e4f2b95ca59c9f1d24a238c5705c022e06a8e75e052c510eb665e850161c010cf92bb7375bbf7d1333759d42f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 40b956363fb59d1b6435e32953f5ddba
SHA1 1132d6c07c99127943dbabe1888e843a5b67dca3
SHA256 3fd5f30f11f710883fbf266c38857c7c2c812647d36123a7c5937914fe536fbd
SHA512 e9219450f262745fd391dfe99ec32d67696ce4e635125f679cd208c66f204c60a03fa1ad736b98315c4b5145f9880ee8dd48ee1e8410c2bd7bf8065144325339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 36e36efafc20bc1b6789371de0b011de
SHA1 49fc07538f9aafab3bbd46ae8e2267f523b73e56
SHA256 dd0b60696bd683f87e17210a2d129ff4cf4b8563a9b00b9ef8a838b609207c42
SHA512 c37f4a507c3049f5366238fc3442c94efc2d6ed48cb0417001d7e2202e50081369f6f685c0128be614d71618ba9b2372fbdc2a4a8159fdbea60eac059543c841

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 5f33d47b84834651b1fffb6ff8773c16
SHA1 ed8f666fcca22a110bd4092ca1c92432a33ddd54
SHA256 f31022b9981bc2de93beed27e9cd4ef2254a0c1ea3384a89d3c7da8507b58ae6
SHA512 2e5aa3b2a67f1472eb8944af6355bac1df72cce54e5f9157a829f95d4029fe81418a63b6e382d68cb1d819581a7902149f9ac6ccff99aaf7592dd40a477e7f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 8679d38dc91801d42851252414082da2
SHA1 5ba12a477c265124466f9bb4e8b696888c961bf5
SHA256 f962c449172fc68b3a275a9e450f1ade40fc6078209f166083600112baa6e82a
SHA512 c613beb4d12f437420af16e941f752359996716ae6ce5697e97371ba48dd1d176d9e8a3aa7648e5423e1c08e577dd0685bf75062e6f01caab54cc9f136ceb6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 945e2eb367a00459159a231570d09fa3
SHA1 8bfb4a3e201a50f47da969ec478fec0b58b1a674
SHA256 161e7540ea81b0c2642a39bf4b1d1fd6b1251f683064526e57af2859a6f1ee51
SHA512 642632c4b59a3ddc6ba7029496ffdf2a26de2cdada9c22a1e44e51af1a2a1b6bf70bdd60947887bc8abaa252918a036d8cbaa7734c4f01f37ae11a5665715892

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b7fdfc050a74dfecbf4834ed5fd8392c
SHA1 3d124888d65f80484cc3e5d9b43ca05d94dc0bc6
SHA256 261d7591c1c63892412afafedb0fda9d3180595e256a59e6e1a96058fbaff88a
SHA512 dc685518ae0c203f4f101bdc8477efed869345bed5ad22730babde1ef587680a046bf052342e6691a3412a10a4ec5c17ddfd98224d771f09e8378b36a70f6598

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs.js

MD5 7d1c3d7a22aa1770f5301326d3513e84
SHA1 0cfadac16eae2cbddb29e1e5e06fc565a33cc4fd
SHA256 16dd778296c00d6c0af9755c47685b4bec6e5d20388ac78a132728e9addd8a02
SHA512 fa1999334bcccf6735feebcfab5977fecbdc6e8ab2a45a8175478fdeae111134797879769b0b8007aba4ec1b2846a4301493fc1d44ba8f89917a7775153c1286

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 746200f9d745bf424f3c3e4ed60cf0b8
SHA1 a55c827f6beead17cdee53a7259efde5168edcfd
SHA256 3b66baaebaff7374b4ba6faae06dd8c92495f77cc013b657db118eb5ae417079
SHA512 f939af267c2cd2977f3392b50a40f6842be7af20622df03f8eb9e8dca3dbeda88ede9ade2c864e0bee22dd70472173ca66c3ec1a2bc80764d718a0f41c4ff8cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 47c42e0fb6da08bd70de67c5dce7d6ce
SHA1 bc8b734b649b5cca45f4b9205538f97bb98f3015
SHA256 c3f814b626387f1427507cdd7de97d3d059f63bb8903ef0ad7d77b865c1e480d
SHA512 da7485f3a784b096dbb5f72f25810e2822e71eff3be25cd010e4eafe06d6c1cb15415471da89318d278f9f9acfbfda35710f38abbd16a2c86371c0b373d0d072

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\129\{541e852d-c8e7-4411-bd32-1b3b94e46f81}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\idb\2944216854yCt7-%iCt7-%r0edsbpfo.sqlite

MD5 2b3b5bc3a18f7e1f249bdbfa6852cad6
SHA1 59cc04b1042d7180d1b1d6bf4c935063dfa04913
SHA256 d7135cf50eed089a470147858726f4d1d0487995d1b940c253e983b9a4896c61
SHA512 d97f6a0c1044da28852717f635230182542a5fba128645d8d34a4ac82523d378efb534985baa8de88db887fd8d0f6455e754da0f56a3bc9543140b39799384b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dca0398f98e0a0302f96492d88006e67
SHA1 14f1daadb5e7868a2c3141a393c7b87c9e0ce79b
SHA256 12c89d35dff54e7e35e4a2a9ad59aa126c73fc6c1202cd57786197d4cafcf1fe
SHA512 77c6858da6030bb63da1c813e20e376b0a86711c2d3cdc4050e07927082169ac82ee216e72ec07502c09df3a40adcbb3c51e8980acca97269024903d5f27f0e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb3ed19c898635cb8599b7001b40e2bf
SHA1 bb5586a5c14e41ab6f5184365c1580006c31f385
SHA256 3fcc130a553a3f9aec2fd29547c6d2aa3d7175ec59f317bca70c317c38fe38f6
SHA512 ddbb3d5c17ff118cab5e1500850ebd47bd6b75e3cc7ad31b8e71028c3e9a2883fc556742ca2eae7ca5044eff224b7b7a2aeab886dd2352841b2939d348cfdc44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf771362.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 bb692a60f1c6a5b37f7af095b57c5826
SHA1 6cc43c65f5b6e34d8d121286eb02fb4a416da0ad
SHA256 62657472ca41d39abb0e2e7cfcb1f6c08dcd56c4a934dad989a58f0c922e6009
SHA512 15b1ba6ee132d5f8f7b5fc4d72ebfc3a2b341e1d5bfacd52f672f2734595e88bc7e998e74e91bf852b3f96688f8ae7f38c6ff37060ea70be54d31d385d93017e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 e2175cc2ba741482e8db4223ac827364
SHA1 2a400f429045f34db9f6136c4403592105ff0531
SHA256 0844dc81e0e09409c6d04c2b2c5c5198398d977630593a0150ad2a1fa442f8ab
SHA512 ffa838cca12287e132584832ab96af96bf086a4b35c31ba1e70bc4696cf4528b9819adc3b949c3dad77ac09a211e8d0cb867870019496b34b30f5139390d1fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 e0cfc86d6fee1e4fcb2ca7b79a374092
SHA1 1c441e7210b4534b6523724b2c1134e6f8cf274b
SHA256 07d7adc683a9590cf6582cce94e0425d43a44590adb22f9fd9de54a792ae8562
SHA512 9f10d004710526accc20988a118ad9a48b736122a74cc2f18f55bdca45bf631724dc3a582b0e7c9f823f9725870a9078e80ed0be5b3cc7a629ff980c9cb01d0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 8dba1030059c0a051491a85bccad695e
SHA1 1c19373c7dc5c388b26884b9146095e44070bea9
SHA256 5de42bda76cb9cc03487866621cb78532ca595b367489a8f9b392ed0812f0ddf
SHA512 26ed74980321134cfe68c3eec3232d3f01b162d5f1b074ce669a966b453c5885775015cd41a6a89fed9179c67ac9dd644c6b263da0231bdcb61a5708632f60f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 f6184bafee4be4e0179664a6696289bd
SHA1 5132c2d40587621f20faedd954aba04db32dacec
SHA256 c2c037e92cce291e16693a597a77733b8e2121a02b4394ea9326654d1d76a83f
SHA512 d1fdf95816dae49ff7178f68f92c3e94aec5b6d0e96f300f1763262674e888b4b83950f051471cd41c7974d4c7100e9439be13ddc057a0605da86f88c3f68d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 a7d020971edee484ea885fc4616e9b94
SHA1 8886c765643c22961bac6d7b2c3c8ecc81b06bb2
SHA256 b883ef00d35c211c6e80e81e27765a3a13cdc958461edb8c2c04841a8a6a44c5
SHA512 57532c64e20bd6e59771a201e5c35d821092813d6838b13752ea2f85fdcbe02cd22b2d318a4aa0f154e1490f89d6f7e5d20adf7211829c1e052fd5d7ffeb5972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 56e3e875b29a0cae43b48737728bac29
SHA1 0a5a802c85eed15d048686b009b1182301cccef5
SHA256 71e4d8c5202caf26873b23c9e42e307a159ebf5c6f100359f76c1e31ae3124d3
SHA512 8fe62dd500fbc102c77051381916276548c941e9bcf71c5aa7f098eb2d99253b14cdd086bbcc02029b8e17cc706deaa5f796108cd4cb5f6dfa43ca2df9425790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 3996087854deb58bce448589d3e48050
SHA1 fc58748309652eebbc7caf9926263a86abc90c33
SHA256 705dc3ac367ccba0399c7f6f5dd8dd0ec20ef0a83a4833e1fc2b37d7093fae34
SHA512 80d1351a99d86ab89e81524f30c01e9b5fc1d4b0eccb2f7549bf05e1a3495e01a5f85bed8d8cb00fe88a8628eb07c30d04c45bd5b204ca3afc25d31aed5998e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 b4e7b0611be0c72ef9f8d8cfb44648e5
SHA1 25919b50f907e6c2271531ca36d39c967ac52260
SHA256 2333ed572e03337e2094f3b107d0238edaac090a39ba8e225c5702d7b82795e4
SHA512 20624022fe7bce39aa3354778da856d50197f3e7242b788de51002655e37d3b369185359c9ca47acd1aaff707786ceedada21893b30161fcd0c75d9afff5f8e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 8cfdf88db90ff471a5cd8afd104ad2da
SHA1 d94aa61612b550a34a2838b9980511b95d63bedc
SHA256 240b24115757561090d8514cae0c5f01fea4de27b1e3c3aca254d87661abb5f6
SHA512 f4485d545c2017b9dacaeb2a15cd0c91f1c0d53883e9bcc2f622a3ecf26acd12b13ad541780fa6678e150784640875ff22c42a929bc95329b7c7effe676e17f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b4762e0adcea256a05b8faa8d5334daa
SHA1 178fdb2acbd60682149899f2dd2d6cd2c8180e56
SHA256 7cdfff7575a8e417a39251d13f06f32c86689f7432d1d075235351802724876f
SHA512 1192ecee7afbd1614065de4128a4a1f06039cae71842f6a65ea0c57be3a009a137ce81dd88d708c9fecc6ca768a2fe56849ca2debc5bc88e53f36b23a2b61b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3401e615ebb1d2683353265dff6fdfd6
SHA1 2a9a17877826f5f6497532a6b5bf4211cc9f18d3
SHA256 3e98fc78019a258d0dd1a7bd4fa940229a4224ed30ad3c6634a93c716f8a706a
SHA512 38310350572d08056fc0b8efe2f7da4b3fc4a6f68d5d42d991aaa50b32a3f4f8c2c61cbc432eaf715a7c63ca0b3c960db8e0dce7c888f3976bfdfbb01cabc46a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e5be1718a7a9071614d1e277fe1af896
SHA1 a31767ff2455d9a7d1d39a54128625bc84b70b7e
SHA256 63d40c72ae53de60ddd5ac7053bdaa18cf37847d73afd3f20eec0ad6b4fa2198
SHA512 b7d989db27b6a189d8bcac9a465dd4ccb7872f461ca4d1f46654e3354f424b791febe267eab7a458f4d32b1ab01ed55ae10b9d73f28c4d2fea4595e08661330d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fab2d322c4c456efae787c6ff95ce2dd
SHA1 2efd94c06e1ed6d270ea76276ffe83bc3de9502d
SHA256 df39faf211e2726d63b6af666ca313308b5a3a8341dfafaebe0941cbd3ec9414
SHA512 64d0af8222b7a76ad2d8e90b8db2bbf70c2ea79bf5c308a2d0994f17893c70ec0fdb1e51b29fab12cb368adfe4c7382fe4df3a8931650ab2f59e1d2aa34d3177

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 580a27352899f64f705c96b068417f4c
SHA1 4953e1bd4bd3b59247b3cd0225d3942e5ab6dfa8
SHA256 8d846e44a1d085995a4bb598458eca112ef9f668e93e37f60a4d48911a53cbe6
SHA512 7bc619afaf4eec950f4667ffc931374d3e435578d3f6b858d7be4915860ef2f683264f19aae335c41e1aca427f5e7029c085631e4d090b5d63d26102f61348a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2c8e39c9f5e48bf19e4d5d1784dc862
SHA1 a5b359de9b3844ad86f630a6a0a2550613e35d92
SHA256 f6ef1b9c42ebf447413fbe8db08531ddf0d0783b65ee82865622923b1271bf3a
SHA512 0c2d8ac686f3d4fe36e2c071b001bef5e166a8e0c4e1e04345c8e776e5f4bcf8a0c887f5a816e7c6f46dc140336335db2719f1150da033bf5e8f15dd6e6a5936

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 c48d2568ea268c644ba23f35c5fbc2e1
SHA1 7b1261e4a411c7742ff97157c3b8de43f24a3b47
SHA256 d5cf5ac9699bb746e37039b16c6eb249a3f7c19d3d519b3fd76af014ade453dc
SHA512 a482fe6f46220a7a29b4fe6194794b59da60dddb181cec6bfb82b78010194a87a660cdb5ae774c54c7be2d431331a08c1f3b8bfb820e4427058994e5556ad4b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b4919ed2d29227c4aa75cacbe3c6a689
SHA1 4b93e65c11b01aedf921be1e5b87a82d7bae44fb
SHA256 73367fa5be9271843ba57e0ee560e8fce0a0db71df62d3dd8acc4da1ada75a63
SHA512 933d12a5fcbc7c5b1816690301df6ce7fd0019e390c23d50c61867ed4974d97c3e63c2ce7ba2bc9ffbae69f9028a34041920a001abeb10fed2ec3fda78b8e4fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4be864251aeeb37eae959116846458c
SHA1 9f5c33f319c76f7e5bbe6b0abafa44fe96846f26
SHA256 ef47d0d449542f05cddc5574a7644fd9fd9ea2c81e92827bb740c2fb430c9dfa
SHA512 620c28e563198538e5f9a65272dc10d491441657e5b8783ffece651bc8e501252d87fb039e21b55e7b5fc4bc62e73537ae044ded4c0e9e2f851710f16f7c11c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdbbf653131e545d0e1cd70dfd363e7e
SHA1 b3581827aef30c7b5c52636c06d90f6831e79b1a
SHA256 15bacca679b61b51dfba77ae3c99b0898944faf3bfe3d470e370016d652a313b
SHA512 3da3fc2f926b648c219c1fc8288bb2f4bbe270cffda310f08dd64a496135e3d41160c339b1000584e50103340df1a645972b3abcd1fe79f35e1d5f01cee5c152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4740a8bb20799edc4257fc1af6fa01e9
SHA1 9ac521b0d6cae8603924f7c1a738b14e10826586
SHA256 d8b54b9b6e6908669b99f9ccd2d6355d263baf0a71e2c34576a18fc2318de676
SHA512 63bfffe352dd1ef3332ec820a00bb0178d49f9e583ed5cda26258459a6a6cb347add030b759a7f2328d12c44650ff410aad496878ececd21d7fd07570683d4ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22295d39ba38f218bc6a966c5a5ca409
SHA1 02631ca79cc1814650294509ab77ede1fbb09b14
SHA256 2321bf908ae7eb127e91cec6aa76440b6ba6fda46a7e47fbaeb1e3b3c3f6fd32
SHA512 acd8845ac8fe037eea699abc68af1621a9c25ab5fb4cb7113651605f05f13041e768df536dea33eb1bf51c0c78892bb29686ea99ad21ea74692def5b1523966c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aec97716e812af94172cbe4999ac93ad
SHA1 8cc0e4da92b1c2d3f65e35b0c22369bd3f0cbc9c
SHA256 ee4d7418c94f590f7a9d169d493c76cc51bc94898b68683db6ce1ed9a1a2a369
SHA512 e42d00389307e1791b059ee64d8581301dabf8481099b1994b828d07c1bb3778e3f5ddfb53079e6af283b03ea85311fa5ee2f77f8e7c3a952e04fcddd06b6f96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ba76ea9f7c7e2d9ae2b958e49c74a118
SHA1 e735e23ded2feafe79a37af9500ca58be51f7bde
SHA256 c61ef43dba73c7c1bb39e90a7243e344d6de1d9f23ac751c7a8f5d0e116bf828
SHA512 d389a4a74161b1a5b65e9622232760d32c6108e09a7af473b28dc0eeac9dec9b6e24801c4cead340d626feffe5a6da0f6c002f276d62e4cf8356e555a37df8ad

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a8d3da8dd105d8ff9d74ccf1781f3d5a
SHA1 32e5683bc1a6f3578d74f6f7017b3255d2a291c2
SHA256 6072a87c5ac2177471c14541b4a670fd1d1f82ecee8aa4db51be3fcf28215271
SHA512 1065a472a84e69461bddcdc9f29bdc8a896dc1e356e49f5708f8ddd0b142ba18e0fd3ac4d947a255db1ad7b1a63379b03ab3dca03c0cffa4bc6114d3c5e8eddc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a1fdcd28cc4f336f041b837fd3f4cfe
SHA1 2b59094f22957f9001e18591e7fb5e4cb20d22b4
SHA256 809fb3e56132f7a6a4d83a585687bc356694ef5ab3b893affe0dda7af36cf7ef
SHA512 3c1a370da7bc62fe74e18701e9f8dbc4591ce94b2e8a882e3a9da848ac66d3b7cb2927a1d658d6d3996e304ccf0078003c3ec57cce85a3954f7a3f83aa991d6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 25065cb2af7e2695940b44e57299c085
SHA1 f9ad485c223b094bae9324f9fc9c656bc1e3439e
SHA256 3249cc601aff697489b62d831429dab485b675512420f58c275b4213e7e98ac0
SHA512 e99cfa8d2752b12d59de19644866e3b62db60069e6e3644e8b8cf96dd186a212301b89ab0d925fa2ccc97e1e94ccf7b892281bee2217f016ae3f66864d0fe28f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d7817544054e9027c020b9ac49c017c
SHA1 6052cad97694fee32a7cd872515fa60d1fc022f4
SHA256 dae8e30c759d0b20b38ead4f8ce2f50ded600367c85762b29e856091f17fd6b2
SHA512 03e46e1704c6131b357fa19b7e7fb26cfe308ccfc480083b7559675f4e3d1c21ed3cc2e38ceb693d64c8bfe09d44591a465dc36e8d62790cd4122752898e4588

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 230eee56269aa10929ae3fae60891693
SHA1 22d9903ffd7617327fe3e0765b9128fa51ec35af
SHA256 9f4f65e9eef79cccd807dbe5dcf932064c4c82cd851a117997e58341b16f71c0
SHA512 1ef37b0ab979764863dbf4b63b96d7a5ac5774335463a6eb09d9ef87f35d35cc219252cccd10b352d00fee881b6dcc108b10189a3099299d06b1162765a06cd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2aeba0381ed9f273a63440b45c395143
SHA1 709f0470cc220ee8ac447e0210f589b2ad31f93e
SHA256 7aa49f001e3d5d5cc93135a0697b0f1b700e6cd1eb60fcea4577d05d97db807d
SHA512 079510e455aec894192dc79d7385dd44b3f8d2b4a6001623f4c9d9af099e1b6e31c094a4b516314cfebc7f62beeab43a097c95c360da5d9f386bc95f5148dbd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffcdb7f703558c0b4d5a9d352fd2422a
SHA1 5f36bca0c9a2c8c7f2c4237d9e9a5dfff7284385
SHA256 edca775f95b898b49120a8cb57f2b7e1fa3798976f1f9ce924d36728a91375a3
SHA512 fad27ecde63d5337fddce3d69aa391af804ff74c39ad15a65a159e52599640e97e5a90a8488f5a69220f5cbcab0a0214b8192bb66729326f8c0ae0f267daab60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8e9966a3-7c37-4d0e-8c54-d4d57109b21b.tmp

MD5 dbcd3f02448eee26227370261337483f
SHA1 865ba9e12ff3d065a89d7a4da0175a40cb4b6287
SHA256 755c936ce2a89139fd86c997aca39186cc07c74e9fe1a34282c13144ecca8432
SHA512 0a913454ba221e59ce228a451ba0f86af06be0f84b1038852346a8697eebf7f7cfb294b096b81231c1f8b6818225aaf059e91d08cc348fcf2d9b895fc9bfce08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ca0437f7e8a01b93e76553df09f8f857
SHA1 8602ec06e2d5409b2ef83f6fcef75c83ccaefb43
SHA256 46e44dfa374c219376bec0746cedd3011ec0e3d70632117d25ae5a38d270f316
SHA512 b46af6183f08a3ee731a984c1c0408dbe94e3b994aeee22e1b0dc5c89cd3fc57f04238c02b087842cd827bee872f5458dee0eebfe71895b5ccf23ae1f6ab8aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7881304eef5bf2e7f77ffaf5710eeeed
SHA1 b06744350c75c6d33d658ea6c99a71498eea76f1
SHA256 c32efc6adb63c047ccb8690a8e0856f5f86bb5c50e375813a9705e0c1c11dc23
SHA512 b69ff19e61adadb709e163586389a4d9e142ccd40ca03b5cb52d4b49d66a56720f32cbbb669c89eff88dec0b3983f165250a09fec6ad5e30e13d422d4ab6ed5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c4cbe4bf46c50c71d3bdc9ceea6ea2fb
SHA1 111846ccb1d36e1cf2b71608c06ae24a907bba09
SHA256 18159aa59d45fce4fe00ec5d510c4224ce36d796fa0d4151ae1fd7963eb3d446
SHA512 abb1279a70e447387480dca7292d51286f847d147f7602dccf1fdd47685650bbeed0bc44f048d22e2b9aa1bed4a4886bd10f851e717a7ff024b7bb3874f44333

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e63db27265801b702e861d3ec894501
SHA1 9b30c4ea13100007770bb332d8c7db4114c2bf07
SHA256 8f3649cf68745af2edb0f4001ca511abd6adf379ec137ca2e7330a97a2270309
SHA512 fa2ddcee2daa294e49dcb6ae8a46da57622f19132443ae5ed18e426fc0e107d37bb952864ad8bf492ab1e734d8b5a380b70ef6e60e2401ecf763e63f0d897c74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 65c0955ddde3f58333956f5e0fc16b8c
SHA1 d39136657746dca031df761fa941657cb7c0b247
SHA256 37b8b5cd6d5f5b66243ae1582368ad9dc2ad49b48c71d57942375f07c712c4cb
SHA512 2aa42ce87c7659556a2c80251c4f832d1683beefdd947c6953e83ab6b85e2a4486b5962a35379a47d75548965dc12e6a12f0a6deba48dea38be58b4e548e62ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e5a12450c5366ec6f1b4debff7d56e1
SHA1 e887d17c8256538e7508b0316cc80e2dbe8d6dd4
SHA256 c335446462bea4f230806c5b37c4b2376d614ab1e3334041a7885a8a7994a3bf
SHA512 281a51d573280e57853376d2815490e12642c173b1a80f0a22b732942541dddeb372b315cef859a02099b8de943df621803dba625dee9c9f4f53ed88d550c00a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e7b1aea786fec7d6082df5370f9bf83a
SHA1 1a5772bddcf661b592661f98c78038434e7dcfe0
SHA256 982653d9e229ab64aa46baf1ce5868f601592ea645520f83304bb79002aa0a14
SHA512 d5b8399f8102725ee7ee213476e988a194506b019b116f86cb17321a27e13c9b79efc81e2d9a181436a1340f1fc52a8c2ff3f73a482aada25cd19b8bac65434f

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:07

Reported

2024-02-12 05:13

Platform

win10-20231220-en

Max time kernel

299s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521883043714291" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9607c07e715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 41fa307e715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b103f85715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0144293715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414527378" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = f0e9311e9e83da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1aa87f7e715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 01680799715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 4372 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 1620 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3432 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 168 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6076 wrote to memory of 6116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6076 wrote to memory of 6116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6104 wrote to memory of 5184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6104 wrote to memory of 5184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6124 wrote to memory of 692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 168 wrote to memory of 5224 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 5224 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 168 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5272 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe

"C:\Users\Admin\AppData\Local\Temp\e3ba572e7264fb83d87f0f0169da38d5d774f56562f13337e1ce164286fc0052.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd45099758,0x7ffd45099768,0x7ffd45099778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd45099758,0x7ffd45099768,0x7ffd45099778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd45099758,0x7ffd45099768,0x7ffd45099778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.0.2027252267\260191487" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f48eac-a088-4d54-8762-4537193936ae} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 1780 1aa9aaece58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.1.1239358721\454997870" -parentBuildID 20221007134813 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd72457-d759-4388-b088-05a73299a63e} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 2208 1aa9a5ee558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.3.1913209491\1168459658" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bb2a34a-45ae-45b5-823f-12f5eb567173} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 3480 1aa88362858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.2.2026523695\1990377337" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4278750c-54e3-4e4f-8293-0f24d45b7fa4} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 2988 1aa9e7f3058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1824,i,9195857780869633111,17031456048611714081,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4004 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1836,i,14255002726746820441,3985090203356826500,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1836,i,14255002726746820441,3985090203356826500,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1824,i,9195857780869633111,17031456048611714081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4836 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5108 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.4.940736419\656546267" -childID 3 -isForBrowser -prefsHandle 4536 -prefMapHandle 4624 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30f3c805-9a25-4d06-b3e8-8e9cdc514ea4} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 4628 1aaa0a99558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.5.1271056743\378662016" -childID 4 -isForBrowser -prefsHandle 4768 -prefMapHandle 4772 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16be8dd6-d308-4f4d-823c-aba4a18c0ff0} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 4544 1aa8835b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.6.1300798992\1220474225" -parentBuildID 20221007134813 -prefsHandle 5380 -prefMapHandle 5396 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64eab021-f1d2-4a89-9550-d8228194ae24} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 5388 1aaa0a9a158 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.7.1147060278\1240273954" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {927cf298-7179-4070-a391-b0474513f667} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 5416 1aaa0a9c258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.8.1881964378\953946022" -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5784 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43b7edd-2a22-455d-8bc5-40fbf36d5b94} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 5740 1aa9fd1d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.10.1028030950\28769098" -childID 7 -isForBrowser -prefsHandle 5908 -prefMapHandle 5736 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2aa2e7c-adf0-435c-8bb8-533e5a880667} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 6012 1aaa019a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.9.24023939\656599363" -childID 6 -isForBrowser -prefsHandle 5772 -prefMapHandle 4300 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {317c0890-3ecc-42de-86c7-40fdfa48d23b} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 5736 1aaa019a858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5232.11.1365623502\1887947179" -childID 8 -isForBrowser -prefsHandle 9372 -prefMapHandle 9376 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1044 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15455253-2181-4063-aa58-39b0a6ded996} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" 9384 1aaa18fb858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1800,i,7801627246021558476,10352464520326219528,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 m.facebook.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
N/A 127.0.0.1:50947 tcp
N/A 127.0.0.1:50965 tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr3---sn-q4flrne6.googlevideo.com udp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
US 173.194.191.232:443 rr3---sn-q4flrne6.googlevideo.com tcp
US 8.8.8.8:53 232.191.194.173.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 e2c58.gcp.gvt2.com udp
US 35.206.11.92:443 e2c58.gcp.gvt2.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 92.11.206.35.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 e2c74.gcp.gvt2.com udp
N/A 224.0.0.251:5353 udp
FR 34.1.15.89:443 e2c74.gcp.gvt2.com tcp
US 8.8.8.8:53 89.15.1.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp

Files

memory/4468-0-0x0000022366D20000-0x0000022366D30000-memory.dmp

memory/4468-16-0x0000022367500000-0x0000022367510000-memory.dmp

memory/4468-35-0x00000223660F0000-0x00000223660F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 71c2283db901aa9fbc999d454592b041
SHA1 6201902cbf00469f053a58c95364238ee028d8e5
SHA256 78f20a8a1b555a9a34aa340977bd87e1b72a898adaedc780c26516f1e2d0cd65
SHA512 fe24f00887225d81a7d39bf73b803aa97d70c0fe10d28801c84db3ed92c9e306e64e47ca60f6f3f87c981d7ac3d0d210da42a664d72d6cc182256c960ff37003

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ef48ea3cf734fa8e13020baf132c0f9a
SHA1 7873d9f6c00c3b12422e728d2d38be952266f485
SHA256 d31960e4d8e0ea88d740579303400da40bc9dbacf0849da665c2bba30f31a97b
SHA512 f0d2d14deb7e84dd2cc02f3a4d56978eadec1eafed889cca54ed2310a904bbc0401cb18b590bbadbfa1a7d3f9cbb5c80094df5e708d27f65bfbb0d745299b681

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1e9219c1d1a60a5382c2067c99ed25ea
SHA1 6b3fbb635e0d19f293f9cbd63ca6c03b72e0fac2
SHA256 0e0322b10cdc9e3b1d0edcbc48da368431bdeb42e2810b59580d6152439c26d2
SHA512 3bf1abc2ad247cbbac0cb56413fda7a9f03f5ec22c8d618479ef350738e9964795c994163b69c7078eabdf868b23548960193d0d95e021390e72ee94af313541

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 edecf9fba47693e844b74d46a6ba22de
SHA1 71d97686a260a47fadf5d96913562369b38ab41e
SHA256 a2504ba05edff84d11e50dadff5f4040fb681b71704321926dd86c7bbe0b41b6
SHA512 33821fe6dbd2efe2555e8d40a52e0fd6bd2d39cb91cab6589a9f2bb9f7515f8742e5d3078ca0b48e74b08875b3bd9c32b0f122bc9bb48ccb9c337dbd9616789b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a3ab29ca7a1f89c86dfba3d0bf2ca2b8
SHA1 57f6fe8e72f5f145ad5e22d41b403aa16a8bd4e6
SHA256 447e1da5d6309bd0c1a898859cc3764f1df7cb9ac48afa710b097d6ec67c0264
SHA512 dbfb484e74aee1b45911ab38373ecfc13210cc1acb24a5dcbfbe51b42dbdffee09934266e0c0303103b3c5f4d2ca42af0238a01a9d0d6116a0f80273ae1912a7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4S40CUWM.cookie

MD5 068eb2645c0c7e92e05e0c2bfab72efa
SHA1 9f63f99b9ea0c73130aa080cd5eeba419f395493
SHA256 58333ffd23f42aa5bdab04be816af415f46504c7713409386e7fb475b7a76077
SHA512 e14fbd76cefb051b4be2d03f3decb633fbb44d15fdaf0be146f9878c8ab8fd7bed4cabed6697e888e248d7f7712dc0b19825ed052ec682a9a9673f0002ce3eb2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A575Q0NN.cookie

MD5 6711bc69bbec99f1fd7703b9b32921b5
SHA1 8bd1e7d436db4987c6946ae30dd40159bdcdefc2
SHA256 07898a6119a1ab79ef74d3da1ffa7c51adc05917973d8229c2655a65f2031b94
SHA512 a53fc878787cfc30dc554129bf0c2acd88bd55a5ba103af2755eeeb35d8cb5320d10d59f6ebc5df843a4b67e44af1d6823cb1ce4fc7ecb5888dcb7bf34faf009

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BX8NBRDT.cookie

MD5 bafd76a195b07d00af4f077b130224d7
SHA1 fc61a6b31883cf626bfd4a61db072129a55b9d4e
SHA256 e6937cd18b336d0f5b35159907a3c242637428638822dfb49e5f533e35a2b15f
SHA512 5357e7296e12ce0ee5f51db2a734a261ec9c367f639cd8fb4e4f008fd0c15be0eb92e4e76f9a19ee65d0377c9992062682231ce16f70d04763e65b9145a7d022

memory/4400-155-0x000002D4461C0000-0x000002D4461E0000-memory.dmp

memory/4400-166-0x000002D445E40000-0x000002D445E60000-memory.dmp

memory/4372-211-0x000001DF3E020000-0x000001DF3E040000-memory.dmp

memory/4372-209-0x000001DF3DDD0000-0x000001DF3DDD2000-memory.dmp

memory/4372-213-0x000001DF3E070000-0x000001DF3E072000-memory.dmp

memory/4372-221-0x000001DF3E250000-0x000001DF3E252000-memory.dmp

memory/4372-226-0x000001DF3E2D0000-0x000001DF3E2D2000-memory.dmp

memory/4372-228-0x000001DF3ECE0000-0x000001DF3ECE2000-memory.dmp

memory/4372-237-0x000001DF3EFF0000-0x000001DF3EFF2000-memory.dmp

memory/4372-251-0x000001DF3F010000-0x000001DF3F012000-memory.dmp

memory/1620-254-0x0000024F2CDF0000-0x0000024F2CE10000-memory.dmp

memory/1620-263-0x0000024F2D360000-0x0000024F2D460000-memory.dmp

memory/4372-262-0x000001DF3F030000-0x000001DF3F032000-memory.dmp

memory/4372-272-0x000001DF3F050000-0x000001DF3F052000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d62a11f6ae81fe0bb45f5dde3c477e69
SHA1 a92463ff8f3a26db97e45a110aacf7e8620c006d
SHA256 3e2951c909ea9200a233d450c437b9e4b781005059aac60c1513a2d96f97977f
SHA512 f4ef8f6dad7957b0ecc32f46b10e05f554103867a1bc1fc133e83472e71b45f517e69feff1294310e3bfa30c61c6d0e95d733610629b2f81e0df1fbe844e7b99

memory/4372-330-0x000001DF40900000-0x000001DF40A00000-memory.dmp

memory/4372-340-0x000001DF3F900000-0x000001DF3FA00000-memory.dmp

memory/4372-370-0x000001DF42D80000-0x000001DF42DA0000-memory.dmp

memory/1620-348-0x000002502E100000-0x000002502E102000-memory.dmp

memory/4372-380-0x000001DF43240000-0x000001DF43260000-memory.dmp

memory/3416-386-0x000001C3B22E0000-0x000001C3B2300000-memory.dmp

memory/4372-384-0x000001DF43240000-0x000001DF43260000-memory.dmp

memory/1620-399-0x000002502E2C0000-0x000002502E2C2000-memory.dmp

memory/1620-415-0x000002502E2E0000-0x000002502E2E2000-memory.dmp

memory/4372-434-0x000001DF413C0000-0x000001DF414C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\EILZJVZ9\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/1620-470-0x000002502E2F0000-0x000002502E2F2000-memory.dmp

memory/3416-486-0x000001C3B4000000-0x000001C3B4100000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5e42aa9c691621c03ab65fa223dd9ea5
SHA1 1152858d7e5b736692500d560a8f9d39b4d4a73d
SHA256 1ee9ed967c9b2fa994eb113f9dcd056007617cde6e91744a0e7db968128670d7
SHA512 d00e19572b08265310e5861f157d8a4a9049d308384c17e10d665546e542f68daacce5316f674e733382658fa7ec93d37a4ddc6a55fd5ddb92c8cc220635f9f9

memory/4468-574-0x000002236D7D0000-0x000002236D7D1000-memory.dmp

memory/4468-583-0x000002236D7E0000-0x000002236D7E1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TZATEZDU\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\tt1pipg\imagestore.dat

MD5 b49bd0687b2aab440f155a92f5d33045
SHA1 6b6d52f2352cfac682caa7dca2c159d06f3e69fe
SHA256 27a5165841b64323ff1bad2a9d4b8eb00399236d0ab307219aaa1cde0ac78521
SHA512 10bbfaa9833322b5de8b35a1416a7b3b6a9d2921669f99310de4dcc275f8cceb2a5c6751157662e3ea5a982057787dae282c515fbb902c668637234589fb9354

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TZATEZDU\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JDX9H1QR.cookie

MD5 b82a49e5faa6f6317267f2edaef58ae3
SHA1 7ebeaf19466d3febf598f4497c06899c47b7d129
SHA256 e43166e1c7f684b079fb35c4773bfb9964ce47ab8538a75201455803125407ac
SHA512 840d84514ce3f306bd2b95be14dbb9877f306f31922329037f5f6059c776506f0f6ebb65392856dc67505dd9223a4bcd8ff043e0f2757b9fcf9da29ea83348a1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 a761f0c6f3b1db7d759fff7f8d8b39e7
SHA1 70cb77147d9875159f6a018951997ac6097e96c4
SHA256 b2646921efbeaf40eb366f975e7bf88046b3b7be09a87d4e600c0de57cb7a200
SHA512 b5874e7e3ad9598f69b327dcdec33189b84a90ff963ad8bc36c85a701d2b333ad25fe1f0e0bfc7da1fefc65cd6018995ec8b3c7b9d6e668e0c5778c4e02445c3

memory/3416-651-0x000001C3B23E0000-0x000001C3B23E2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\V3A319NQ\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z1Z1E04H.cookie

MD5 e144f1ff033e31c386eae2bdc83f41f3
SHA1 485688cbf1af55cf3f29a1c3ce9f1181c877be8f
SHA256 acb4f0eaf98f741f1581d864814d5aad1bd666b45ef0bb0e2e1ac488aa1b4525
SHA512 35910b84f9b9472d134a26bf58162643580b8e42ad59f48e363a02fa21af8a977f2aa11db3a4e7e907c7d35fc6f2b61da1559fac233b1799b9615decee3c34d1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PORTF42G\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PORTF42G\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XYL1AJQ5\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XYL1AJQ5\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e768abe1b6ea3146ae643778518cdcfa
SHA1 6818db60ed74ed62549291b36fc0b973ee0361c8
SHA256 70ab97efddda3b27a69d7a5678167e690f2c470afe4e03521ed4f15045ff18be
SHA512 674dbd0626cb7190c0b13af1932bcff2c884ed53773cec4fc29eea7a499cf7df4960735d94e5d7da8cccb7b5ea80138599f2c74f03ad8babb80e1d972d2d3ed0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W4G6HPUY\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W4G6HPUY\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W4G6HPUY\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XYL1AJQ5\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PORTF42G\desktop_polymer[1].js

MD5 f5bd4210c8b975e4994b3d0ec83a3ebd
SHA1 944fa1f1bc57a8b1afe2ac374b2a7dd5982e31f9
SHA256 35cb07492e001719daf4c1f395f414a8c1b49d4bf6642eeeb983512ddc58cffe
SHA512 d877f5f241e7c31297895633b8188922bc66721a436d3c87c6b8e4cee87468eea15c857714dbf862cdb16e7aa3caec2886b9dbedd600766ba74866df3b45de0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PORTF42G\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 0ec8b525ab99edd4dc3d624802636711
SHA1 fdbd9bbf4067a547e9dcbdba11c379f6bc273224
SHA256 4dccc5902502f636e9aa735ced7478d9c5565f6ba9c073a3d941828fdf4162ef
SHA512 62e2159cfdd6c1a87626823597229d45880d7c7194b3b39af0019db627764ce7e82f11f729edc7491e9c9ff781571d8e156ff291a60d6dc83d086043e1bb7f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\KFOlCnqEu92Fr1MmEU9vBg[1].woff2

MD5 08c655068d5dd3674b4f2eaacb470c03
SHA1 9430880adc2841ca12c163de1c1b3bf9f18c4375
SHA256 4fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e
SHA512 b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XYL1AJQ5\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XEULW7VA\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

\??\pipe\crashpad_6076_PHKBSCCYHHXAXKYT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6e59048570455a193dfa4d07f836abfa
SHA1 87c78571eec6eb8e19c19769760778ada39b748c
SHA256 300b07a54eb8eb3b4426c6f540567d0681c8af423db212f1e02fbd0b83e350ed
SHA512 501ccfa53a1f153e258a931a546b25c86e52a78760585f72eadfff0bb62ca67ebea3b104d20382077cac6d8e965832cea94cf4c7921cd778dc13c3f843ad9d6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

MD5 965c29adf97fa8149dff04d77c42b592
SHA1 bf5e91a26fea5348ff2db1c57cdc1db83c5e9779
SHA256 0670cc4200d525497190ec4eacc9c3e4704ed3625d7a19f2dc16141d508f1f15
SHA512 365ae0eeb86c97799ee2714f9ef6d37723cb2bd67c497270ec1f3ae60578a1230f79531804eb380f914de3321bb695e71529302d4d698755cb76ecd30ff5832e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e824add29be0f790a51d758ae4a6cf2
SHA1 0919ada471f8fe8ec28333bbca7f049b6bc78c80
SHA256 54059afb5030e7dcfb41f7838544e162af9291c8b4b58d77732375ecfdacfde9
SHA512 26eb90f056af5d3870c8a905bf1c2b5ca84948f9736670ceb2319ac42e8f4203ee8722ba3128fc6575137937349729e71db9ccc33d925e1a7b075dc796477782

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\f6fc9da4-916b-4873-9441-493f44a08b78

MD5 47c0326de3c88d296f7c943dc15dbf25
SHA1 5f4ab559d7d34832eee49a807c42181d6ed232e3
SHA256 feaa0255ed7c0df7e11c14fbad311f1c4cadc6f71a4a545a71ebdfb01d700bbc
SHA512 f0e540b7c90e1cd0980c26630629ca492e55de4ebdde8d5136c8d532efd24adcc0c8b4709a945e14ea45a1ff9315098ac4a55cad3aaecd2acfb16f514693a092

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\58fe9ac3-2f65-4001-91a7-586ff481d937

MD5 24327a3790ab96a148a5488e4d26a144
SHA1 cca21befed36b3aba514edc3b5c57a0467825395
SHA256 40171265d1b94a2ad00f22c6681b2e400661c1d3575e72fa7e2205ae5b93c962
SHA512 363820a72dcfa1c8773d9ae781c76a29131e5caefc179ac0a1ff662d1bd3e73d21eccfb552231e23b84f67d95546fea8b664258a3eb50db6eeb3eb3a81b2f5c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 ee67d64f38ef4ac736783760037c025b
SHA1 027f7229a8b4507043f938e09fa7975960cc9c11
SHA256 f13bdb21306eef0e9b8b510390546b6dceea9f8ff005b9f1ea0756a88da8a01b
SHA512 17119d92a60aac65dec699bae309389a113e382c4a08459d42ecf1a482e5779ba611b59f5a3e5553a41a57dd333f36b3ad1da4ccba3714452b929214cdc95fa2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 f3583ddaa47ddfd9a13b7a1f068d57e5
SHA1 85152defbf7098ca63180893601c9e0e095da6c0
SHA256 d840bf4ff381cc683f3263e7ec28f0ca5708d76ab4bd66750c0205ead1ec91c9
SHA512 229ea0bae31497e74ebe24c54d5d66625e53a7f6a56cbf46a060e49566a7097f22c8540312b24bce1c99b16d118bf772fe90c24c8b45271d779151d7736875b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 f979afb5dec5bde30a3188706a6b52f0
SHA1 f845f72a26c5a7ce1d876dc8f28186efb7f016ed
SHA256 d0771e661154a855625cd941a9b766b2aa41523c39a16bc96a4647625aae1399
SHA512 a033b3fef67316cea49341d029a810fbc9b247e0bc2bc8845b195ade5b1b4aec4c7d7ca3ea1f5602645a755f649aac2805943ab6f836ce7f25acf11b43603c03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 07db04401b056182f95857d5664d0637
SHA1 ba4781f578e27f02e6f016b665eb81017447068e
SHA256 7e578f032ee64887564600bb000f48c6fc3d754619d164b01a92dc3a7fe0d077
SHA512 0765b5218fc4a73caf939e9e185a1d0f90d7db6cc13d667cf95e5aaf9d1f1bdb16659388341e42e982ba28a61d72c534185139fe53aba60f9ff26deaee9ba2fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d3709c5ff0ecb721d491d2ae15cdac81
SHA1 afe946a9da3648f4deddf85d655741166dfdd43b
SHA256 f2c2a22f1889c328f3acd14a4bec18f4d930316c849b3ffebf232f0fe28a6609
SHA512 692fc3c0142f867504fb879db0cf3b4510963d8e1a509dc7157c0a71403da3aeedbadf6fb633adbace2df4fd39b8c5693b50adfdfc554c28edc09998e8989a19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 fc1bae0453016dd22fb4ebcb1c37f8ec
SHA1 46531d44cc9ef697d5ff84954d0e8e5a9dc75448
SHA256 79c3e84f531437984b558b4fa3575df922c8f88184e2b689776d204d4d3cea24
SHA512 3543cc126a5d186a41b7aa81642045f1946e555992b7c4adc2aea9e92f149cf1caff22489d7c7239ee1a0c93d3276d26e6ebc364e24b16e528090eab61ab4058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af29adc1fffab2f8ec4755f1bba0168c
SHA1 54da0bd2e980174295b6a85f78f289f82341cede
SHA256 7ed17d866538fb1f0210454c582c6467fd931fae683a031817e43ab5586bc268
SHA512 47be6243f6dfae3de196958434b939c572a4a0d3f3bd4cc4514af69e881694e889610f8cf88d52f60a411357e820066770990fbeec42a7c9dc70dfb930da75dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a9d8fb3ceadea069e364b995bf33f05
SHA1 095545316f169f359532b0bae3cde1c12b75faed
SHA256 4a08755784ce660070e590858f729d6d425db6b16842f6e193156be03e8c0705
SHA512 fc3f397e7c8478e6c3cc76a79f75dc0b614fcc97a42fe16f42227ec528e139b72accb37d40533385d95bb773f8fe6f9ebae3c8624fb71dd1e46db8f95fd713b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0616190b993768c673642a1072d9a132
SHA1 785c15452cbf2ce09fe1c80d244adb3b0a60c329
SHA256 baa2e1625ddce4f2754bef4ea9c81e37c169b4b970ddbd4451aea05135ba6fbb
SHA512 7e77397f1581efe9047bf779738b039c3d27943e799d930221b4a14ed942d4a94d132e9549466daaf9bf7a3e4dc9e762222635ee90b3a96668ca1164479f314a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\idb\976195807yCt7-%iCt7-%ree7s5pfo.sqlite

MD5 0a3c6215e0058bf18cfd680215dccf1c
SHA1 8e96cb0aff3649418f77c3bce7c68a28cf5b9b79
SHA256 59475dd405d42fa0f75dcad05b7b3d0e100a0669c8ce2ac1c0337c225bc25ad1
SHA512 ad2a2b7a5a408733d99f7952427ca314bfc7cd2b66653e0fc63fa6f4e3bc186bf919b7068d43aa2b88626a0dc74ac4a24f94b34225f53b663f514d8560ee6bd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir6076_1315421683\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\41\{f20fcfac-c547-4fe0-9bc0-66b0e2b66029}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 661d947fe66fb2d4d7433e41bb21836d
SHA1 411877927b85c3af77f073f611ea03163b1cd207
SHA256 641dfc2a0e470ce3e87c7a2a7b2862283ba7bd330a57a87f91c73ddf2f2c5251
SHA512 fa0ffe377d3fb3c010ec477839ae5e7a1eaabcde61f5b852d49a6ec718d0aaab7931963fff7064a8d71f229dd874837229a4656eea917244f6d94c9ec2122162

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 970dcc07365ad505c67207340e833e90
SHA1 ecbdceb1787a4b0d3e121384b339385da04e4237
SHA256 9119c7504972ad7fef17a6effd8a2f6e8d5a4f854c8179c6746636bbcf22e7b5
SHA512 0e2f5f5cc04c6ed6b4c32f7665d6cbe6be9b2b5a7a0fc3a3224b8bb1e97d96e5c7a7ee7b78f3f3c1c63b1e29527ae6fec337e4b26caec7e8ee4ad50d3faa54a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 952f7f8dfbe96726a9c18bad73537226
SHA1 57c9e06562f5eae059eea6f20bf3c660cf7af8e0
SHA256 7f81bde36a263f1fd08b399f277a0b41abf729d0cc50d1111425bf186fc7613d
SHA512 c21fd17a4cc95bf16527fc546b7de10962f2814d4d0a457579563b5bfb5058ade4bb2a4b9b4e169fd0009b4b4a0ad7fe3dfc5bcc8deda107c37ccca3704aa2c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5816b0.TMP

MD5 0e6ad24f97a5ef9509fb4c75e2ba7752
SHA1 dc7d79eeb393ed57b9f5e3549af96f4b5360ce2d
SHA256 3714bb1e2eefae1a15db7345df1b462f531750bc4e7a5583c8d4b3c4608c1291
SHA512 69d356871b143a7baa34131e05444b0575f6b2243bda3ce783dd4a9c43e0e256a7703f08ccbc94062cfa4d60c73e0bd6236e3a7e724fc0adf71f88756183a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0a14ab3ae4966c1e51962d24a977de3f
SHA1 6b7799abcf09991d254136c172b47a61b6948acf
SHA256 4ba3ddd638b1d24f433634707b06e191c5e69630b4747eb2b826ab1def45801d
SHA512 f976a49db0f756c5637b56c34e14c55b2706dcf473996415865d485608225fd0fe16cab2a3cada2a0258894832c18c33347249a507f434b25ee49983f880fcc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b2ec55a02522c309fe19888f6ed0ca48
SHA1 2c448e6da73c3afba37beabf8e17cfebd6374688
SHA256 864b51607486ecdeb53098772a89da36936158dc6c5b0b83cabd93daab204f10
SHA512 12ebf6989340b209035c93076badf644867660ca75106eca5eb9a4ea4d908cf20ba8f32103b3182b1f4a2047c76aa79eabd636c58052f1b83a5be2eccc2130f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\139\{af4e575e-9dac-41b1-9e3b-e605b41b868b}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{d8b65d4f-73ba-4c93-8f65-c5fae0caa8e6}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{2116ee75-96b3-4465-abc1-1c49b2075d32}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 daee70342d584f316bfc8966f229e61f
SHA1 69f33114ff87a25474313ac1efb52604076c4e14
SHA256 e89a078ad24754347b07593dc774c4ff83e8dab20f7e77a1bc11060ef10b1bdc
SHA512 5a83d48c7ed309f360ea515d84e0859263aecd6d8bea3c4eb2ed9ab98c59c4234399fa06b29a96fa9dfb8346dca735554f58838a58f16bfbeaf9e5777b469714

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 77f58eaa97cda84993473982ab03fa22
SHA1 e50960141faece988efa2e7c7c669c37727b2a0b
SHA256 3fca18a6fb7e098c100a87525799894873e56a97646cd0d144a43738a3b3203d
SHA512 e854b74f3286e750fc8ee9d782fc3ff5268fa4329f8727568bb60dc96a00dce8c4190603245e7a6209a9d09e16f2af27cd62e55aba7fc704b8dec1333045b97d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\218\{e63477d1-6d90-4b0f-953f-14c911da3cda}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\27\{6f63470b-2ad6-47c6-bd0b-1a0f9220411b}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\221\{bf6d8ba2-cdef-4afe-aee1-c3783678d3dd}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\187\{256f7c7d-faa4-43fb-a2f9-b29a490bfabb}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\0\{9304018f-c953-420f-9576-bfc4d2b06300}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{142018f4-b298-40ab-aed8-cee14ec6e806}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ef298af88f0194c3dd0635eaf10a060
SHA1 b27ff92a6df6c737a32a164ce510df37ed3cee23
SHA256 1e072eefe13435319d2485c466531ce7b78a838b9144991b32edb63828747026
SHA512 a789f0f136f329e89ee5d864f11eb0797f7219a8ce72b07465b16f3f94fc563cb4a418ba36137cfe70928a1d23188188d9a279d6397275c0183c6b029c4df18a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58654d.TMP

MD5 2d13431978ef2aac40e51c25bf86fb02
SHA1 ef16172d7212c129b32874c3c9345bf17abe33a8
SHA256 554f4f996ee88c8d471cce5af00cbb5ddbd729141371c2026799fc0b209c45b3
SHA512 ff1543d077e818f62c0663ea286e6c6b20dbd4924e0fcfd982783b539cf0c49ea276522a2a386d3d6b5787db772d59990501ab0751db8a32ecee7c720d7e0537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e7d1b55f23c5aae4696ff78b29944c1d
SHA1 00aee5ab197b71f23a664af3ff44a04f913751c6
SHA256 4b53b75c19ef0072312a38b1bc424df95155d270e01259590a8b9d9bb0be6be0
SHA512 72545adb044d99e5a1391a05b998658c8b5a64e2946443e152a088e9ca1e38e6da7290411aa1ea0945ae414d0fb2e7e7a681695154dd196255e9b1ce2e9434d9

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y6VOD6HE\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 4c5fec978788184d54f1a13d04a486a8
SHA1 0cece58e3c0dd1738939b2d5adaef6cdaec2c51b
SHA256 929e2b6d191d8c025a8f420f3d13828ca0de6065a873f3e904c7eee8c8ac1690
SHA512 e5cb2d2525c15aefb80af168afb0d1913f43036366fbc5d15e04e4f766a8509a6b91baab7423352b7fcafda3a248da53e81bba187de8019a68d7bdd3d5c8578b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 cd762aeeda4e0f76df84350c3534e9fd
SHA1 65aee698b628bd10aefa46bf04e332511ba32ace
SHA256 6708a17bcd29e3b8c590a1c7aec35dc28b643de8c84980a66a038874f7b9c9de
SHA512 d22a64f553c78aa9ac8ab713c61c40f155eae79ab16dbc4f760013cf4aa588a27084a05e04996e46eefe8dad649e0acbc17d55c923d0140c712770e61b55865f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 b74891e84f7cb3c6c0dcf1cfa5110e32
SHA1 d6c296166c794560b7d3e41f2790380b46393742
SHA256 7bb56b4a849fd385171124a91d8f60c259c6f05b4d2991e2f6156657357bf169
SHA512 8a6d39315e26c3b070b35a9d3651e26e65087a9c3ae7541087abbe9d683a700b130605e2a8d0b39d42daedae13ecbe35132e9d9573e1f366b20bc91692bdd2e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c6ed10c35e787b159df5e1b616f0b92d
SHA1 8e5e80eb7272d1b3fbdf4f89c51fa7283c9dbb6c
SHA256 9e427038f31a986a589ce35a150ecef4c64bfbd00beaf3a5709fd361d96c1d92
SHA512 a843ca1f4a03e374664be6ddcbe9fcf32c9d29964d655df2eb74223f0a8577cb658d3ce73ac5b3d130198f5a2d47d1a5cd7b3583eae8f59258c46a63d08e5c57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 adb3b345e97dc77747821090a6870cc1
SHA1 74276ae0acf4e966e28fc6c15b03fb18e12a78ed
SHA256 92b40716364c3f37679998db3ab747fcc02308e0d8ca200a80496526bc4ae608
SHA512 63404997017b382984765031b4c9e5e9d2e5ce89cf180968377a1ddad913c6cfcf344859e8e00a377fbdfb9af68c42ea0f22fba50a19c37b490340ce6d3169a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a0ca2ee82dca5d5d7da8e15696655e89
SHA1 6c09417b2d525c763673dd5af5c5a7da8aa1d114
SHA256 13cf0ce3b0f82f57bf4bc8de5ec991644b32b3d5ec4f5e311d40cec57dfe749b
SHA512 6af3f91b62c7bda3f1df08f0ec217d4bda6b6fc1d66bd8bd047b46e328992630439687a0ae6579bf7183edcfd161152e72d2a6a2df5d1f9b3060c6011a6d07e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 afbcd35bf0b9cbce01e29b01de3eb2d3
SHA1 2d2983e1b69251e783de52c91138ad4b4e14f803
SHA256 cb9fe8e3828f84e29f28596401ae6a5c52913f8059f497ef136cf0e43e6c1237
SHA512 365e3e94763fc53946e034884490280d093d756565741a0449f3f3aa8c12aed879f079242cb74b37ca5fa6c56d657d8b07d2a2d823255a0bb845c545e0c02fc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6320ab3aa048fe3d37063dff50ba0458
SHA1 ec598cbd8928b07581470b275ca76832cc201640
SHA256 fcbb80d1670ee19636f4c57d590db4c0fa8fd1d9b9bcc0192d74083afb1202a4
SHA512 b6686259c13d6d72a1461b0b8d92f339a5114de968baf5423e128e13297b6fd8bc7caef088bb6c56c8b415959ba05deb6c1224c77ddda8c1e7ac551a6759213f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ae5ec8bd271d05a6f19c2f98be8b990e
SHA1 83644c48bbb815ff99796e46b0da6d2d95b3f1ff
SHA256 db2822eb7ef10c5ace976bca686a30be1b6395e89ffd18b2b7a6a4c1fcf6ab1a
SHA512 ecfe1e5b9b8d890ef9c10f43e9c02b3afaac2d2193400fbd03b4e8f02448b5cabd80b9f4a0dfd125471bb6b94498842046e96736d6b06f9bac0cc7f49b980d1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f91fa49deed0ca5aa8855e0f1670a6a6
SHA1 1dde3a6c19488ae2ed22b248fc3c545b4edf12af
SHA256 7f10feea55bb068bb0b28b625bb4096daa162abdf5d529b578daa73bd60fe444
SHA512 9d17195dc052e4c56cf8be70aa855262968649f5d260179ea36601c9980c8c84c492e91001087966a2fbef0c940ab9c17652e5e73a77315caec8d715fb00c27b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0eb58d5f27528c9f1a0eedd31fc1e5cd
SHA1 fc4603595c139c71ab9ed00164a48e8a3dcecf09
SHA256 45525d14abe8f1e2564c9a5f438e1bb412edfa1c2762a565f414eb08dad05969
SHA512 82fe5a0cef675ce3dbf63886651794ee4c834961c112e03336749801b746ffd7b34b83f6437cadbb2dabf9e7f2ce914dad26b11e5425ead82f23ba5750be9018

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 310718e0d5d125dc87d840ad861cb382
SHA1 01227ed0ee0fb7e17e22ed9108c25e517f4044cc
SHA256 994d3809841495f44c679f6f66c42495393c6347172b820af3ef8653129609c0
SHA512 c4165abac05265c7cb822505c732d484222d48bafc24e0cc199e9b28ac2efca796813e43543431336960e4b9aa847849c1b2d227cceab846f5ade8140767557e