Malware Analysis Report

2024-11-16 15:54

Sample ID 240212-fsf4fach8w
Target e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0
SHA256 e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0

Threat Level: Known bad

The file e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:07

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:07

Reported

2024-02-12 05:13

Platform

win7-20231215-en

Max time kernel

57s

Max time network

284s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04ff29a715dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000006a14ce9c767f1685b3a5b34891923d27101c1c4a7ff39fd1bace5a2a6edf92b6000000000e8000000002000020000000763aefc7367bf55eb4fc27196fd8e5c7cd0a79ac89702d3e0877c4810ffe887d9000000098648b7620c25281ea87efcd73c6a99c79851cbc01cbceef7446476b85975c2a4ddbd723c28b12dd62f2ca74cef995856636791dcdaef818b38955bed78bb7286211946865e0e3784b57b0ca678d2618d8bb2bdc1144457fd5092e87539bfd0f1491e4b21c7830750996e2fdcdc323ada1e7561f91c0c970876e061c5eac656d3f59c0ac940c039c3659bd87ae7f11df400000001c2c41831e1bc5233adfc3fcb978f8664ac82e77c23cf0d879afd83c98675a1ed57ccedee8f27c498d282dd3b515ce258200a6874d7c1fd236496eafcdb78612 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C509B3A1-C964-11EE-BE60-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5077951-C964-11EE-BE60-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000003c568c063cb51f98c24218e9483dd18c0af73e21124f428940eb40893f4b6ec9000000000e8000000002000020000000d08df2dd6d3de00c8c1abfd73c942038dab70e4dd0d523edf5dc95f783729663200000004f4da447f797bdda53c47fbff1c0c172c45229480d67394a1240aa0a6acdae3b400000007d49a390e17bf24a1b7803570a2b3c2bcb80c01a48468d862619891d99671fb3ef2cf7ab93636a241c4c4bb6614e9cffa592272b0188ad88a29277011def7ff9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2548 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2548 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2736 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1932 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1932 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1932 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1932 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2548 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2476 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2476 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2476 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1740 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1740 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1740 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2548 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2548 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2548 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2548 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe

"C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.0.1206411585\1292472157" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e6eadf-27c2-4e92-931f-3562b4efa080} 436 "\\.\pipe\gecko-crash-server-pipe.436" 1320 46dcd58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.1.857818539\764076977" -parentBuildID 20221007134813 -prefsHandle 1560 -prefMapHandle 1556 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de0b1d68-4510-45ef-aab3-5ef653c3a815} 436 "\\.\pipe\gecko-crash-server-pipe.436" 1572 e6f558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1256,i,1852868670525715151,1292154505582221327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1292,i,525948993723303074,14295070434208454340,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1256,i,1852868670525715151,1292154505582221327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1292,i,525948993723303074,14295070434208454340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2700 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.2.1934112661\1119602178" -childID 1 -isForBrowser -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fa0b27e-8f55-4a36-a8d1-274d752112c2} 436 "\\.\pipe\gecko-crash-server-pipe.436" 2356 18bd4f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3524 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3184 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.3.2137577195\1449192504" -childID 2 -isForBrowser -prefsHandle 2828 -prefMapHandle 2824 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec78ae24-13ba-4748-b4d3-7835c79d56de} 436 "\\.\pipe\gecko-crash-server-pipe.436" 2836 1d33dc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1104 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.4.848813417\1464956228" -childID 3 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a5a0c1-f22f-4886-b827-f62cab45cca8} 436 "\\.\pipe\gecko-crash-server-pipe.436" 3840 1f6f0858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.5.197841766\1562382173" -childID 4 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e31bef1-6e4d-4db8-b5f5-5b769f3f394b} 436 "\\.\pipe\gecko-crash-server-pipe.436" 3860 201adc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.6.254016398\1631457747" -childID 5 -isForBrowser -prefsHandle 4180 -prefMapHandle 4120 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f217e7c-2159-4e8a-81db-49af0f152896} 436 "\\.\pipe\gecko-crash-server-pipe.436" 4168 214a7458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.7.1252083506\1212968322" -childID 6 -isForBrowser -prefsHandle 4276 -prefMapHandle 3736 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {621de1a6-0538-49cc-a1a9-3e48aba754b6} 436 "\\.\pipe\gecko-crash-server-pipe.436" 4388 1c037b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.8.2082119321\1881237068" -childID 7 -isForBrowser -prefsHandle 4440 -prefMapHandle 4432 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83b7b24b-a5c3-4f34-95a5-5200a759a254} 436 "\\.\pipe\gecko-crash-server-pipe.436" 4464 1c0c2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.9.529397067\1650133352" -childID 8 -isForBrowser -prefsHandle 4552 -prefMapHandle 4724 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b35fcc-3bb9-422c-87f7-efa1be3565ed} 436 "\\.\pipe\gecko-crash-server-pipe.436" 4624 1c0c2e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4124 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.10.422114616\70856577" -parentBuildID 20221007134813 -prefsHandle 2808 -prefMapHandle 4920 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d3facb-b71b-4e0b-9a51-c4ed8a5f0e8c} 436 "\\.\pipe\gecko-crash-server-pipe.436" 3320 22188258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.11.1920236993\742081409" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4776 -prefMapHandle 2808 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ec4721-e8cd-4b31-a205-cc3e11a36fb2} 436 "\\.\pipe\gecko-crash-server-pipe.436" 4764 1f6f2058 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="436.12.929828869\932101853" -childID 9 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b02b367-e5df-45fb-9d21-5b3879e67b6f} 436 "\\.\pipe\gecko-crash-server-pipe.436" 5220 224da858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1464,i,8378041093540096849,12805093890217565432,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.200.14:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
N/A 127.0.0.1:50191 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr2---sn-ntq7yney.googlevideo.com udp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
AU 74.125.109.167:443 rr2---sn-ntq7yney.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:50298 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.178.4:443 www.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp

Files

memory/2548-0-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5075241-C964-11EE-BE60-EAAD54D9E991}.dat

MD5 999926b46b417cfb3cc482bf9c2bcf5f
SHA1 3e8a856f24706b7b7623a5663513dca5c8831bf2
SHA256 33253abd599ecaed6b31af008e050f39dbd6a525305858a449ff955b44062efe
SHA512 4b5f54859802884f80fd353b3cdb5f45c1b12597257df0f4ce38c52fa32c688bdc3716b22ff8534db300a2e358abebecb0c6cad1af3132fe1f196090187e746e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5002E21-C964-11EE-BE60-EAAD54D9E991}.dat

MD5 e46ab6d5154d56ee01c6fc6c694e1c2f
SHA1 0de15da4012e2773a3336fc61f99f6cb7553414c
SHA256 a73657a1a28a4e2f153395fee076134ba444c50734f3f57768d03e375c86226b
SHA512 fa0be874b6aa4e7561e55147127d4107ed949a63361185081d88ee6889c287150f1a29334c33adb2ce9526961560af80bdbddb3bd71533a0105d0861df140f31

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5075241-C964-11EE-BE60-EAAD54D9E991}.dat

MD5 4fa315c90ececdbe1bab44f978a851f8
SHA1 f24456dc443dd615b95df50c9a342afadcd6efb9
SHA256 2fe364adf4d14255347a7d6acf4ab2e5c84dc207862dfbaacdffe960728d1866
SHA512 05bb881d46c8b7d7592b5ae5507c012bf4c82438e7d684a3499e6ea2ca37a2f9ef6c2690ade2b76103c24682ed76e367c7334498bdcb3aa03a5bb8ac18be6cd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5002E21-C964-11EE-BE60-EAAD54D9E991}.dat

MD5 7040a9752115b435201e4da5c5b5ffb0
SHA1 a77b6c99d0d6c767b293ec533585c813a622e94e
SHA256 66b68ad1e4681daf27a730ed6a93f8f4a5fa031157ffbdf062a9372001c852b2
SHA512 2bafe42468f4112785f7796f2c6ba34d4b6266cdcb921aa684063db8c6f582aee3c96d36825c6f933a97c25b9321b328764e67570750ee5f70d7aca8739115af

C:\Users\Admin\AppData\Local\Temp\Cab39E7.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f8083283c0ff6d6b158fcb1a668ce49
SHA1 906cdeb91bd50dbefd0478a696522961aea89a70
SHA256 8900cf647bf6e195b429da3dd181e8d34aa0d333fc4c645118ab496490eebc80
SHA512 cd241e0e6d02a144c5efdefd226312ab697015f8e9a53d4683fb5cf22ebbf771ab52c7e600d248a7e1639bd6ed05c4f423770d67dd4364c3c48a0af1a8595ebd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6ffa2e48e57431a790f19bf984ecc8fe
SHA1 bcd2f524e21209922ecaae0633da7b456036677c
SHA256 fca22a13360e8c8e35a97836b115637fdbf52eb4c3aca7edfacb4cea3259accd
SHA512 04698724efafe7ec37249a17381219f9d05e61763e048e63d06e0d42bdd969871d04500180f16ddcca60decbdc030f1ac233e11171ca529974d7bb00a25c2d42

C:\Users\Admin\AppData\Local\Temp\Tar3A91.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 71ae54e638d90bb900e726c50e673536
SHA1 dd3f0ddc106036845e378f916bffa0837935bd1b
SHA256 469625e4977eeb3bafa8cd4ab692670bd35ea4236b7592941772b3adc915c425
SHA512 12f736e40f2139e85783ac9f2af5f506286217f3605e15a17fc89eb03517aa333f5ba1e799b0dacb31b0a3538815d5a747173f13e684d2446881fe2eabb0bff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 073e729d419e4aba660e001972c42668
SHA1 ba9984f0faf8404acc29e05ad8f1a3ff46bb720a
SHA256 e0d058ecccb0c971e861d625e555aa918cfd8f09b57f9a88fe94fc99d824dd5e
SHA512 f343f7d91254c989003d908b6c75dd7ad06ce358c46040cb99d515172e2dd44767b2386f775ef9132fd016d532a7f63965271e5e0c1f9a4bc18777ae0d5087a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 670b5baf2b190964f53532fb4e4219ea
SHA1 0d8c8a85b635474781cc31cc4b846c41255fec34
SHA256 cdd4d0dd003dc8925c3ede965cd9974dccf1b0a780fa30f0b35a5a93c69cee7e
SHA512 e8ddf7cfdc788de7ef84d1dd6b35aefceae56430de6319f460a8f5a4f8722d526c4a83773de864522882eb6047350ffd01647c4881f7bf51b2fe348a880c0c73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3adacb6c9b7b79569318cd648afe4507
SHA1 39fdfc3b29cb8f189523ec3f0eebc842751f78d0
SHA256 0ec446514c9c7249ff36248ab5c2d9b539e9b77f6b0f92637fb5a816bf32a0c7
SHA512 23266d58503900244ff81fa4ff5324f2730a2511f71d611c14d6ba383f39f66878cddd7c21f635b793e5a761e5f9e82806b55463505e064267dd076b0f4ac82a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b08753dd528f9a57e9ee4d9833ee5014
SHA1 ed55b2ef41bef9662643b03b5ec271379c5336cb
SHA256 8fab4bef85529a99a867366f21e924cd208afd8cccde1c510fb15bf503e0e075
SHA512 4c1af29a5b2b1b6a9ee85c63a7eab041e35d87c153771c1ee15f4e7274497f7d222e44d57db6dabd146cfad4c9b68d50d30ae4feaee5490e2878133aa5f9d615

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6008dbecc5c9372f4eeecf0b3db0d859
SHA1 baadf79d62b9738efbc62fd109b1a5a690844c9b
SHA256 64f1e7777859a2809aac1a496ec8381c08939206f20f638377d9f243e5e5c769
SHA512 df4f1663c5932fe68539e6a67fe1d1287d02f43ea311532b951e90ea8945db5c99dfc16fd7fb417ee24411b6f83e4012e4935cd5cd56e704fac1d7ddee956036

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20dc022ca48afad84d360f8cc18fcd05
SHA1 3f2af1f10cde0dca21e7fd293bb759237bebb4d9
SHA256 46b9f4ffa71a873086e0e5f49025f777e5dc045d3b6c19109a9d27b1b553cf23
SHA512 5b49ada5258a7f0b06c5d61ccf15d20c2d8207a633eea3b8966bcfb20ccb37290ede088d965fed493ca8a3997441e34f843d8d302ae786c57a9e06877b7006d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ae86984c19c83cd82dabb7b8fbf1aa2f
SHA1 81c3c0f2cf111060976a152e577d010feebe316f
SHA256 33957d8a8f4f4b2d2cb26070084c71c73bef23549574642dbdcf9d2d7edb92ae
SHA512 f6e085fa559162540deff5a9d5376297c4cc0450ca5d847a9dc7303b011d89c1488822151b6a3191210cf99bf084c02b1583c48808f463bf8cced648244a93b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 81635efdf80d4570dbfc22bd445ae5e3
SHA1 e68f8447a1b6e561cc8ee7a8e57f71170efb0500
SHA256 de067f3091fff032d1075117620ffb34b75a992989531c806417f74ee90ffae6
SHA512 1c82de1bc02ec25feb83cae693cd861ee558e6e2dce353f628f370b0f2335d0c22e41854aee42205698875c3e718fcc58cdb9ba7f64c0c6cb2c963706ef84226

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 30f803115b3f317c1343e2abfaa23e27
SHA1 b36438b9451b51f0601990ef4cec1d7354deb7a2
SHA256 9da5159f3c34c5b44463052a43c2e81381c7acac1d7ae91bd914b3939e62d10a
SHA512 b3773c0c52e94c9a18d10fc8ef98df57011bed13994de6f669c8b596bb02383b1525a06e6c3275b111055abbdf96706aceb7b77aff0e7e9264a2b0b4af9e2e34

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 347fab65b7d16167b11e0804f5405407
SHA1 122efbbf11f6eab435613745398894767736dc5e
SHA256 74df8c932fe2a5503abc6f6efd4a3348328dd80b2fe98e55ab07e99eed3be666
SHA512 5e9f89c9101418728620421680b6cc74b9ca134a3a27af776264abf2152ba3a059514fedc926e84502514dbc76fe80a1b849002feedc4fe8efc9fdf639294907

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\A5XKN44T\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZP45L1YX.txt

MD5 4ed2638f580a8edb52db0f7982cda1b3
SHA1 ab9fa6a6795895d697b1a35e346459a7e751ffd0
SHA256 bca3ba8480435670638190d08132b588e315c6722983dd643d84f627fdd29311
SHA512 cc68899187f9f299c8a29057bf3f101d2f85264e8df64c5a54bb7ae05aa8848136af46eab1f4f0c93e3eaaa3d27061ef2d91f18d4ed2f25db9cedf866635b7bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 1cd8aa8f4d31d13f0d88528177fd6ba2
SHA1 9e5fc8fe96f2d71824f85ca446b311c7331044ac
SHA256 ee5969009270181d1a5ebbedb621b40a6eccf4d8664e154d15ef4765716940fe
SHA512 d996b5af7dd58ffbbf9d2d0744effb8f85fc36c61d96dbf943844e3e383407916066ee69468c81844522c0877c3e606e4cedbdddf9affdf9a6c5a53d458cf9b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 0e2d8e4be64baf16454f2f68bc355c48
SHA1 f9cbb84a31337dab5e0f59f9103a2fdb3cefb454
SHA256 8814f6a7a22a9b3211f95c2c0d769a7ccd8694398306401f1c9cb3b5791b0b18
SHA512 0d219231efc7bb9498af7a094b305f5b71ebe32de87b35d20b543eff255da7c7bb909a346620031191e5034e6101449f00a529319f3231576430d1d2f3feea65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fe82c8f1037fac648e17ef917f97afb
SHA1 34666bbeec4f980a0a74e8d49e312b755054c49c
SHA256 072dd8539e0285bd39770d23e7a499a69ee15f3c0ae35c9f5e40632c081609fe
SHA512 7a3e006c627c3a00ff24bf63aad82fde87b36ccc8085187b3025babefb87aa7b9fa21dc269b3ffc1e4a908c08024fae96de35d3934c714bde3e7233f738ebd93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2b0cc9f4840a2ad3b36063d3690f154
SHA1 84b24c793d41cbaeede76abfacda366c5e1aa729
SHA256 e940174a8b12ba6799bfae45e3cf1d93cbb50c528ee771d3e21d182609baedca
SHA512 ee8f7b75f4b8caff2819f1581ffae4fc39c795c2a5c3d173b873a0829be68a637a64c1aae797d4af67e0a89ea462d05269ef2b23a73e051d0372b1d310b2b1c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ad802a104f2ce1dac8fb08cde940c81
SHA1 7179d87f447081e8a2e631692458a6141dc3bc66
SHA256 ce0dadb1c932d8664aa78ddc01235b9349f9ad869395a27cda1ec48a9e0697d7
SHA512 2d6b4f0c4a937ad2aeafc145a6ac791d5916dea005bf6fba72d3a53ab6c7be44015fd43843738c1017822249a49aa74151fdbae0a1fa2e5491e203ebe4896c8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac89350c93a299d0f9b4728f74161971
SHA1 57b9475ed84714a197511cf6fe3452754e6191f9
SHA256 0db6ee2b861fe327edf939477a9877ed00589542d7cb4a22a6a6c6054141cfa9
SHA512 6a5ce8389e6eb1f73314b56329ba798dd19b1a20985d667df3dd4e54c340e6a034a3525cc2b7134ab1a05005262da5df9bb1d78cbba4d772cddb3eaddcf4f936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52733ecf3253fa0c8164f62bef07d0b
SHA1 014aa26b88320e2f983ed41e634ab075c30c1a25
SHA256 4e0db8a19c90d0404ef462d44ea94baa830e6c931cb25dd5bc725c5e25185004
SHA512 cb483519cbec3edd2a5bce780699d463df84ee95d43318a1fb16201a51b5911ccd451b72a65939749c3f1adab54779b9cea3e77c83fbe121f2cd13478bed5b7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de2d680b258e78aec40c50adac27fdba
SHA1 3978e2472ec7490ca0b9ec288f9a89863f09df7f
SHA256 7dd6ce15bcf28b624bf7065efaa6b616e3d49edf7c4b9fa947c69066849040e6
SHA512 ba5e599271a618b1e109994a235b99574dfa9e261b76d14c809cd05459110acf518e09a1662012fc5056d923bdf085e640bba6204d12584e25346eb1132307d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef6cb0bb0313d7f08c66a7660c28a35
SHA1 54c89e58b097f6f9548a018930bf01b47f0af1ac
SHA256 9f8e5bd0416ca499061843e2afc6964820da9c68b82acf65d6c5f83aef553428
SHA512 ce73239e749b477a9d372c89fc5b7a133e675579d472727dfa89a2104b88ecc07d41a9dbfbc8a63b04b84e6010fa0f33cb0af749fab1f30c44f33d34736382fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 f3e04ea2e7e6f328cb3ec9481a3bacc1
SHA1 4abee165489f0279d3e14117b05a919e56b61164
SHA256 d91596ea69c8e5b11b88f6f1eb194027f3a7f4fe5bcce831a9cfa7d82a83cbf2
SHA512 113e060fb834698312f59ee185686ab359ec93f04bf6fcc7ce2b1aab6979f44bde9041b34a38a9a511def25215c3bc71e793439c0c1fbbf2f439be01517f8c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59b2db9b81b95327a5f2102b3f490d51
SHA1 98082389e9a37def46b219fb57da4b79ee76b33c
SHA256 167da5fb4f3277e5beffa3fd3ee9b4a1ef7bd3f26a0b3a16dd35a69bc7f633c1
SHA512 95b12a5563333cf59624d70d571581d657fd3eed208866660d5e22368737844d10125aa3fd165560aa6b949b56cb8a9b1110390c0df91497823dcf49eee5adb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6295a705073239001113bdd795e9ce6
SHA1 a8c35ad216acd582e16df8ba883da1f1a7ea43fb
SHA256 98ed89b24aaa51242885ac2a1b97445abee51a111b2e293a18c9fb74cee34c43
SHA512 4c2e4aa845e510837d0198778beb915783b711353d2581e9b4427333d80bea3f2309dd1414a09da25508f4dbb1f75540c9a3c28c752c5afaf3ad9dfa1e4136f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e109fd3f57539876b9814458d49cbe4
SHA1 f23c7ea557c25f767483da01e93b82f5099d5334
SHA256 a80b3035b9b2c004b3a78f3c6f05d1b4abc94bef0e920199ea7ab05d16ed18a7
SHA512 fe96bf398b41a9f6903095914d2156378e8f4d0b243a0905b5772e9ed8c97069fc3cf20a16d6442a5613c17d3a4aff5497a0ca5ef6690d12042478e294c0c1d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ff684cd3d1d94c2fb6b46100f307d8
SHA1 132f5fb5a6dcae572dbd0ff97eb367dbbb9c87b5
SHA256 c872f03f360cd719310fd2303105d47b8ab815561280819e5fd03241e8029959
SHA512 419b717a78bfa29fc5f8d45515e1c50cbb2afb8702b5b152c9833c63b25f951a70eb0f2c7b32d6ea1ca747175753e853d62629ef51eddf91ea59072f6e8a0cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2476_UYYHXERSSSWWDFMM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/2548-929-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 552227ae0fb31fe5363d947347f86d5c
SHA1 aaaf487c10eb709f7eb325aa293a9004c10c28e1
SHA256 e70f6eaa2d6a2d851da11fda27d8e8b72adb68e0672b7f50a61af6f9d889f2e8
SHA512 cd3ee4ca27db703daa5062e6b344ee3d96a2fab354b0cad138aaa42c456f72da572bff9fc538224c42ad5f744aeaa3e46a2ee20b68af1aa38d67e5e0ddb5ced7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 38a16ca55c828d4c65a33cd1bc3d43a6
SHA1 2a2a88ab18c27bd796ff5df49701b172af317fca
SHA256 a537634582190d1cc19b24d85e4126495ef665ce625f98ce14aac4fa872b68f5
SHA512 54cea50eb95b149f17bfff8789919abd743620627037814ca30c2aca2314ec9b20de7654818e98c891d587a182c87ff28facd58240b360fe45b02367299c2317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 88b48eb5331290e8b74315b7fcaff5b1
SHA1 7691385f0fa34c127a5daf23316dff75432cefab
SHA256 11e6df0f66f1ea00edd7410a954b5e7424a5ba2ba361467361eaf537c20ccbd2
SHA512 58353f78a2e55ed3c0e7707c3fda4453023da18a70f2146ef5bf04f96c241c6bd106c437f76ce3ab5b90341e134beae474baff0087cbbe3a84c9d92ac3b18341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 74407533a865e799b0dd0ab6bd4dc779
SHA1 a2df9a7d6f5713c2680d38bad9486b72ab34fd41
SHA256 dd279984444847a5655308ebd12f1d3767ad9c21dabc8a1ffe9e780d92f71d59
SHA512 8ca4eac6197bb58bd1a7c9e65f6dcbd1bdce0dbba3af84582aa72a88c71e493309c057e7560b1f84030333db63c2cb61972856866416c92232679cc75741923e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 f2f3bd8035f8ccc6da72eb002081dfcd
SHA1 0d5fabf01e41c6290ecee3f6fe9520e7946b6312
SHA256 b9a775516005ea4a63061a06dd78c1f2f904e10c6df286a322df63808ca81dba
SHA512 4a80825c9f89a428b0dea7497ed7a22fc1bbdb55506662261b8c388faf1de11070bc55e4580f3f9ac5885cda6a1e2857824f28e4f7a14e9c8c8650f575300365

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\35117fb1-4706-4631-839a-9569d7c3c8d0.tmp

MD5 4e58485c1a1a5090ea28a2b4413538e0
SHA1 d6536ff16410a7e9621375497abf63512da03c87
SHA256 9720dbc236a3ea1faaa46e382089991048bbd32b0857528d461ffea4904f8ac2
SHA512 65e010febc056db125bfcd724b0bfa53ac47397e3b193989d31457a28dcee4389612fa34642fc2a430c1294de3fd49f3435b84e4a1e5984863cef072bf4db104

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

MD5 556b7258e511d3374e36234ed9d13038
SHA1 112b29b04955e528817e4680da553d6a5eec2703
SHA256 7c53574240e2592533aa9f9dfd731cc58df5c25bf0351081f70aa165e1b42281
SHA512 dc9ef3992e2efa1da5ba96ddcbbd6de3c8fe490f54d696b70df40fb4f91e9f746cd4a162d6041533017cddf902c5a70e15e95cf6a6c5584d7fd1bf0ab77046f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\dd426c0b-5d12-4325-8b41-5ae6264f4820

MD5 656b6c949ae830890104601bb8f1f5f0
SHA1 87396e5038dbbb83e9d0a93ba68419c330d37c22
SHA256 3279df340e5a51cff1da3afe848952ffbab9eaee7928049831bb854a7e89603c
SHA512 0c49661214ca8e757bbdb121eda38779e80826e0b02f0014518c2b1bd2788b36a8a474cd65944ab8cfdd6f4b76a44dac4ffd7a608837f61b43cf168520f65351

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\5de9698c-721d-439e-a9fc-fada3c2955b9

MD5 3c8787440276c677877088978379ed22
SHA1 860b18636d4969b2efd919e77b33be13a0807aa2
SHA256 f4ec7d55d03262097a40d68e75b65017b3a5585f1847b7961342dd45b3e326c8
SHA512 4e08b353c67c93c54b6d6578d730a1ab43cb0f87250bcd5d1fc95a30920f0cd461607bb0550f39c4b3003308be81d3516365c1a18b1163e79079a18d44654f0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1a3730d2c03dc5dd6ca328fd31ffae25
SHA1 ea5ee0830758e5e374b9b6f4ea53c70e988fd1df
SHA256 012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579
SHA512 2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 7368469776be0a09161e11002451d6f4
SHA1 1de9aea2f8d2acaff678d7c8360145f472fbed68
SHA256 9fd8e268dcc84a4c471db0d20c646980e1cfe3f3702433866c5ca0535ed1fdf8
SHA512 1314d7174e131c00050d07ad99c7e502beb7fdb65eb0671d50ec5e01e3aee860a777342cd9f1ed436ef518f56d3e2941a3eec7a3f55da01bcf8f2b3d8330addb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs.js

MD5 6f7ed0d73da022f736912009a6bab7f5
SHA1 25e4c72d59715b7de1f8082cc00fff46168dfe4b
SHA256 2fd468088445dbefe49b335b0f5f7dd343ba4d968b66616a24cb35689a9efaaf
SHA512 122669bc25cd7c926243d1f54e930c5a13e9aaf081edeb3508b8d81059032596a68f11f7e0cbc29058b715665579a10933068a7fbf324a88f555427055de7976

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4a27f122068c39fbfaca667c9017c6ef
SHA1 fb2f588ea961ce9d986c1786be89e18134ca8e0d
SHA256 d58abd25ef98a12ce453c3cc4562f8215f65bd3e47c37043a3d33e4226b78c64
SHA512 7b1d15b36f2e13fd121bcbbf0500f3253e36e81a782ee3ff4cface4afabb8f23483adc825d914ab6e844219c712a147aab7a7539c292859721770475506df57a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 fa5950b994984d43a054dd734a6904d9
SHA1 81fafe7bbe3eeff3e474b6b96299c958fbf95dbe
SHA256 0c75801f50a88a594e1e0d9d636bc3655de46349108ecf702874f43553fea368
SHA512 77308754f522de191a00635420858348b2a05d74bec344bae59f1bfee916efd992633e027030ffd2937e231c859391c69a711738a68421a7e572bef56954c960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76bfc6.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 f6184bafee4be4e0179664a6696289bd
SHA1 5132c2d40587621f20faedd954aba04db32dacec
SHA256 c2c037e92cce291e16693a597a77733b8e2121a02b4394ea9326654d1d76a83f
SHA512 d1fdf95816dae49ff7178f68f92c3e94aec5b6d0e96f300f1763262674e888b4b83950f051471cd41c7974d4c7100e9439be13ddc057a0605da86f88c3f68d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 8dba1030059c0a051491a85bccad695e
SHA1 1c19373c7dc5c388b26884b9146095e44070bea9
SHA256 5de42bda76cb9cc03487866621cb78532ca595b367489a8f9b392ed0812f0ddf
SHA512 26ed74980321134cfe68c3eec3232d3f01b162d5f1b074ce669a966b453c5885775015cd41a6a89fed9179c67ac9dd644c6b263da0231bdcb61a5708632f60f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 e2175cc2ba741482e8db4223ac827364
SHA1 2a400f429045f34db9f6136c4403592105ff0531
SHA256 0844dc81e0e09409c6d04c2b2c5c5198398d977630593a0150ad2a1fa442f8ab
SHA512 ffa838cca12287e132584832ab96af96bf086a4b35c31ba1e70bc4696cf4528b9819adc3b949c3dad77ac09a211e8d0cb867870019496b34b30f5139390d1fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 37b2b9351ea1c79f0d5737a9b98b34ff
SHA1 9243b9ee25def9dc3f4c90c331e14e94d1b19f19
SHA256 49a2cc85719543d6a8407222f98ca2d9d2da43ac715867dda626ae54912f9657
SHA512 433d59f5ca1d098ff5433c133e2d5e316021c03cbf403779e4d7364a392a60f76cb09f1e67191d0f3bd995fc096225a5b391d1678d74b7c7f022845f9c089b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 acaf28b25b9d6a856d98c5345ae3c8c3
SHA1 3ae228befd17fc26fb2be50d7067e08d57f6ac75
SHA256 6e0c5588662dbf491309d67a73912bde1af6f42c55336b6dcb66b46ec4f2516e
SHA512 08ebc645d4e798e98bf91424ccabcd6f73d3fea7ecb585314ce668090c6afb2a023aff1eb991efcf6c010b6ed9d34ec3062948a138aac59b27e7b68dd3961909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 604ad7b8c2dd6eda7f4d7cebfaddab1d
SHA1 941f309696865d40bd73cc78634c0090f6b0ad0d
SHA256 10cf752fcd89c3964a89ac458ee6c92fa3aa07c429568ebfb53dfcc844038153
SHA512 b7e5168a9f283ed459704188978f9a11b8979894afe9348aabd3e8e99e9e290d7c15be770292d3adc474d5558b991f3ce07ced0eedda025f87ff0db55cfc5606

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\189\{5e844251-fdb9-4d24-8195-6d380346b5bd}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\idb\3254975189yCt7-%iCt7-%rcebsap8o.sqlite

MD5 4f08547056ef5f5bb1ee39a83ef224a1
SHA1 fc973ece8291bf9308fc6a9e9c2b93e975c58de9
SHA256 25ed7f55ff45bb3c8d88a68e2201fc7fa754ce84e401d64de16ad53999be11f4
SHA512 84884b1c67644f523bbef83120f685458976752f723533737457586fef8ee9e667ba98951d19f2c80e46ca420959b981c3baa5dbb22d16743d089c03a4f4e963

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 dd65ebc1b591bb62536e8d867b56d9f1
SHA1 548a24477e74b752b4bb88679592ee0b7c8c0381
SHA256 68ae8de567d87e42afc91589f32b4dcfa96ae58270c08b0b073f6c0405192b6e
SHA512 3521fcd9f7a38f549d2e5a5e372aea582db999e22cef14b00f72fa82218fda27cd1b69dc669d6075e93830153f3084a93c77612e9b52305852b21e7b950e26ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d054535c-71a6-4bf2-bb98-0f30556c0d52.tmp

MD5 95379cc6957c217289c1e337c8fed29a
SHA1 79c691392c77d211850367ec460ae179e4faec64
SHA256 e9f74dc91556919f7a0248bd79532e6ee678c5a564f2a934143a50cf5dce98f2
SHA512 43c6f4ff9aabe4b5826cb53d877d3e3c8c7b37eb69e8f4ca4e7d332c46863c4d167aeae5b0292889fe33a330b1498e54f606984cecadc3187ad0bcae5807fb4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{99b8b76d-d17a-4ca0-8e3c-854108808c79}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 a13bcfcf872a4c3fb3476648f4c50ab8
SHA1 933b288bd3315175a0d4f787d09d164f8c040eb9
SHA256 d88355b25b4ed27bd5143f0e001d6232f409bbff51e6c05354f3b0bbb735ea0a
SHA512 57a4a97ad4570b1f7c36785f44b1fad22a4d220d57bd9cfa726b9dd71a2adab61e3af892cfc8bc0b8fd6108b3c68706395522e8e423caaf6e696a0186b78303c

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b067dd67a6b37142dbe5a712a3a44ef6
SHA1 454bff73d2ea884bff95f6ee7fdf1489a42e27d0
SHA256 6c97b6748fcfdded1cc8cfd37eab49eb406e4281a3e7544b702564eaf32faaa1
SHA512 37fc7121f2d9ac4bfbf14153e61396c32e52c458d3614af23091d7ecb541520ca427074a1c602e28b8b4cd9ce9d1f4452c4c9aa555ebf61167bfd387d21f7204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6425ef7097ddc07027752dc17502e9af
SHA1 ffb1200a85bde3b84a6ebfdb904b3eadf33eb37d
SHA256 c8d3cbcfaa2b10eff554bf8bf7a3ef820a6b4bdd0b1531cf0c2de7d0510be612
SHA512 cb0461c29077ac3af8ead20e81e669ec14c618682df4c62953373a57fbf91d2bd099925521bd5dd04063851db98a66eabc5813e267ce4d58f6c100841b1643a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f0e67db99e374cab3006ab8d2d5b043
SHA1 b98c60a33a043a038ab1870c03cece769f2d38fe
SHA256 8b62ad78a251920aef5474cf503e299a1fa46d4084924f444d08dca412e05a6b
SHA512 a68b412ff3fec645545a3b9484f927c806b078672d3e29e98723a37f48afccf49c45fe21a1a3fad820399b9c2773d089a19f17f4a1f72016caef3681dd26e15d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b52859dac066a0aa012d5c37029550e
SHA1 35e4110dc96f7d03d8e0fa503abd20ad35b46622
SHA256 23326639b76f7894b414a476ad7f4df1fa7f2b44e60f44aa7e5e9d6e7f9a4c83
SHA512 b91ae97f105c2dba07801a14571e3bf054345d271c05c9153869791337e401976269166f17d5b2e71f8e3b6b431281c2280bbaaecf65768eb50099ce26197bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34b1b2b55188c0bd786d8655377c3187
SHA1 333959690afb530a0a38873ebac17350d2afbe87
SHA256 fd55a84ac00da79198640d2f2b30d6a0188e96fd8770a4bc436863a068758414
SHA512 e90b92eee9d33ab385b8facc19f9939900e2577b8827c880a82909303b0c57654735a5bece694b39228a609672909f0df7a30e21a7949fa35feba39bd6320698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9838a885d082b7cb3e65708607789a93
SHA1 6eb4defa165579d8198e2067a836426962fa1e2d
SHA256 6b9088123086bff9f99359b9dd5089a2dfdc478d0dfeba7d086f231c9e58e15f
SHA512 3a6da6d54f192cc5296a1c0743699c305379e4275ff53e54e5f117d6a8810fd26068441035988f10a4ae25b72073bf56067ed0a94f712f476b8003c03d355c1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a42146215c87dbd52241a5604da44a25
SHA1 fc15639893fea2509264221e156f619d6db6d384
SHA256 e78d487ce547c4ef38b9e77afc5b151ccb89b8a8c29f7798c9095e88834d677e
SHA512 081caebd04d22caec0eb7081b2ca1cf83b9f41562d3adfb1dead5b2f6bf81663326c0f31165a9349c73c0efda7b19f261dd6b382fdcabd9222831049e51ce2ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 33f6c394ee770ef23cba05ec3662352c
SHA1 0849a24b4840a153b9ac2e53fc73f6693e021c5f
SHA256 fcd4b5fb0be595ba0866ee2669f1315229e56a775471498685c5e61709118533
SHA512 883a86c99b98c68b10954efc210f386d251e5db743831a94fa246bd71a4cde0aa75cab7df2250e28952044ceb4cbc47453ad31ab13252d7608e9bcf578db427a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdc62f5db7e76866d7d4053564646f91
SHA1 db424c9a1910f8919410715c92889e08019627f8
SHA256 1af939aed328b77296684225e2a955f3ce07e905ee8b42c9eaacd21661149841
SHA512 5d51f618612a5185bb1d8b2b5a4be037c6ce922301a948689bd0473245dc743143fe8dcf25fe792fb37ead216955e0b61de951ebc69e4a4ebdceab27c027805d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13205b3703824b3ee6d7972a3c6d8686
SHA1 e4596b51c97334f51121f53f6912a31a7e00d1b5
SHA256 5472bf7f9ebf8e7fa49f2c92ec8c3c5de6726d8d5cd36ad5889746bc028762b8
SHA512 d5d901df897aedd45c2ae6c875e39e4a62d470b75bddbb51fbddb3c74de75a45342d3cc4400426a5ccea14fbe103fcccaca890c3c28df73bea10758d032417f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 063ffb74fd227fdec846cbf66ec8be66
SHA1 21df2efa0fd2c16c521c7a28b93b9749f4307d7d
SHA256 8004799bc2654d088cb3c03e14f97449992330e45f673e6ad7ac7e3f9cc99a24
SHA512 824e92f4fbac4feeb0621624ac011e810e752f5dcc74f501c414551b7590853e1fdfb9c389177e8bff4fed912535fadb426f6683b17bac5d3f75a764608b1391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 471243f06971fb3823f1f06df937988c
SHA1 0f59c2c7861b06d546acebd8be9acd7e18114c36
SHA256 1f7f1bf066179b33d3d14f3ddafe48e160c54d89c97112529872ebef48a4103c
SHA512 04529a9daaf50835ad048c52f075843d4dfe9a35d344a7a2703a55fda436502b90c96876a229504f52127ab8c115258edc446f93671d6902a295e2e62bd7c25e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 93d621e5840d42fccef8009916e80018
SHA1 c1436c51d72090e3b904f9de6d40bab4fb6594b9
SHA256 a609f5d5b426eb6dab87828ac6498c94cb50b871d414f9874aa68846ee094abd
SHA512 5826266f15ebe723073d9b2111a06ffe185b33e4442ad33c23fcd6d734fb21c0fa1e76b107ec2bbcd0a1add1f343ba60c4f5d5f5f915c4557a8a4c3a6ebfa9ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f695cf343da60b327457ca2d4018fbb8
SHA1 0e9f3cbd7fe1580be2fcc479a298cd63ae165624
SHA256 6e8925d0ec97f2cb4deb69fbc37ef501d7e621c25502397a0d937b3c39da18b0
SHA512 990a003760af65f97c1e65b8443e1f416d19946d7e3fe25f370abb19ac704533a2239fb1ba54f2a853674245a989b572befe02f9b912da4a6777fb7e36d66526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 122f6a47b2717f9ab472a9ff7b01ed9c
SHA1 42f6968827a050984f19b083d87f178bf4a21af2
SHA256 75dd9d78ab13e23c2cc510127c1826b430abc49f3ad8d38a42adc2a5629f4e8d
SHA512 33e46105532a9569db3647ffd50126854d8940a5896b73643a67e985ccddb07ecd5619dc711c0868d7de751df5d75d44f87148818c156a4d1d23adb48a5f1592

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4afb7f740e57e4945fc1b8853accb981
SHA1 19585e498904473f7887625b00ce3d2ae3cf6549
SHA256 718b40d32ec118e9311d1e72e5f1443d36a0d862e0cf1cd5b2c96cfb6ae8c28e
SHA512 8c45a1504a7bcf7d48c0ec29bd29b216c217863e91e56d8aa9f4f7099645f4aa0c41422e0d9bae710385932660e0f00e6abdd06b15af20a39c6f9ac0ba7d503a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bab5f0defb4551dda63b0647b5df7b47
SHA1 dc074d0c351f8d3e6122cf7bf4b18b4ec6a44f7b
SHA256 3a23a31d4f73d23a8996634a9878c0ba799e3034821afe8e4edafcef03db49eb
SHA512 ac4469be6f25eb957667a2d05db1daaecc6e90f0eaf7b50043ca2759a232ff0158c1588050e93cb88e7eb8e87c0403698ea99fcd7f7cd5553b2e5429a284d4cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFf79a1bb.TMP

MD5 f35cb4a52d7d6f20570f491934ad3d4c
SHA1 8e35010a7cf01945967f72fe06e984ad7fc26a20
SHA256 23c23d5849b00a71fd0e324dfbbc54d15b5add4c15de0d71c2bcc129698f4f5a
SHA512 49b9ac1d732654f4f6b73e1e69826c619cce1277d3dffa12497c44b57af7b040413bdf7f9016ebb514696afe163243f71f50b63100ce5969d49f41dd9322a7c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bdfbd6bfa1fbfc3c28135d103c5a0ea4
SHA1 472afbbf762e71e742cecd370fd6d98fa63047ef
SHA256 5826c35efa6fc78eed8c2e407b91656e55c9c6cb0197dbcdf78b6d3e3929fee7
SHA512 b38247e9762667c2db52b9f58d29f27514f15438c850e014655b17996b0b31143b590d62b817370fb08e11901685c655bca3b0d853d727557e0cc48439af5294

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7611b6c5380aca1ccbf67c5d5926831e
SHA1 68d3a55495414d42af9c9cce30bf2ffed25c730b
SHA256 d1699f28e71d6d718c299abfa1b51d3b002b6df7c7e78e9dc2aaed372edbf4ed
SHA512 1961a1a12e933c570683dbd4c018ce2acd4497f77f80f6034e34a71ce0f79ea9fc5adc380a72e64f6b78d472424279a43593c4ea1e64b5342f03b2ac216dbf86

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:07

Reported

2024-02-12 05:13

Platform

win10-20231220-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521883095854859" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37b6f98d715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 09d3b796715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 655af281715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 50714ce7a35dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 69dcb582715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 2204 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5444 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1440 wrote to memory of 5444 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3536 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 5648 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 5648 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 4128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 4128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5648 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5648 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3536 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3536 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3536 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3536 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe

"C:\Users\Admin\AppData\Local\Temp\e4e5f5ab2336231c3821a455bce996caf8a83c7b261872c7d405daa45b6ecaf0.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaff909758,0x7ffaff909768,0x7ffaff909778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffaff909758,0x7ffaff909768,0x7ffaff909778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffaff909758,0x7ffaff909768,0x7ffaff909778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.809805126\1832626002" -parentBuildID 20221007134813 -prefsHandle 1600 -prefMapHandle 1588 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab327380-1e98-4f99-af18-ea9a546028c1} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1804 1d5474d7858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1825923902\608371012" -parentBuildID 20221007134813 -prefsHandle 2184 -prefMapHandle 2180 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {197db11d-a684-492c-9bad-95188b1ae1ca} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2204 1d5351dfc58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1848,i,1161106281303766858,17872016791890530210,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1848,i,1161106281303766858,17872016791890530210,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,13769925230404203892,12006014700036771587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1844,i,13769925230404203892,12006014700036771587,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.1759750732\559216699" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2828 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab5cc119-545a-498f-a56b-0dd615d49f61} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2780 1d54aeb7558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.1186441686\805577161" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4314b6c-a3ea-4661-8d1d-ecb05fcef02c} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3508 1d54c5de758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3696 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3848 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4676 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4820 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3116 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.1549738540\661339457" -childID 3 -isForBrowser -prefsHandle 4324 -prefMapHandle 4624 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d4c8d16-eb2a-4b2a-9f0b-c57efe4ae8de} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4300 1d535130558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.1711880312\1245562766" -childID 4 -isForBrowser -prefsHandle 4288 -prefMapHandle 4200 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7af0db82-321f-4b30-8d6d-05f89248335a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4716 1d54a551d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.506615299\441671389" -parentBuildID 20221007134813 -prefsHandle 5368 -prefMapHandle 5352 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63df9098-b7a1-4a5c-816f-465ef3297c75} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5376 1d54c5de458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.7.1058146665\1659407703" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5392 -prefMapHandle 5404 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {178f251e-213f-4367-897d-e98fdb9bec3b} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5492 1d54c5df658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.9.962940440\2077536362" -childID 6 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be4d15ee-5571-4e98-9969-394f3d73ec17} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5844 1d54d611f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.10.1558834700\635702575" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 5824 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bfa0958-ae57-4053-aad0-6e5cc68bfe10} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6040 1d54d611058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.8.230986156\332886227" -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5684 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {250afbeb-027f-4004-9331-158b8a35c1eb} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5700 1d548cea658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3124 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.11.58153027\1941008452" -childID 8 -isForBrowser -prefsHandle 5688 -prefMapHandle 10264 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7a3854e-379f-4db1-94f1-f501a3a55fb5} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 6392 1d547404a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2604 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1604 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=2016,i,15433420283943680635,845426432328680870,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.246:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr1---sn-ntqe6n7k.googlevideo.com udp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-ntqe6n7k.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-ntqe6n7k.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-ntqe6n7k.googlevideo.com udp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 102.28.194.173.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
AU 173.194.28.102:443 rr1---sn-ntqe6n7k.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
N/A 127.0.0.1:51180 tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51186 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 92.123.128.167:443 tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 udp
GB 92.123.241.137:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 92.123.128.167:443 tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.184.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 142.250.184.227:443 beacons.gvt2.com udp

Files

memory/1044-0-0x000002230C720000-0x000002230C730000-memory.dmp

memory/1044-16-0x000002230C9E0000-0x000002230C9F0000-memory.dmp

memory/1044-35-0x0000022309B50000-0x0000022309B52000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1d62a39e7f5878639adda8dc4910e5da
SHA1 59eba075988b4bab9b16b4554edcad54fb40f51d
SHA256 23771fb9da16bf216cfc6d58f8e6c0f7f6d938f3794491336209f9842c61549f
SHA512 fbcd52403b645168f2170d28469ec64108673dc04533a0d90841bcdf830d6b71d1dfa839398ee1dd9ff55bb8dc6f92f822ee3c47aca1f42c10247195e8c050b5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 71ae54e638d90bb900e726c50e673536
SHA1 dd3f0ddc106036845e378f916bffa0837935bd1b
SHA256 469625e4977eeb3bafa8cd4ab692670bd35ea4236b7592941772b3adc915c425
SHA512 12f736e40f2139e85783ac9f2af5f506286217f3605e15a17fc89eb03517aa333f5ba1e799b0dacb31b0a3538815d5a747173f13e684d2446881fe2eabb0bff2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 bdcda2a6c123199c7c5499afa67c52ae
SHA1 f722c093a84abdc182d10ef54263b99c8d7b993a
SHA256 9c3928457f6a9294c7fe3f7e36ba1f3bae8a752434d5dec100a176a7499a747d
SHA512 677d4cc4c4d274e1c7936d8aef98173dd62a9851fb61119b54b6da4db5472ce6663a995fc5b210c5114e0d84fc41999539a0a7e06817b02ed492dc24d887647f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5BBNNG8X.cookie

MD5 d8e7c161537222f722da05f0b416548f
SHA1 ca809d1c46a3b05e5f98c9b00b8476d960f375c0
SHA256 57a4466e9000f46f52989accde561c9feac666b4ef71fbeaeb0271fe6716f12b
SHA512 fb9e69147e9a3f64d0cbecf35dc62fdc8ec68f8be160517bf37194baa8ad63de7e8ba31244396204e674f3d1adc11bf1245d6d4127adfab24c6ac08779213ba9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T3Z1I2DM.cookie

MD5 76f301a1e19ed29b1c4a9265d460eeaa
SHA1 c41f3e7d253b9877ba174fdf6070922b48100585
SHA256 8c4ee0e0bad56215eb97d650972aae2147815e40ea6a6def87677dfdccb88da3
SHA512 82268502efe89fbcbfb50c29e9513022ff36f3e9cd09b1543884593fe1994c176de81cbc0641f5dd99ab6a2a3b57516d21a6ac7278c6712c97dc15d86db91b6d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EJE80FW6.cookie

MD5 b77b8e50488e11a2697ef0260716f04b
SHA1 f241057859b9208a34fd6c7efd453023e40d801f
SHA256 3015c97345b2ddfa4dd58eb22716013e0d26643e6a9cb5bfebd2e9b07a9dbbcf
SHA512 79e1c4567997835e4b88e43ca249dff977ac85fc7e14c40c6989124666c8928de35f04f544acc89f41a2347f8b4ab3557fa117bd3ce5341820694159661dc4ad

memory/4972-122-0x00000221FE1C0000-0x00000221FE1E0000-memory.dmp

memory/4972-133-0x00000221FDE40000-0x00000221FDE60000-memory.dmp

memory/2204-143-0x00000188C4060000-0x00000188C4062000-memory.dmp

memory/2204-145-0x00000188C4080000-0x00000188C4082000-memory.dmp

memory/2204-147-0x00000188C40A0000-0x00000188C40A2000-memory.dmp

memory/2364-213-0x000002A578190000-0x000002A5781B0000-memory.dmp

memory/5064-214-0x0000017C3E140000-0x0000017C3E160000-memory.dmp

memory/2204-287-0x00000188C5560000-0x00000188C5660000-memory.dmp

memory/2364-292-0x000002A6793D0000-0x000002A6793D2000-memory.dmp

memory/2364-300-0x000002A6793F0000-0x000002A6793F2000-memory.dmp

memory/5064-318-0x0000017C50A60000-0x0000017C50B60000-memory.dmp

memory/2204-315-0x00000188C5740000-0x00000188C5840000-memory.dmp

memory/5064-311-0x0000017C50A60000-0x0000017C50B60000-memory.dmp

memory/2364-316-0x000002A679650000-0x000002A679652000-memory.dmp

memory/2364-331-0x000002A679680000-0x000002A679682000-memory.dmp

memory/2364-342-0x000002A578260000-0x000002A578262000-memory.dmp

memory/2364-350-0x000002A679690000-0x000002A679692000-memory.dmp

memory/2204-367-0x00000188C4F60000-0x00000188C4F62000-memory.dmp

memory/2204-374-0x00000188C50E0000-0x00000188C50E2000-memory.dmp

memory/2204-383-0x00000188C61C0000-0x00000188C61C2000-memory.dmp

memory/2204-396-0x00000188C61E0000-0x00000188C61E2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/1044-450-0x00000223131E0000-0x00000223131E1000-memory.dmp

memory/5064-452-0x0000017C52840000-0x0000017C52860000-memory.dmp

memory/1044-451-0x00000223131F0000-0x00000223131F1000-memory.dmp

memory/5064-455-0x0000017C52C00000-0x0000017C52C20000-memory.dmp

memory/5064-456-0x0000017C52C20000-0x0000017C52C40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6FCU84OJ\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LHPXC5EL.cookie

MD5 0b7bdbf067a9a1ee8dd47bd46a868320
SHA1 27b3480f31fb03da9c1b72c9ced262e6f91d22b3
SHA256 94940333edd1f792dbe437d92ec4a5d873e7c9d4e34d48accebdf344928e80eb
SHA512 995155a5fb8218295decc6d59eff2c69920f1fa5626bab76cf19a65ea98368135cbcd921d8e7c620f96ffbd41bf6cc81dceb2f9ebfea86de991fcc110035626f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 733bfb5abc4a18b1b2f5bb44f32d0110
SHA1 3a3d6e28b7e3ea6dd7372751ffcf7cbabf93f710
SHA256 826046d7c4628f983c2690ef54e5f425d39721798dfd7127472ae5a53243768c
SHA512 8969f333f11e62b53425cfa987ac747158a2161cab855fa39f68366afac73cc4792f41342a6cd66fd9fd5a9948b68ff4fae5671219639729fcef8374f8d1022d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T3Z6PDGM\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\53Q91W18\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\63ve38k\imagestore.dat

MD5 31b290520afd41d0bd5db7248c164779
SHA1 f3def76a7e07b077bbdcfed5e9a8d1f414330d31
SHA256 0abe111f2d0740960993ffaee7c0d2e479fa07edded7d4dc6cc618f50f8bc30e
SHA512 a32d785b6f3a090c9b4a06d12f2659c458656e246cb0c121fe599fe20f560922282c72fc6073df933dd477ef076056cd309954c3e3efa39d22c6b656ba90b9ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5a481e00b80665a05cf86daa1963b3e0
SHA1 f4a20e72e317418efc967a908619de940a20d4c0
SHA256 91b28700682dccb86ccf1e8f65be631fa8a0330edeeef37f46ab5be5fb0d41a1
SHA512 fbf3ab4d5276bcd100cc382a779ba03709175b1ac66f977e8321438651c5e38ca8a4903a0ee71b25e4b2a00cc909632132892f092d8424fe617cdc736038a111

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZXG7WCAP\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8IKTT4VS.cookie

MD5 dadb3dd5577fe17466395461ee1b24b2
SHA1 7a7ba65887c593a85226bd3521997a9730a7488e
SHA256 62b555b7c6e87043075af44ca78b528bb2629c37a8baf23443ef6eec532dfe02
SHA512 bd2aa3e116477bc25ff58bd2d6bf67386869de012c0e151ed0c31eaec88ee6317d02021f32069d37dba80e91e054e4969b74a32cde2fc83dbac1c4a1c578c8fe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AXCQUSO9\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AXCQUSO9\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TMVJ6Q90\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J2RTNHG\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TMVJ6Q90\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J2RTNHG\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J2RTNHG\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6F2EKMT\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J2RTNHG\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6F2EKMT\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6F2EKMT\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AXCQUSO9\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 c67479822ade203fa5197673c4d664c0
SHA1 9fe3a465bdb4b9be2dbe60d13b974ea1440d2945
SHA256 f5041212ad3e66cd5f8e5430d7d02b1a4cccd673c65dc7b733d25465a939a05c
SHA512 603648d22a58ad53d0059cfef79b79db18625ddf8644848a0adbf8d76c6e4de40af4234c32372ae78ce922d7db358ea5e74d46f1155dc07a1ecece868451e275

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AXCQUSO9\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J2RTNHG\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YXUUZY50.cookie

MD5 e46751347150a3c8c6e29a10c9e3d6f4
SHA1 93cc82ebea03e09b9e6c913fbf977a80908fc441
SHA256 e6cc35380ca090d400d48baefd389cb64834e06bb7949d69e59cf7eab0fbf454
SHA512 ff4873168c25de3e97c2f2d07119ea10bfcdd2e0cd6462c770811ca6fd49e6a35549c472a771a61455db5ac87eccfbb9df3c206cf4bf7e6d88980d2b36fa5071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_3540_CFWVETDRVTUXYCER

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 abd9adeab17c11f21e1a28ba84e7b5cc
SHA1 d9de76d19965ced1df39448847e47fdd70023068
SHA256 0a91b8dc3f5fb3e6b2614645f08f8b396dd02ada9e859a7ecf392ae08e4b7700
SHA512 d283fe169c57d42e004e2e0b3ff6539b1126e2bb1d063140cf5308be57d436ab6fbf5b49c69124607352be5dcc3b31857c3bae20d2e16eae0a58f23995af7887

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b67b12a81bf4292088fbc67321185198
SHA1 a1601d00a609bc18ca9d95be2fa1987afeb1f553
SHA256 49b91d42c1fa316bcbc57bad0384ed052713633af1c80cc70471023f50bd0025
SHA512 27d7c866437e6313c6246b4ebd72f1801b268a4cf55de376c1e2b46ba4d40e1371e2ede4039b8a30fb274ab71772e046b8fce0d1c93fa549d0db20f588056ce5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

MD5 a35e16ff0a26ecf0ef3a59b8c720e023
SHA1 3fc58aaa472f0a9cab9110c4764acbe342e981ef
SHA256 c4b92a66e62d0ff58407ebcb468b418b236311309098f9c5a99a9f19de7205f7
SHA512 909f45f5e62055c7ff7a7b3f4595f07a7e8f24a67f03dfc5a8692c49562e1a8b76039831d2654cc1aa4b885709bb7c9e1fcc494b9c98a35c4357f769dda27481

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\32963f46-71cf-405d-88dc-c762c42f6316

MD5 d13ecb1499a2f0d22e98190dbf0e075b
SHA1 86e4d8a641bea626f4e710959e67ffa5721b6350
SHA256 c35ef66d0243178f19b9db3a36041358d05e7060f04bd9ac86caa6d46d121238
SHA512 c0ebbcd9819b54aa44dc5bf399636232086ee7637fb4cff289854e994b0869301b1bbd4a9ce82ac65b1f3d9e0fb7cd33d0577895fc60e412dc9f96adb8580a38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\133ce124-2972-4c49-afbf-a84fc106a7a7

MD5 ab339a87e8c66c90848939e6f23d38b1
SHA1 0ee0dc53fe1e39ef69aaa1b012f324bec7c3d19d
SHA256 32e668d27fb6aea3ba658303e6f61c2c5a52eceece84665f881fc45aaf10d965
SHA512 42afefa5dbef44c2b4b4493e1a84c3f30fb6514c3cdc910188ca72e3c594d173561f480ebaa0ca7604aa61bb34f7c338a750c425d097b52c30353ab1b22b10b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 e577b4317a548516f707d54f9a4d6763
SHA1 2bcf280ac48cf50bf56df705bf323256cfb87968
SHA256 409c7847f8510331e2361b642b4852a04826180ed2e1926e620dedf512d198f5
SHA512 a9a84913cedb0188c7e64c467d9efbd3df89976e7a3cb3b47b11ca6eb5589f1d43bbffa987f76c95b6a1425979ee63a03572f372f5e68e3b1cc938c977fd3cd4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 22f48b6dd602aec4864146bf4828ae62
SHA1 56f8cd404807842b768c3023b9b63c794954416a
SHA256 f027a2f70491793288f21bac553413f9d9db51d3aa23eceffe1fea693063c4a3
SHA512 e9c0b0996cadf7247b30e29dcdb0c16e1f7b8957c35999bf7100eff5d17ca6c2b09337cebd60ff7bb9d9ec83ccc2ad87bb940acba351289666ce1123195b713e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 70cc8a7256dcfa7403062cfb0dd9df9b
SHA1 c9d8a365494bdeb3273f0d0fe280219017354bdb
SHA256 6dee0c5808d9e13586901adc73b0c3e47e00cac1fd24c05c484938bce073a143
SHA512 a53244ab18184a9931acc150b98572516514e9772afebdb6a95116d2fefebb4e033db63d5cd6285ed5e2f7b4803bd6a43f7078b456e833cc2a45e8e4fce79043

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 15a466482c3eb17004ffa16683e98af7
SHA1 e82b5b0253e7fb4d91803bfb4966530973b289a1
SHA256 6320f7ef11db02ebcca0d01f8d0424e31754243146f4d25cbb0948d73b37efe2
SHA512 2bd4fcc86977a37035b29d1a3648fc7e246602b7fe45e082c1c0054af2d14bf84cf7bf1d4044913ec49615810a53f3a535af168b0fcd826ace8f33733e02257f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 8d6082d706c14972ae216be2c285d6d9
SHA1 3fa48d162730d86730f487913f4076aa94495289
SHA256 a98cf146cc9ac0ce623558bec9500d9abe180e2ec414d9e7ce5c9a96a28ce09c
SHA512 9f622e6e24b7d8d1f618efebbc707430ca12870f6395c91af80538c7b67bb3b7a656b3f84e4eeef8aabbc54eef2616c31be379c0e06eb76c74b2fdb8be41895d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0724184728d6cfca7953d36e815bd786
SHA1 3b6979e2f861a0bed0067de524b7785357cb7eb0
SHA256 c7dc53826f5ff9cc3c0ca157cf11fcda161521ed5612844f569f7d1b8ccc79d6
SHA512 25acdc8b79d48d304291bd68197a900b54c70582956f3cb653e22bb099fd28f18f4a66db00c078b13372aa7817bb08abb2d02e3c60a57fab98243c6433148c32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a04c1349dfda2ef033f1dd02473b6ea8
SHA1 aafaf2666b45f1a01f1d67dea033387fbb89aed1
SHA256 10428130bbcdd2f2cd591c7eb2c3ec0505206cf544987434097b926a73ba4dec
SHA512 ce4786e9388f23bd33087a157bf769339d2005ee5ece9e7647ce42ab417f5ab51944d1027a75c4bd069e291d440a5d71573e06319fb335107b3cea194cc77a5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 53155f501761a767b5a3062977e9c3e4
SHA1 9322fa1cadad21c5b6bd47a687063dfd258fd154
SHA256 52471be38c2e0d6377a446038fd3531c4a39c9e9ef22814918b80a0196e465ab
SHA512 a3d88538258282d4ea0d81d4c78420699315a1c79a74a13987fc16ff8fd347b7a70bec2b4c604ebfa9510cc453c83d9baeb9cba861fc191f23fe037206e0d6ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\146\{1f21bfc1-91fc-4ed1-994d-94dbd6a8b892}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\idb\560052517yCt7-%iCt7-%r8e1sfpdo.sqlite

MD5 f55a0ab3253aed7f0fe0281854d98d31
SHA1 dfb5410c9269252cf9c65f6f0d45e9bb2d582f27
SHA256 b08462ce753b10c1d4c6c941c9eb2061685741fc933b6b4c71bbe8c789d5bb92
SHA512 9ed5798509d699064305b862115c61f76416d2ba2be3f11977f3040f79a911d3c6aa58d8e43f39c69c1381d667c809da6ed38e8bb2fbdb4f45c6b908bb0408fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\0A248B55FBEB4E921B6AB26B9359B3AFAF773D09

MD5 9f42e0edcd86aea10fed8962184ea83e
SHA1 9554ca25083c65a279b84ba56acdf39a40d65d90
SHA256 2c4dbd160031b0e6b909a7ab771bc79d28c89a8313c4fcb59df5707cdbef1341
SHA512 895ecc601c728fefa071bd1ee4439478f7079c373e81ebc22a67f4c34b9ed917a9bcd3f8a5e8c6d1988110d4286a617dbd616f1f9ec6208e32006c5cac86dde4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\B27E1CE4B53FAAF033B5213B7DB90C5F18BC6548

MD5 ccb85eb224123efc2c5e332a850d451c
SHA1 5ef8c327990622fddb884073d1acd3c1c2bcf590
SHA256 d63e7dc673b37fc34222268c0244e7bc92e857955ca66e67c15c6455c4f00c75
SHA512 6b85b23dac784145107076e63f85021aab1badffd4fec8aa4956cea9648979526577e1b57231ead6bc89a47f896de2e2111d0ad93788314fa67929dade159636

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e6211d472670662714f891d7541031b8
SHA1 9bd804055738b5fd64d7df5f122b2472ac674919
SHA256 74b30cec96b05270788e108967dc5e0a69ab728cf36f90397347856a7be247e7
SHA512 75620b1f65ebdaba6c15f3b90ee0d793f0adc71e01d8e50398a59abd7e0f58602883a9ed69d942240db94fd006411d655305e4aa7ab73ccc0791302c74fed6d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ffbd.TMP

MD5 05b6719ad52bf65e497f6eeb4f025bb9
SHA1 4df1f520edb37879d103723014ea9ddcbf17017e
SHA256 8625a7d5c5e385e48c0b6e23fff2b490bb8a831ec2131fb535604f30897a59fc
SHA512 3f93e2f6bdcf9ec937bd7648a43b83751aaa7b9fb8c517da596cbdbbdcfc0efd7783cfaa3121b400020eb5dd865aa32b1860713ed1a4323ace0ad78f443271d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a55e3dd0e16604292d3d1fa1a1c0c683
SHA1 e1cfc468d341c5442b68dc978f56bed7b042f41e
SHA256 545cab19f363c18f46a4179ebe910789eabfbb189ab8089077d8fb17e27d0af3
SHA512 4b31da97a48da60962b8e587b02412f1b72e029748d625a00474e6edf1202fcb59790fc95b550d3b72713d0a1b66c1f381a42d7c8ebd1a80fa40050f4ae2daa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 2e0cbb1498c7d2d819f51b3ff29b35d3
SHA1 a90dfd757f45de2f7bd9617343b7ce1d6814afeb
SHA256 316aaec218de746e77b3eea510406f142e5b08c6f1ff6c0acd2fb6807550cac2
SHA512 b5f4b578cd9fafdc9c192552ef2852820657d365f31a3bfe703f6041674587c2d8c8c6e52d21cc53187ab600e3416e5082a017624f876e5238c9538afd994dba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 da51eb6eb68b624971192fb931818dac
SHA1 cebbc5ab02a6ba5d41f41c1bf86a1d035b96538d
SHA256 99d7d3641cf95a0a3a8112aba73446b18b4fde9b7770c5372441693761907af8
SHA512 fb450f7b6d639ec9c53528c70b7a0b4e10eeffcf93e4f5c92e70a245f6b546dd8043aebef932929f0fe87480bc8e9da7fb42dd3d373f60ceffcc0bba5dd4a8fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 139f9213218afb09758cc612b64c4b32
SHA1 468d7caaf9c4d75e3462a23ab8894a1c9245dcb1
SHA256 07e0f9c59997ba7e625b4699780b1b458821b57b12bb434c09860be316fc6ba0
SHA512 9b9853cdc2f0d3b3fe4ff382ee2ca77ffb225e03508c6db75448a45204d9037a34ac118572cefc2748b764406d9a085c5ca09fb8dd72b36fd51cabf69f011981

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\57\{400a5954-4ca7-4cc7-9165-7e04a4765e39}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\90\{678be0f0-ec65-4210-b642-9f203762e45a}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 66c2caa8c0f14add25771476774ab7ed
SHA1 0ebaae6e39fde322f5ae7a5f3ad3dbb786ff56fe
SHA256 8b1556714bb20bca5dacd62044320b6fbd8a2f84f2d165c87635dcbf95b43f5d
SHA512 8aa2d3fa73e0ce342de80a93b042a391bfbd859a6f1d5c114b81efdac6fe4417bb58e690c4c4cf1db5671493b449b16757bdc0d3e26321fed7bab7020c7e0822

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 73c9a11e6112dcb1cdcf1315b2bf2439
SHA1 406843d4c65422e8bf6bd32df3e882471c16a2d5
SHA256 256d92a47c20b3090136397570e631f6f1d8ef534ffc008592243e883bfa057a
SHA512 b74023ac9ed6ab416dd36d2248dbac6b62b51775730e9bdfc75feccfa1255fdea47365dc98a9501b751da2d56a25f5e0c488e33aedfb307c70fffdc936c62a3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 58e31b655d3065f11b2373533ba56ff4
SHA1 24811741d0026079de25ff29e663d830dc089c72
SHA256 1794fe2676c9b1127fb1b2d6feb011ab843726140f6e50ca78561f030c79d33a
SHA512 203b4402d852a56601702e789aafb7113b09f304c5ac08e937024d6272a84638a5c022f890e9510351857436fa925f494d04aee1c75784d6f347798f95192ff7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584e2b.TMP

MD5 813f00712b9f9b3dfcdc86efdd95dbd4
SHA1 2113e669a066eab7898a5040969c92385a46690c
SHA256 bdcf7f15f663768253e926d68f63044900e439f28a785dfd28bd0abf25269974
SHA512 11e5f83cebdc0ef033dd80ec258862d2f2b1586e685f313cfd99ad27bcec31f5780b0a8b93ce22b5a28232f59334af1d9963b405aface64e1ffed6446aebdadd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6979cf4bee5a62718b17f186cb3ab9ae
SHA1 be461229639a473c59d6f70e6df0b2ff6f951ec8
SHA256 94c12de1345286617c071db1fc25c1bb62b8d41b5230116f449742e34452a00c
SHA512 aba1082df3c50ccb7d1040b390b2dbbf5baa4cce6b8516f60413808bf0a44e9907f39bcd6478662eb12135473f57d2e05985f7abbc42476d755d9da88d3ac51c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 239c9906cf6cf44640975590e712f0ea
SHA1 57e9d661ae96e57a9636cb49e56a40496aac1492
SHA256 9ef580a26922349f38ea18575e59bf224dbe023485bf5ee3628c17e8104e3e33
SHA512 405ee3e45a748f27100c88984f626b632e8bc4c543117410ab8e3eb43f69f5b8dc432eecc5e41f463061d15d758d6f2a14bbde1c7943c3ccce8eec7c3b9ebe2e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ONVKUD1D\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 bad7796c6058b689555cbd3a082b1c46
SHA1 5632c6bb2db15b4863c726ba5e68c08547450bd0
SHA256 569127a5a92e95a421696fa3a2d0c5b5296c18d382d3d17cc11e3795a89d0e88
SHA512 5c72f7461d402fdfc35c71fa18c4dee012a39406f45f31f2cfbc85f1f68229ce9b1f73343ef14644dd9bc02c1653c29e9297c5c9fae91a4b14e863767bceb2d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 8764376b0de9e306969cd7f7bf97bef7
SHA1 718f1aad693b8a75fde901550218e8e02fe91453
SHA256 3c379ee28af8d71bce6297c151707c424770b900a4a4da2bff941acd1042bf85
SHA512 1d5ff693f33c55c1a72feff842c2391bd6265607f483f7d772093477123e26ac970626c454baa9022a02242f18448ee96cceec93a8bce79b3c14254f00f71e5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 59bbf9423d97604ba682736a69f8aed8
SHA1 2feae273efa2848fd93ff77750c47443839d7ef5
SHA256 5806aad23b1d73af3584ad289abe3819d879a0d45b23dc962d9d01725e7abbf6
SHA512 6a9bc811b7526d5e7a156db1b1bea377308097f518e48c89d10960467746e524bc8f24818045d6d7368a99bc62b0dbe33ea5e35a84630c5dc4b582ad439870b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6d61dee5031a378a4d14951947c2b91
SHA1 a67cc35e39d2b0898f18c3bbb49530fe4723a322
SHA256 5ebcc93088265da207ddfdef136c576895ecfcb194b07a2cf9cf57a22379ec38
SHA512 36c75869cf1da3ed821119360bdc8e35e390c8109e56dd9d8a2c9ec4e84ed5be09f12dbb7a36607e405d9da371d2176ad73d18c0f91707207c3f4c8ad50f29a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 422691cb55b660660e6e443446f03f06
SHA1 eb03e981c8141d59755e69802271a3770f1a4e83
SHA256 4044a285b8c2afc7daa82588cb832719df01e486adf9ce7b545a26aac4824b92
SHA512 195d8648084ea2b2f51713e6e24869cf7fdbc14b344aa70b6fd9e35ab94939d6c771de12f940c512adee584fefbb35bda4450b8d3490806724c3b89b06b8b7e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a457520fb2bfb8f120241f3dbcfbfce5
SHA1 09111d3142f0cc11ef86032f8363a33088ae9057
SHA256 80188d9b514e9856e49768ed5ff0474006c894d3d33d51d22b031c8acfb78e2d
SHA512 d71b88cce4c1b02d7acf06f2f83fb850d6e40129118e535c021b1fe0c9dbae29ad036e1618aa1d3a27eae997e82e98bed631a1374f02eaff9ee0cba2ee08254b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6922a2a59b90690e1b2d27ba2a4eab3f
SHA1 baec84f27297e57eb58c83fd3b6b22d55b0b941b
SHA256 9414baeafc12b7da5cef17068f36cf8f2587a50f14395513354622fef5cc84ea
SHA512 ea4e7c3c866b8bfa91e835467a9025228a3250a53fe46206436f7aefe40de840cea0e2e2a2857d1a829e4ddff281ed1b9422da918f3c86784486f0d08bb309c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 716da2a0e666bde1bc356becffab6ed0
SHA1 416eb3e4e45e06ab97af4aafbfc1b2cceef24787
SHA256 054d4fad81f3b792f3f8aa9189536ac0996ac14ae817c1265161af43f6da1781
SHA512 a3871fb8dc3b26070ec6d59cc3114f0634e3e51e47fd41100d330aa4bf0e7be7a9b0e9bd315f8cda9de809babfbc3c4a17c72f6fd3fc221c70ea2d3eff40b0ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e56eea36f2ab60f4bbb47c9a860a447
SHA1 f348beda07461625c80318608e544a0e9910364b
SHA256 023795747a52ce4aaf7b946826d8a95b62901327d2958a8fb942eff7415cff72
SHA512 d89a7fe6b00d968980396c8f2ffaeedab8448c1cd63301ae5895cd026665e534827069c517be4f60483d5c3f336b6f96f5f494dea6a35407a983dac336cfc8d8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6883a0bacc9ca99563c7924d0ee4c0e9
SHA1 7bf5d231a1ae6f29ce89ba4c4e04d1e5ff0f0c92
SHA256 46a85a42ae83282b8afeffc1e091ad67b714adf4771ed0269ea61748dfd51cba
SHA512 dae49c66c3b025ac2c84a08c7ba53e0ffb2c69bdefaada1478a5301cc0ed8c81e24e6125c9d10b58867b74e2279b630e38caebf5923d62187ea03e6b97beb565

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6563ce008e073dca9f86b9a116465ea5
SHA1 3a4699a7efe1bb94886a2376ce3cf36cfc8b8813
SHA256 d733a96b79314b29a6e08d4c20c848593ad2ab05e5844fa0f396675bcf2d6db0
SHA512 08c8ecc68521f5f8de8d0078f1a5634e3e8499f3b4ad27306ebbeb1bb5afe2e24c7a6135386ff9c324796703266e962780010060c0db705d7329caf82039a3f0