Malware Analysis Report

2024-11-16 15:49

Sample ID 240212-fsq9eaeg45
Target f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5
SHA256 f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5

Threat Level: Known bad

The file f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 05:08

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 05:08

Reported

2024-02-12 05:13

Platform

win7-20231215-en

Max time kernel

47s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a98d3e072202f47a44efe2dae73759188878689c9dee42b9feb6e06de3c73f3c000000000e8000000002000020000000a66e197abdd874befc4170ccc9c37888ceb93dd3a116a2a27a79d6ce49899afc90000000c7357b5a81325291f99bcdacd8c5696a4fd698c339e0de7fdace3ae634cb854954f3ea83c672166101a5192ac97422d9fddecf912b3b428cdc4015d329029f98987681bda1059393d8b8704e187f5eb6c7620f490b4712ae09c864979be03c814d2090f57bf2044e8c426294e7f265caae18422bba10b13248ada4f156ca35205705f68ced9450d1d1b9c1e80749e6414000000042d3f0476d4ce8caea10324ba4b859611bad82a90134e33689b33e66511c8840926b2c919c0b5950ad50dd38e5181f57f1ac2b45f7f7457da5c80f571cb3caa1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5330D91-C964-11EE-9AF4-C2500A176F17} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C52BE971-C964-11EE-9AF4-C2500A176F17} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ed8fd7754e0afbc413f2931970267ea912e59d84ce47f9557c12163dedaacfb3000000000e80000000020000200000009cd5ac9a3c97f01a2b71bb75257817d8d2de7f7318972b8a4c2f0f45fa060de7200000005b2de5781844a54c9c69428735a5318e84bfdcfc2dcdd055734978d21fe4387b40000000bacbdf3ed40367371c267ef1dc2857490d3725a3ef7059d021f2f3a995408e8374e99637f9a6473b83b34a735a12ae2c5cf42c5ccddcecff43c43b86b9be2b54 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2532 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2532 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2208 wrote to memory of 1632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 1632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 1632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 1632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2728 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1588 wrote to memory of 2672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1588 wrote to memory of 2672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1588 wrote to memory of 2672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1588 wrote to memory of 2672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2292 wrote to memory of 608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2432 wrote to memory of 664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2432 wrote to memory of 664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2432 wrote to memory of 664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2532 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2532 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2532 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1364 wrote to memory of 932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1588 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.0.1438662703\864652829" -parentBuildID 20221007134813 -prefsHandle 1180 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6036b15a-7b9d-497e-a4d3-2042c72e716a} 932 "\\.\pipe\gecko-crash-server-pipe.932" 1324 fed1b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.1.815362498\2092761622" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db8b98e6-0e20-4f89-b44f-6db82bd22bd9} 932 "\\.\pipe\gecko-crash-server-pipe.932" 1532 f1ebe58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1200,i,510242335129542990,6813053115539980843,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1312,i,10464203129650916992,5242537393351452687,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.2.956573235\1194814710" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2608 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6507aafa-ad32-484f-8dd8-ee2e0e9bcbfc} 932 "\\.\pipe\gecko-crash-server-pipe.932" 2576 198efc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2076 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1200,i,510242335129542990,6813053115539980843,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2068 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2680 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1312,i,10464203129650916992,5242537393351452687,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2432 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.3.828086260\221476606" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22578b18-19a3-4c60-bf68-a0f74cf14d31} 932 "\\.\pipe\gecko-crash-server-pipe.932" 2764 e2fc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3464 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3028 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.4.456642917\1256524432" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3680 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81b33f2e-fd07-4ec9-8c8c-80feec720551} 932 "\\.\pipe\gecko-crash-server-pipe.932" 3700 1eb9f058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.5.1245928037\600403905" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a9a6a3c-2196-4b47-82ca-84c13a98bcc2} 932 "\\.\pipe\gecko-crash-server-pipe.932" 3716 e5de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.7.1734550242\59104438" -childID 6 -isForBrowser -prefsHandle 4292 -prefMapHandle 4296 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c4d6600-4bf8-4aea-811a-81b2def04e08} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4280 1f894658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.8.318457937\515991326" -childID 7 -isForBrowser -prefsHandle 4440 -prefMapHandle 4444 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da4a571e-dba2-4c54-a606-670f05dbdd3f} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4428 1f894958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.6.1287705684\1862060434" -childID 5 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd126ca3-d4b6-4107-9b31-f2691de1f9da} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4136 19c13658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.10.481658043\311696768" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4692 -prefMapHandle 4352 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48195a02-e8ac-489a-b333-a003b3f185c7} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4704 21024758 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.9.373344096\406508986" -parentBuildID 20221007134813 -prefsHandle 4472 -prefMapHandle 4480 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fbbf562-f6bb-48da-ae15-8dc6966d0c85} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4264 1e271358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="932.11.227303750\2068609405" -childID 8 -isForBrowser -prefsHandle 4916 -prefMapHandle 4964 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98bc246-b91c-4893-be1f-84cb9400fe1f} 932 "\\.\pipe\gecko-crash-server-pipe.932" 4984 1e7f1258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4152 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1360 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1372,i,3818137113845811382,11195802176920568746,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.facebook.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
N/A 127.0.0.1:50122 tcp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 127.0.0.1:50134 tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.3:443 tcp
US 8.8.8.8:53 udp
GB 172.217.169.3:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp

Files

memory/2532-0-0x0000000000E80000-0x0000000000E81000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C52C1081-C964-11EE-9AF4-C2500A176F17}.dat

MD5 1c0bae6285e88037f3105616714cdf99
SHA1 9d1fd13469777dfb93ca1cba5ea9557db35ca2cb
SHA256 3c3213459e9c9b1e142462e3975af534e6c29adf72929911044071be46da6228
SHA512 4867e0a9e73286793701382681b6852c6c0ed8273dcac1976f092b2a1285402035e1d4377be1870d8ddb3e93091484f478c5020a5741fbed6cbd73d5a6510385

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C52BE971-C964-11EE-9AF4-C2500A176F17}.dat

MD5 13603a8cc3d0f8cb15f46ab8aec3e237
SHA1 a8a9bb4d18a5af9c0121398a9866026c211080ab
SHA256 1f886666111443f819cf2510c64dabc8edf85ea2b8a87c9bb0baf089f365f9fa
SHA512 e1ec005b9526f48b4bbcb08947f304339622b4c06efeed7e8b768732592201d1cbd960d8e4f0c17b147ecdcd92beb43198cd4d62cd58953c26e9752b3cf51707

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C52C1081-C964-11EE-9AF4-C2500A176F17}.dat

MD5 63c9b39b74b864f189d2489d8dc11626
SHA1 906385a44ebc3685b227fcf060063e14d61f5bc1
SHA256 7c345049fbea3eb0c2bffe8cc77a1cc71ebdd73e33859234c10bf872711a2805
SHA512 74daf715e7d250b318ca3099a2663ce32bd2d0ddef06bf85a5d3425ad01184815bbdd633b77e7d8762d900af5b42ff50a53b91ccb90dc543c853bacdf18000a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C52C1081-C964-11EE-9AF4-C2500A176F17}.dat

MD5 d62f25293236a6c04a10b880e0ac1a96
SHA1 0d5acdeb63962b54f4d2796cdba7276bbc1b544d
SHA256 be2cd193bfcb6731e92ba5ff8ee779cc12de419b05d74e24ed80c2a61e858c2a
SHA512 14569543fa757d6a39e8f393a5b25553c5ade5725fd8fe231f12893974fdfaf0eed85a0d5fa18aa128e10502900a4bc81539a2cd9af6058c302c820b2ed938ca

C:\Users\Admin\AppData\Local\Temp\Cab95AB.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar95BD.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5810961b6cf69d79f80911be8f591a9d
SHA1 85701ecab4c136154dad0360e1179e08689b05c4
SHA256 c1f30e54cc668f0801f1cbe1b5e51e74a342c494f25bfa94bd969eeb7b99dcc4
SHA512 92b10bf2ea187743560a52eb82023ffd8ee5ecf2f20f3f6b34271b3e100fdbb817f9540a85f0844e207f53a251a7de4dc76aa46941ee471cbb7be2549a3ae0bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0f56eb77ae7b9395a78199d2a12550f4
SHA1 9a3a05f04bc672e99b383f52ffcd0118f3240d70
SHA256 ab99f578747e21553a11be242cdbea323c9461308c5a610e5aa5e9b98879c54a
SHA512 e05bb0f7f69f6212521840ad323fa627c24f87c67df5e0ac841a45b75683b99f911679eb7098250b3b92a37f85fea907604ea3333501d6a1235ffbf4af95c789

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 71ae54e638d90bb900e726c50e673536
SHA1 dd3f0ddc106036845e378f916bffa0837935bd1b
SHA256 469625e4977eeb3bafa8cd4ab692670bd35ea4236b7592941772b3adc915c425
SHA512 12f736e40f2139e85783ac9f2af5f506286217f3605e15a17fc89eb03517aa333f5ba1e799b0dacb31b0a3538815d5a747173f13e684d2446881fe2eabb0bff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9e6cf557f7e3e4859cfec3f21ada3b0b
SHA1 a7121dca980b869c15e12dd608aad81a498fd327
SHA256 c68d8d5b03c6e46b162513aa7e99d91668718e5a824b307afa1252fdd147b0b1
SHA512 90cefc002a252105b6531b45baeb0a60c5996bb41760758985e952b32dcc36011f30b29e6d4f770dfea446e2068333533f086424951fce1ed492dcac759c1e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36da8e292a9ad80bbc3aa537d4fee0b6
SHA1 387f52824e9ba0d3d69c098513b5205ac66aa43c
SHA256 0c0a64144592f5d8ce751fc8b48aec63d740e625339e8622aebf95a2803e791c
SHA512 d5c5e84b93f92667332e6c2be15b36d1bf699bb4cee3c253d2fce7ec691d77f629822b64cfcec75f8ea1a736084ca45f673d5df643a43802e5153cf87c4684d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4282f85d02e24e04d396a35c4633c5ca
SHA1 2f8f223d888e831a84bc9082971909b3f32dc50e
SHA256 b4ad7342fcaabd7d5dc651a36407e9904843cf6d31b7b024f6823e47c0da3dfe
SHA512 689f43a2e945af7bfee720dfb20f98b4bec0039a50b01e86bda21bab8a90a3eed6b1707f2f9758e02c7d3c35681b338b2e4b3ee127d1fb7bcbc1dbfee2debd4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e88c6bbff7d3390c2b9c7c4622fb0d0
SHA1 7d5ebc12a7be15a5cc784399ee3428048ff7021d
SHA256 e35f461360ac03b832d6f8a6144cd1a0dbec04ceeb21f22840f14b90644166d8
SHA512 f70b4b26c3b5f0fb442a0408e0ab2cc0e323377cd9cd38256871ee1cded7bbf254a3852d47833336c4963410cd4e56a522c0e6a3cbf213aa318ee342ec8f831e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 067d54dfde5d5cbd2921adf3cd595a81
SHA1 5d2721f2381da7679dba2011c9fb05dac84f7c57
SHA256 32a5c701de37fb2cb7879eb3c30cd61d5858b8de7cdc3450fdf737f462cb3a94
SHA512 3956bab144685780a0aa85198e2502c8861b6b85906ce95cdafe948d4aff5e9b0bafda8e6dcebcd22f13cd339c17ab71d583cafac550706478793a43149a94a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 7de6482d47ea562adbb619c36e5a41b2
SHA1 c45c8c148092dacf090de5e7f17d9d943fc537c7
SHA256 cad649539f7745691e37a0870c723450ad1845e08eec94c09571613e4ddddc40
SHA512 bca88957f65177dc848f4aca88d4a5e2bb48ef7790b976b3b5d530e84d7d065200b438e5d5eb765a6dd6725634b5dd8816527810c105b4841baeb13ea84a898a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 4c0b2d5aad0ed90f264b67073f9e16c3
SHA1 4f8c5ce89d6b699419cba03a2ee5512cb16f73b3
SHA256 40f6d030e33b029f6e5abb5a4b1a753fab662c47c3418cb660687bcd9da540db
SHA512 5eed3e762e120a6366e9d305ba35882e8e7b476e8cd57701abe8b4c6e30148419b5e9d24e1e131f1b5685a0b7df0e17cba1828b25f8367a75fec2cdc415d7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 b897f8aa47f56490373fb43bd9681b4e
SHA1 6f5f93d4fc6a5a0fb09e23a78f01ef7647312eb2
SHA256 d4da9e19647add365cbfa935bee57ef691bdd0782d5ea4815ded18f69be3bb56
SHA512 3d5997a99030848e5e7883b72f1ff217881d6163a82a9da72c8a57e8f72afeab8dccfd2f76cdc4af2d27dc2982fe1f2e17d87b47991cae0e17ac7016a50a61d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O5ZIUUQA\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JH49E7O2.txt

MD5 b5fce8d6fdf124af239c910fc3ae800c
SHA1 6dea098be6165e9d93fa1011eb65890a7ef9906a
SHA256 4fcef8c24294c63fdf7ed7a070fb34d79416ce1bb2c1e45fde92aa6fe631a60a
SHA512 e7d2bdb46b1ecd1fdb86b335070c7313f92890415b3e4beb2011a45d19c41711ad57112b4be35691d8fedb93cde66eedd50cc28e5e352748902bfd4b6b8710b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c10fc7e97c644d7b20601bd654639708
SHA1 bea645f773ee1e3383afce0e8be1bac8d1394e13
SHA256 a3903a5e98cbcf59e50fa986d295e59875b4350ded654c5d5b8d240296eb5604
SHA512 42d62e42c4b0166da3362bffcb6a73b0afa4c0a001d26727a83f62402beabc7c7016154473e3cffe0f4606349825eaf819f481d4993f3cb696d9d0bcfb5ffe50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 269454154a1eb49001848df2bf2172e1
SHA1 a3d9e9f74e07d51e3d52dac0ac5c0c45abc31918
SHA256 03c976c800075bbf0f57a93302edd6a9882fc7465f537b324dc5d118ddf8621b
SHA512 15626650d07b3fc94128d4dfc13de1d4cb1955bc470b63f2e512657032161f6d7d8906cd2989d5b64568dc0777434dcada9c7792e27924c0af4596d2a782316f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 232b530d01c5e58bde35c4591fefaa01
SHA1 b158ab5d0c7b83693876f58be7aed82507c7e238
SHA256 31fd762ce98f9df0d8a4062ee6dafb1d73abc2faa70db3734484f46b069bcb73
SHA512 63300607358b1f71aad64b90c7cf0e1c37669e4e35be6240e9ffd482a08402d92c13de1ad732826490a2f43ecd9625f35dc66a0d07aa71ea54f2f6bde4e0ad5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db3ec231ae130de86e25e1d907fb306
SHA1 dc0506a14ed08912f23c665c97e77080561cc259
SHA256 436ec39c6a94ca6f0cb7fc6eb3b9372a71cb5da81c83161807924821d98af6de
SHA512 e7bd9971ae0f64e14b8e109c43460e5870795b14381efe59528e8f873e98a290877834e158e17890a5601a0b99eb48810294d1cb3e9f28f8c5ddc9bc815a37b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8c1c3606e1dd0fec063c9d276083860
SHA1 55dc33a58ec4414d7517af92028b8941abdc4c44
SHA256 9160ba2d4f10ff46644738705cdc90a5bf9acf0222b1167ca7aba498f4aea94c
SHA512 b7cdd4be473d2d24003d277525a5474b5120f36ce76a8749a4261e7b6ba9001a06a944b4321c19eaf38aa9d902ad15b26b32eb76724cbe51070cdfcec8e5acb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 424541e9801787456ad4b63ec9bbc4b8
SHA1 ef4e13c03d2483d392059be5c944868fd69fa703
SHA256 2fb99ba3225ed6dbccb5c0025c483c62d1be7b6812edba9044eee270a5f74fd1
SHA512 38053f894a5591784937a56468337c3859b3c2268814b7fe9809277adc3c388ea034abeeb5c81f04690945eba77a10742700177084bf91b0e9c92ce728ba08c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42a125e25ccc3ce49cd863e2756bbc77
SHA1 90d4b28dbc7e033629068a280fe84bbbcbabc09c
SHA256 491adb51bd966d206132539c2138e73a3f69c9c9af1260476b562d196e016ab1
SHA512 e2889985ff5f6f33105bb9e9bef55091851d967704bb9d2ff97ac9d9fc65e8e350175dffc3780d9ee1be83c3883ad689f65beac9c6bbbb2eb46aba3ace9a486e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d2444c62d7bd80bc4c03a45df7c3808
SHA1 040e24b18d6bb686124417475672f47b69077a1f
SHA256 02b925a4daab8a13a7fe4a66578c6f917fc80dcd1ad877f005eb131fac69e6ce
SHA512 ace0f605841f0bd3425c16e4f09bf6775d993521a6754988eb980bcdfa1388734bdac694858784345834bbefe459fadd76181f4d93a2d38d8d2620bd08d62a9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8d9b0bb5fc8dd7e795d0c9e26280fd5
SHA1 18cffbc3595133b7b32e08bea2e6aaab306b3eb8
SHA256 adeed9b7522a236fd4740d59fd0d78156cb8eae0ca93d3e823cb60666aa04681
SHA512 b389ebd76107a8fda80e1149e70cdd7c1241c6885db02508bee498c14698bdc50a6e561bdb5dd6ef0c10557f5e61ded8490cd7114b747112f78efdd519ff39fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9d5995976ac6957b56ed95b01339145
SHA1 e9910b690e12cda27b0f139dc74c17cd2265398b
SHA256 c71c926a1321561bae0e468305fc45d485d55f7c868fedf59e99040c3c11fdcf
SHA512 0d66a21da1318f1fdac118e257ccb4da8ec19a8cfbb471bdec6b40575446344ee08b4e0b8f3714ee8164e5f5a24ac843608c437f0885094d566728f5f0eb778a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d95631e97dc6a10f7ece123a62127a4a
SHA1 d9b9e9bf112f7ebb04dae0cf86f1c389fd5cb73d
SHA256 d719843070ebdc57e07a9684df8dbcf4cc653dc536b8b769bef5da788619fad3
SHA512 1a9ed9c79e2c389744d576692a55a8347a6691ba82c3a0d68a0ac5c1a04e0597cb30c96e992ccb7a4cad1b6a7d5b3f60b8fe8c3d68f27bc157d3a92251c0e114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cb2267c8a11688405e5f58bdc15f556
SHA1 e0c4826ed79cc1a9632da769322ec2b7c5f93018
SHA256 1182069381eea9e749bd33c76ac7c65ba0bb61ff8c92eb11a82963816c9c298d
SHA512 a38e203192489a4f948c94ef8d9a1983280f1d4a1baba54fb979cae424abd8f7940ec31967a39f1aaae44268d0f95c01fe53f5cf2e1d0d92b27b8b364923bbb1

memory/2532-841-0x0000000000E80000-0x0000000000E81000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\854721d9-df9f-4f4a-bf72-7f1baa5ff5a5.tmp

MD5 cd9564508fbbff0387ae8426d4ad9808
SHA1 0be249fb6878d888667a609e4c553ecad94f6a5e
SHA256 c1ca3b1cd734521d9165609a879e154ce2c35175620d27274f1b245a248259d1
SHA512 e9587026f64ee9d944b7bc364f78a7165320903b0b5633a9dd9b9fff7db553ff8f9fbd46c27b6249fe15f40b517560cea6a9c93c24202372ab113707669df720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\662f0b59-ac42-4fe1-9f66-b6b9a231e33a.tmp

MD5 263597e5944507e624724478a8637c4d
SHA1 452a18e90277290b2d05d5a68561a2d2ef93eb08
SHA256 3a6839989c955e16daf0e9380eb9b3720093486ddcdac8151c88fd2072ba33bc
SHA512 b4cef5e567606b5adbbb188534e81a288cd9cd0534b495e16648401e35bab2c72d356fc1070be2d71937170ece0f415c9e92c15f443edcfdc3e5f76f9dc927e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac1ce4d97f1d204b6d5f4cdd2ad94627
SHA1 7f84ecb6dab9a7089b6fccea35e4b0909568e05d
SHA256 e818b8229a5ae786fc1cd5ed3483f150fc9d57b6034f19f44b910b2e9c36eae5
SHA512 ad47896397d42947b674ecdca4cb7fa4415ac91c5c43e101e071594830d211a712da727d6b83dbc8541ccf90f9adc953a7a825ae08868104f8ec70fb067dae44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 ce017f9a462b214598474f8583cf29c5
SHA1 742eabb5bbfe766fbb7870d7ad7b6f60f3e4606f
SHA256 646fad4660b59c9b795de2479ca4aded2aac71b9fd2c35913789ce4a7a161d39
SHA512 62e21de8acd0e7cfcd7ad685bf83e25e801ad3ecb62ec534aae7c17dd954971eb4a9c4224ba0da1f5a5df6279702778bcedd7bedba1affdb30c4fc4ed906da61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5EEA01CAD208F75F11898843BE401E94

MD5 89da0a2c62a075723f351e4049eba099
SHA1 b4a9c443b948cd3da1665bfea0f3d14736acc542
SHA256 2437c54fbff8360582c8f5653bc6e3f23f71ba297236af2ade9e98fa035848c5
SHA512 1b09e1a3063fca9c85c4849ae7d8151eae6578b37eacb8571606b03ea445555c8640c73ec055dc47ff45f260d0a6dbfd2531eaa0a8ec334daa235f72b435fba8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 81e09c972b3b085ffc3005d351b9f9b9
SHA1 7ba4211d6beb6396a4bb68c702ee1a0ae81af68f
SHA256 7e65525060ff33f70737d0fc763328801dc60ae1830055626217347b713573a7
SHA512 ac13844477a3d7e1dd926869d3295f6fa5cac58a46b286df8418e70632423a5fc781acf7d4d5ad93d2963762b5e71f1d2e555474669f6c61fa9fddf1d14287f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 69f963c51aa74ca37be08cc2362528f5
SHA1 6fc9832e957f00375da0bbdf3881e01ecefc2094
SHA256 5526c0aed06c982e220ec7bb53ad6af15d31ec957c86272c8a062144d6df2d67
SHA512 8f617d4210da647c4ff05058de1d26197bc8451c82eacdd2830b876c5f77158a2d36ab6bd739dc3500ca7597b90fd4d325ac93bf537a8122857f459cfc3d6d69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 8679d38dc91801d42851252414082da2
SHA1 5ba12a477c265124466f9bb4e8b696888c961bf5
SHA256 f962c449172fc68b3a275a9e450f1ade40fc6078209f166083600112baa6e82a
SHA512 c613beb4d12f437420af16e941f752359996716ae6ce5697e97371ba48dd1d176d9e8a3aa7648e5423e1c08e577dd0685bf75062e6f01caab54cc9f136ceb6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 c399a7d97d882de0a604840087726dee
SHA1 a285708689bf70c2e22e0d311793a8a338b9dfc8
SHA256 4f77a04925140734972f15586c752c61027fc983e263c2251e92fe677760f45c
SHA512 ffefb85540de83050fb9f75abb526de888c14ee99705dcd2ff77a0364e35cf72a115ed39f3e9622dcdd14d5f6436446f02c09f923a93da4fe4a21d86b39df5cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 05cc3c3ad62e7ad0dc0dd9b89065b8e5
SHA1 0eafbb2df80074553e32f893883940568b1aa498
SHA256 53a8762cd284fc361df78baac47cdaae2a91db419c429c35028c51e2f0d7bc58
SHA512 92f998ac108dbbcfcdfb6f8b3defc6d0035c9a4906ccc0d7c11c06e1b4b351c93503427491bfb38314dba63da0468e7c6f8c4553d73e9928bee873e2bc8202b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\975da9e6-f4c8-4fbe-b712-d4964fd9d039

MD5 5a1da05f9c6e66ce9802111b33d4c177
SHA1 efcbf5657925b732998bc569692cb009bbbf7165
SHA256 d3050421e5ab081ba745c520996b9e1cd1e94ae6dfe9cd99e78e0ad67d2d96ec
SHA512 25b6335cfe90d5dc82048e731ac1502f767b5b48dcfeda5389a0b47b8d0fdf9b7dd65c5adaa568a89d4883b86cd04a4695121eb4615ecfe95a52203861678449

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 623b9d5a529dcfecf792da09737a76f9
SHA1 556519cd4f8d048a08693375efec41fb11466ef0
SHA256 6eb59ee933aa3303439aa1b5379aeee0b178c768f9eddbd26c8add93c8f0e8a6
SHA512 2f5990158bf3528fc355f404fab9a604d7aa73bbc3d8c198a5e2b59ca6b232805274e8d0e674b62508974d4ec93efa9bd9ba03f09f156ab9b04a08191bf74736

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\3074e37d-5c80-405b-a496-fff15f9322d6

MD5 46e8b14b5269235c6dc3879d3f21c0b7
SHA1 ff4a8fad9f6aee525f601d6a0ef59ba0450e64d0
SHA256 a58f5460e7b6f29b5c633118346251c55aad06c3f60d51a2bfe458907b70dfa5
SHA512 7b2606ca760ef731f7d5a3cf11c458709c2ce83cd8fb66cc54de4de1e3020f79e32a1648c43406b187487bcdb3ca474b01fe58ec49d6a33c9d6edff470328524

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 53386342fa86ad9903b6ea4b5936d292
SHA1 b437e3574b9911a99fba9d33d6d9e29e28694936
SHA256 16453dc79955f1b759e856437d0ba3c7a3bb3bc84c04dad911b2333a196e1705
SHA512 713719df933f6b84540298faa4b9ac808fa10d6ba81cb9cb79e994b31fa1509025bb345f472956368f83263bb9418951f28790b6a4815bf56902571ade5c0929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e31c5bd0c813b4adc07fa2716b0ef9ec
SHA1 60eb2f19bd700dcc32a66eba17d39cccc7489d11
SHA256 556fa5384d3398ea0c34bf3978dae863c1bbce6bf1d8769eb9103237181208c7
SHA512 7b9da8221395a00eec90189fe2ace6f358ec61596d552477dbaf2d7f37615f602356b9b201ba3a8e70102704bf9fda09e6224fe9abfb9933732d0c208e27b9b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 b909a7889184e8ba24961775ec10d119
SHA1 5867c9c2a62e19c67db738ce74f9722f14e9fb8d
SHA256 98a5dc2b1d19f633be1d1fac2c1fbc45b8b6229b3e2da7c3008a5d972dee9cf4
SHA512 94c990edf9182209b45558198d504a15613b844d9617853a879afded674c69caae5ed795872feb8499ff4a50b25a658c63953fcf3f0a3ae2a168384e9e4025be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c24aa839dcfd6b2bc3daa38ba91467aa
SHA1 3b771e5a5c6c56e5c6d7c8a745e07fb788c09dc0
SHA256 64491ccba8302ca0c9cebaa91339deb8e6de31417452c9840a9fbcb374f0331f
SHA512 1541b33b558976de5a396ba9568f746f2af9884356aa050f83c0793f94fd5bf677df6c12685e312228655f269eef9d3af80202f0ee0513355c532db92af1c63f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 7a8c737c8fbd5a3e9d13a0ec31a031cb
SHA1 c30335cd372fa0eb7eab64ca1bc40581a232862b
SHA256 7c5bd24cd7dd7581dc5d8a2d7085b39dc65b624318cc8d5914161043606bcfb4
SHA512 83414ab9c9de028a2b807a6daad9b6bae0728b4ac345bbf1022c19409a93cd4e4949f4a94f5a14022e01be1d1ee1ad0cfa85ab7e7bdb746acf58e1101f694f9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{8dab52cb-49ea-40dd-99c7-38bbebfedc94}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\idb\2649343995yCt7-%iCt7-%r5e5sdp6o.sqlite

MD5 2c8e921b3b64798b5fe81edfc32e612a
SHA1 b08b6fa6a68256f49c043bf2a07c2efa4554be3c
SHA256 d607ea6d5394bfb1c709f0f12b4a3c509ab2804f585636b8ac6d9d331ef846c0
SHA512 c1db16140a727772f29b9dbab582a7a7bf7e14b856ea23a8c37b3251797e1ce349a7041a37d709c9340aa47779776b57baff2f6112521c1ea005c62ea1384ed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ceab630396d29d843a57331c5c608676
SHA1 25f37b6127e6747ab86305b29048cd92759cc260
SHA256 61195bdad1bcb0259630596e17e426daceed158571dd2b44d198233998e30514
SHA512 f6fe5fbb119154bc9d26cd27cf2b283bc2ffb65cbef9526f83700b8a5333452c54041bd8f8766e41750837f5dc1894714db4b623d40224c8d5db71938319a47a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a913cffd071fd2e9fe32c8ba30c3f3fb
SHA1 b2acb1f63ee8eca575d3a505806896980195f264
SHA256 c835c1f4ec7899fb7ed2f724b499351b00d064b5670245dfd61bba33f4aa7aa5
SHA512 91785d0e0406c11c902ff9f85a0bd4c4fdeb8798e7ab5c6ae59ea31d8b88a325ea61e6c89b1ee4c53fe70a97fa7d5f43d07dca2bfd4378a2b285dd023121ecf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf774885.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e2cde838332b4e83ec03f00337d20c87
SHA1 e8e2a52ad334c3451f2f4d6b604e9f1751ef76d0
SHA256 a7dc1a62be0d07d7fe110b29f35a9716775fbc06738b4f34a229c3eaa85cfce6
SHA512 470ef42c36a1e22a0b5a9c0632306d8d309aa47d1731f4c1fe5eb607b26734947363a22767ffc58aa9568ed1ee294e1d43e15f896ab2735328ee17f0d8e59ede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 f6184bafee4be4e0179664a6696289bd
SHA1 5132c2d40587621f20faedd954aba04db32dacec
SHA256 c2c037e92cce291e16693a597a77733b8e2121a02b4394ea9326654d1d76a83f
SHA512 d1fdf95816dae49ff7178f68f92c3e94aec5b6d0e96f300f1763262674e888b4b83950f051471cd41c7974d4c7100e9439be13ddc057a0605da86f88c3f68d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 8dba1030059c0a051491a85bccad695e
SHA1 1c19373c7dc5c388b26884b9146095e44070bea9
SHA256 5de42bda76cb9cc03487866621cb78532ca595b367489a8f9b392ed0812f0ddf
SHA512 26ed74980321134cfe68c3eec3232d3f01b162d5f1b074ce669a966b453c5885775015cd41a6a89fed9179c67ac9dd644c6b263da0231bdcb61a5708632f60f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 ad5cb636129e6e71cb3a2e1f78120a2c
SHA1 04dc46169008835f7255079cd74b03ee5585b8c6
SHA256 b0417704e5113da505ef6f8f42681097551c5cbfd3e18b884b069f3ed0919e70
SHA512 668e1a3b7f72e7844d5fde294a0fdc492612b34c5d23e4e7d120abc5352a4a80b050b0725bb4cd8259f0c9ee762d44b9f4e2e23eebb32af8e105e3d756432a60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e2e7ff4214c74a31fa7dfea980f8c5b2
SHA1 e1e4b01c1ea742faf5830fa22c64bf59c2313c35
SHA256 4a71f1b0d5a4291813b2ad5b7703ac4f1047f197ac0e906d920d1516f86e1727
SHA512 6234a0b6b15fc54ff179ffcd2f6844b1c048a91242d9acd8a61cfc73c446f071e87b794fbda577456bf1a02d863147d2d1d4e8f02795df89d6ac0f962fa438fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 4e6f74df4b7605eb39cc6ca3d37dd945
SHA1 ac96aed364afc6dd7a6ac4fdc85ff20f8f0abdef
SHA256 39518674239fd351f5e170b4216b1dfc0a19f83cd6f10c1a9d190be58560f2e9
SHA512 afa4f055566fd804c09e2d08347c6239c653300a0d69ca335f51eaadceca8ca7bf6295958effae661f4fa6324ce47773d1ac780d61d6c5a93ef8d7584f8e1ac3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 1e8b45a4bdd20c31ba78b1c8c05ab7d4
SHA1 75d08ec919dd2b881675423717947b5ec376947c
SHA256 96d8577a0ec2f459008a0ab4b9aa579201f06d291de1dba596368deaeabeeff0
SHA512 2bba4905d7363d7917b6590ac11eb2a270d6004bb3d2ff16c0b85fe7c60546f0fc2e027eba9a77b2e532ca5c3dcf8bede2e60b6faf7f2cef654774d9d48aac36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 7a0bf2d47bf6e33141d2550059079b80
SHA1 5c996f7c08daba9030ae0e9d0f095e600d3aefb1
SHA256 e405be4ffcf6e871f8bd71f1a10d88864f6ffd9b312dd2faee4e51628acf01ad
SHA512 5a5a2f9adc1f618e392ce13cf6b4fa12e372c9599fdc8ab51b5046d39d98a26d67e49db9c9522b88e5c5e57d852d0360b0919490530354c064a163ab35da5be2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 12956ec56a156867a8696c863e1acb08
SHA1 499f97bfd8cbc29d903ea98fcddb14655f9c9d2a
SHA256 68feaca712a04aa73e4ebbade56429a5ba2e0a5d03fda0793f8821419cee51d0
SHA512 b51b9a4c8b236b13433ebc016df696b040dbd816534b9e938ea1ffd966676782c723624f025b9d80c132a9164f578a3254e95333479fb389bcc0152c7d399dc9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 739efcf5121055a3250353362eeed79b
SHA1 3f3a231cd754e84213881a4bb0a03bfa0b0508e4
SHA256 6aea75522a36957d199ec2d1b5cdf3996f08a84b941d4b5caeb0981c6275c221
SHA512 de1f1c7402a979f7550296cd1d14f70dec2d9c4591289acb091c1bd652b7a948f8a267de578c86b5e39c8b2508024b4ac70e19950fd4fea16635e102672bfe4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84a0661c8ebb412b639da4a5584505c9
SHA1 b3c51f1dad36103220596fad4b7a55e9d48a8009
SHA256 9b516f806bfea149c7f10a4543f63e78092382652f4c585bac82f593345ebf4f
SHA512 12108fdfcce858d1857742c1040247668f95d47b2edf512717c3006240eb06f7987ac90fbdf5cb8d07486c4809bda0231b15e95cad8cc463af3dbfbb7aa425ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 e2175cc2ba741482e8db4223ac827364
SHA1 2a400f429045f34db9f6136c4403592105ff0531
SHA256 0844dc81e0e09409c6d04c2b2c5c5198398d977630593a0150ad2a1fa442f8ab
SHA512 ffa838cca12287e132584832ab96af96bf086a4b35c31ba1e70bc4696cf4528b9819adc3b949c3dad77ac09a211e8d0cb867870019496b34b30f5139390d1fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 a7d020971edee484ea885fc4616e9b94
SHA1 8886c765643c22961bac6d7b2c3c8ecc81b06bb2
SHA256 b883ef00d35c211c6e80e81e27765a3a13cdc958461edb8c2c04841a8a6a44c5
SHA512 57532c64e20bd6e59771a201e5c35d821092813d6838b13752ea2f85fdcbe02cd22b2d318a4aa0f154e1490f89d6f7e5d20adf7211829c1e052fd5d7ffeb5972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e65301b8bf3b32eccb6eebd6becc4857
SHA1 17dc4f8ce15cc76219531855f2a0cfb675fe0406
SHA256 5a0174b50a0f5c54f9a8bb3e7cdf9187f8ec9e8176fffe2189d2ffc27fbcc071
SHA512 e0683f5d261af750a0ac923a55934aba2d80beced66532e4547048d57658ffb0ac4e9b6db2850c86210ec5dff51853d21a3306206b7ae20165dbb716c2c74631

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fec74c521c030e887d72a5304185f50e
SHA1 801b197a92299c068ad59745129d1d64d31ca51c
SHA256 3ce42f56d10136101bea621ff08b6aca7410027acb447669ac624d37ff9d8d52
SHA512 cafd8bc6936a1fd83ef5a9c573f021d2a92d7cc014ed1ae94987a83561886b617d1617523ba6a2344f717f0d297d7d13c9a4872973d5d10fba6a8bfa06670704

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6e59128bdaf0d1654d0c3eb2024301b
SHA1 73a021aa95d27e962ada7685f31c6283447b250d
SHA256 f7bee347b27ff77777bd2b2adc90552bd5fcce293733b8ba576d9d075d08937a
SHA512 7407a8fbfeccf2f59c3ce8c9db6541f919ff69f1a0a1f52745eacee123b335a03c7a7d62d0877c04967a5a6aa0f66b6a2349de79bfd9581a0f2d7811ca7f808a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c4cb6708ee0c7d98d585574d256d42ce
SHA1 84d3b049b0e0700d5767b399f0ec62e2236290a1
SHA256 d7da2f3a63d397efe0dc85cfa6c979f1cf8fbbc574904e12ba8e72514ab476ee
SHA512 7d666dd7726be492b6a7c39c470a277f9a97e7ed79b31443c52c78231618c0e7b362419674ebd2d6cbf5d66b06f03890914f6affe62534476a89d90ce9d54fe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e932c7dd89f7a6ee10f3cdb1f8594c46
SHA1 231fe0fd42dd498a91882138b764d8d5322ff986
SHA256 5658f82f9e9da9092686ea0654b9f84a1e94a855a7c1f8c305a5b5463c784356
SHA512 f3a44f7ae6d64d3cd5ecb8f87e1477d2516ade98aeca1759e93e1afc1962ba3a06c5add9270e621863ab0e0ebdd6edab8006748623e27393418eba2a3eb47a51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b915aaf0487667319c7851a9fecaa4a9
SHA1 2ae29926db0fa3c5ea65779e759d8fed77d1fb29
SHA256 d686f43ce81a288cce9a066cce1424229599fbfc1987a6220a05dcbf7f9f5810
SHA512 18224bd63a76b4346344d5a15e2b468860194c825ceb1eabb495042ac3a3d403070acc64cbda8fcdd137d21c8f2cdb9aef9591573ed33eb3363843dff11e1d8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36bbcb0111e0a03cf212d694a7cd5ddb
SHA1 4974171b2285799b8bd3b199e343a1046cb284ae
SHA256 95e516ffa7f08e0e6e3218f27f5aac77675d22130d5e7f3cbb5d94ef90ee5b9e
SHA512 f9edf96d9b7b400d909840a1af3579a7fbceacfd3b65a90794b2789001f35628180bb64c62876b479a03845342bc57ce70c92c02275685188a6a418b5882cb9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 aad85ab0c7f7122b0cd2973802ba9a90
SHA1 181d2111f1cac89b9632ab18423fd399000d7929
SHA256 a39b296267eb197375b2d63fd4bc1b6f6fa8edf1ca74abf8044c5202aeb52671
SHA512 8216f019bb1fc3ff56534732519fbce41d8df296fa7edbb119e48762354dd8a4a23089eccdd3f3c9d6a64986b52a86c9eb4d64ccfc6d7753b07f6152befc2215

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a86a761377a8b42b95b2efc487bab23c
SHA1 6d4281a648d6d6e424619ee613d9bb6c2f6f32d7
SHA256 72cb8d6993e77557732da53cf3e3c4c5222f90b8a2cff05ca9d7967fae0a600b
SHA512 5714c86127c982876d505598ed711122f74d1dcc8014a435cc50df0f031476dd6000ce39548395232c391b6fa47a5be93e4423477461935965d472c3275879ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12e429a2e8a4199fe0d0a205bb0010e4
SHA1 8366a8ae35262506e2481cfeb11ba16df0051fa6
SHA256 23ba08a4bd0ab7f932a059a16277cff4130eaafbd9f06bcb8791a9b10957fd3a
SHA512 60d797fc0116078161824be6446f68c5da63d4d18cc55c0a31bb24a1df4aa8ebf1043a0bde8990275e4cd10eeddacfbd2770278944ea4a952f3d78147bf32485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf42b1bf2aad5142ceae29787982676
SHA1 582b45713df92fb46cdcec6907418e1ed2add4c1
SHA256 463f652f0c6a26b7761c3ff15099008c64169a93af03e201d79edb224b128a90
SHA512 ba1a75da6b8fd1b9e1af96619efa4c36a828b530ff4e635970660df4b1c6cfc82a3b1a96004046fd22382902b19e21fb74716ba56168185c07fde3c714408c78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23ba47c6865ff7892d59c2b6f3774816
SHA1 05de7b38cd0240e3af779ccbe7a7b4a6254b4125
SHA256 8cde7af53d657da1eea49611c85549995600cc08707a481b7292dd20ecce0064
SHA512 264f8ca89ef11dcc5a8b0373b1eb65281a1a0074640498069e5a157175726057718ff935f870e8d22410394f22a9a628c1355c05d4749f7d06410cf10f378a6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 91186d7b80b154823a04296b7d29cff5
SHA1 97b64e942dd776482a8d3d606e789aec97b8a994
SHA256 dc37e15254ea1eba18fe31c65f5313238c99230b5446de7461ef25625c81d2fd
SHA512 a22944da65792aed0bf948ce2cc406a0c1b258c3d73baf98788425fb7e32cba74b4edd824ebcbfa184e41b5829b25471bdab7ea10d93e04c4015e185926b2337

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 306b53c5c2e2be2ce25e460d5a5b1acf
SHA1 10f79292825c7237bfbddb80ce058bf7fa0d5503
SHA256 4b15fef1140600ab543aa24e9071c91262f731039b4e2f201f8ba859b8ceb00a
SHA512 4bed312f0c2af5e23625f82a30bd7ce2e072de20cadf7cfe3981d57a6b8480d88a628eac33ee073033c826a2605594aad42a7e8a9941c4839904cb0d4e47c5e6

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 270018d4c532a6d4da8f9d7689ca9139
SHA1 6fab5c4e0aaca7f207e883cc0c62825f2ed1101d
SHA256 09b15da591b01cd0544c4a5cea12890d901660b7f9cf2b8b49a432e3001a59f3
SHA512 640b0f8a2dfc86e7cfac06e0a8e70db375459bc5ecf3b80c14d04d6745da582708e402eb610314c78c0fa2fbeff3071d0e3a3da5b2c810fb7a601d4fcbd22adb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 513ca899f0aa5777008e25128fe80cc5
SHA1 0da046ee5e963dfb4d3ebf2b6582ec4a509ae777
SHA256 3072b8e448e1225bebaa39ea2a2d9d70f864232e13b0418f7c030c79bf558a95
SHA512 053be1d01d319a65e9291f9db2954f828df92d21c684bc640311c240e1b3cf41c63192b7c8728fbab004e83a035b103f35668d60a83449c9754bafe427994243

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86edefd342dd3d5407a71d8439c89a5c
SHA1 f04374926124e7637f9ee74ded8bb8f0b2ab4e99
SHA256 1e124479015d54e60041c71afe4e652faa626a886ff0e90ddf50affc0e033f50
SHA512 e42bc917174ea7037779a805f37542c326e77f664a1042f9ee8625e214c3917a9dde24f301117b72024a4ef239932fd0f284c9d2b2ddd754d375c41e6a874c03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b84835b6-9be7-419a-ac35-6dc6353f05a2.tmp

MD5 ae7c4f155cd34b4d69a17ed1f8c918f5
SHA1 647bea1f44794bb717d6c8e3ba3ad1983507fecc
SHA256 be5782ee0b45f384cb150396fe716a4c349f55953cfeda6b4ee6cdab1630d327
SHA512 00090d3b97e77232b2b146a9db282fd8c200453b5fc3515d13fb8503524ab7b2c6accbab3a763260fcd021d31efca9bdf717495e84ff50fb9c8a77180b02ebcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87789dfe47c1b116751fd2ff024c8632
SHA1 f2a10cf978d2352b78028f65a849602cac5e113f
SHA256 8d9826fd21f48cfdced468ecfc94a202366cf0e9f2ed922b5b9c73d81eb2217a
SHA512 24004f10dbc034c299c388321f693db6c5922658968ce828c79fcae539f545bbec4a4f2b8c4470832f3eb0f7663e14cb908060ca4f8417a723d183fa02d99419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c29d820d905ba1c630e20cd256b7809
SHA1 4ee7c50287260d2e3e15e0f7277e5ad3b85250eb
SHA256 dadec67249f867ecd10b123a97fdbf0958ae5ae5fc89dcd581f1c706d45b810b
SHA512 41bdf0e1458f2d5be3fae1407ef454e66e70dd50799d701a0401782984c6dbfec91a141f7f3be4cc7169a48e3e91bebb818f60aeb9f0b5dce6797ff5ecd158cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 99a2ff5993161e049a6c147558b71054
SHA1 764e3540d650357e94e0e4d93ffa946f50649dad
SHA256 8cdf5f51e5fd78e8f0037dda0bbbe5dc75c0615c4d04a565876558d15689fced
SHA512 d2939803e1721ef47d429e57515b7bb83cf9e1fa645f7928d29b6b82b677b00a9db356317b45ebe08268e4818a029b905eb778ad227ada084ccd616a45780596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab391b28199637f58925273b7e2f33cf
SHA1 11bc5837abef6118efa7c0a31d8e232c595ea1bf
SHA256 1f01d17bd41295882d1108f969c6713ef47e4a2e40ec9f098fb9f6eb8ee97643
SHA512 62384829b6e840034fbb0ee4ce623810f4ccd08f18039c5e2d4e76623f275a5d61ad2e225558ac8a483c516913277685194517fec0219158dbc1b68d22c70108

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d41f867e17635750d4f7537038629a0e
SHA1 acd22addbb0bccd39ff39b99ff06770cf030ecea
SHA256 ce08af028c06c29f298ba0e6569a0c7f6f250d28e16ee4770a0496b6dabd36fd
SHA512 0bb5b5b6205a8b5c2cdd7a988a2ce44eee3a4f3d9c0b20cf26be11971175282348685a0ef058615704261ce5a5502779580af9353643144f1064349352d030aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 435e03859eff29ebdeb736583e8f96a1
SHA1 0611a52b6a40e16b5154940626a90c8214a9bf15
SHA256 c434507fa5d1548f2b57960c39fe4f3f94d3ef595b18ab763ef7c3c58220c35a
SHA512 a3a6a94d8aa521ff1af862ccff8f7547218bfd67ed7c9539949c3dd928270dfe7bb49168232e9011d6df6dd919437fc897f78255241393c88be834e46a9d6945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6527dce6232c20a5439af0026b5ce758
SHA1 cc61a1253e02f429cbc3fd54ec50f1f194a51938
SHA256 30ea8d8db9de53134b12191fa40a92f2d5d9478336bc4945aad900823199936b
SHA512 52b38f60781f2a292ec75038b2781547221e9d3d6054e81a404d0bb5dd4a2cf91616c627a2f3ee1493a503be3384d71efab6f95083e4f9546667f9aaf337684f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 53e4cd6c10a6e450566b510dba41317c
SHA1 05b912c92c321a44ed31614e808462243794b0da
SHA256 88814551bcbd7a1da226195cb292e0a3f9d23ebd6b4cb52ba613b1af54e5d4c7
SHA512 d54ae733c00044f11afdd6ae961ba4922bbba2bd0317bf2cc4636a994aaa20aa7a54d0f2bd273961464eb6249ac91b7b24769db7a299de494b4393778143f2e6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 46fc5821642b8fea3e0ca4153336a7ea
SHA1 f140bc0c83c25c90c4628a920041422bded0093d
SHA256 6523a4a5e7190249d963a1e9ea2bb1aa96afa1de88e3bc068a3c3d6304d7081c
SHA512 2a1ca9fd9e7cf0497965c07cdbafe71de34a8ab6506c78972fa8602971c41906741050f552205942764a4b62a7b1d73e56f8941589406123c5fd4f84b6256e0d

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 05:08

Reported

2024-02-12 05:13

Platform

win10-20231215-en

Max time kernel

300s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521883226448820" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 010000007abb802754d4deeddcb5efe3778deb215a925cd4a8df0bd1c9e366536f13cb0582d02e1a3fb5829202b37920caff396eacdccfe956bd254ba3e3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ca32e2a4715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b421a18a715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e0ada3a0715dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 1116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1948 wrote to memory of 4140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 220 wrote to memory of 5416 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5416 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5552 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5552 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5416 wrote to memory of 5560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5416 wrote to memory of 5560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5552 wrote to memory of 5544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5552 wrote to memory of 5544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5612 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5612 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 220 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5660 wrote to memory of 5760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5764 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5764 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5764 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5764 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 220 wrote to memory of 5828 N/A C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5764 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5764 wrote to memory of 5796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe

"C:\Users\Admin\AppData\Local\Temp\f29d582954f0f8cf70d2717550c86a41c4ed80f21377ef848ce018e1277975a5.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa0e49758,0x7ffaa0e49768,0x7ffaa0e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffaa0e49758,0x7ffaa0e49768,0x7ffaa0e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa0e49758,0x7ffaa0e49768,0x7ffaa0e49778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.0.1962730007\1140321076" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db375d9-80c3-4235-a4ab-3bda4ddbedc0} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 1796 167ffc09c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.1.383876407\1465151033" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f895c66-663b-4a7b-8322-e1b206688d64} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 2184 167fe8e3558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.2.919080212\789680337" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2d75099-860d-4d6a-b3bf-9f7090da76cd} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 3036 16782d1ac58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.3.1530378601\1828580681" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5eb5518-ed0f-4b50-a474-284b80a8a873} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 3584 16783bfb058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1764,i,3798700919004380523,2719287658565434079,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1832,i,7658872928414672895,6768344650967091304,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3704 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3696 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1832,i,7658872928414672895,6768344650967091304,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1764,i,3798700919004380523,2719287658565434079,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4800 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4768 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.4.1888792219\487623678" -childID 3 -isForBrowser -prefsHandle 4564 -prefMapHandle 4552 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6dda7a-3cde-4914-bd95-6fc0a010fcb0} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 4336 16784fb9a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.6.1215681834\1306836677" -childID 5 -isForBrowser -prefsHandle 4820 -prefMapHandle 4808 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bca835d-a57f-4bb2-9f48-de4d9cde744a} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 4600 16784fbac58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.5.2046103786\482467309" -childID 4 -isForBrowser -prefsHandle 4708 -prefMapHandle 4712 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a1f6bf-0342-4ceb-bc37-224c41c454e3} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 4792 16784fb9d58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.7.1593140025\1337335552" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5188 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6a2f49f-b291-4f04-9228-fe5b7154d779} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5208 167856d2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.8.344581975\1502483753" -childID 7 -isForBrowser -prefsHandle 5224 -prefMapHandle 5220 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf584c78-e8b6-4aa8-9c99-a1de6cab62ef} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5240 167858c4558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.9.582487578\1243574971" -parentBuildID 20221007134813 -prefsHandle 5920 -prefMapHandle 5912 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2144f9de-b6d5-4ab9-8bfd-5e636de2112b} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5896 16784284258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.10.1145610530\94141402" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1567e757-3ccf-48ec-b626-5a4922f991f4} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 6036 16784284858 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5288 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.11.1568707016\1039281205" -childID 8 -isForBrowser -prefsHandle 4108 -prefMapHandle 2660 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57920220-6807-4159-b9a2-f0050da5bfa4} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 6240 16785699758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1884,i,5633217453419541203,8443068051961145965,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
NL 52.142.223.178:80 tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr3---sn-q4fl6nde.googlevideo.com udp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6nde.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4fl6nde.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6nde.googlevideo.com udp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 8.8.8.8:53 232.140.194.173.in-addr.arpa udp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 173.194.140.232:443 rr3---sn-q4fl6nde.googlevideo.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:51141 tcp
N/A 127.0.0.1:51153 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.110:443 google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/3536-0-0x0000022DDB220000-0x0000022DDB230000-memory.dmp

memory/3536-16-0x0000022DDB600000-0x0000022DDB610000-memory.dmp

memory/3536-35-0x0000022DDB770000-0x0000022DDB772000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 71ae54e638d90bb900e726c50e673536
SHA1 dd3f0ddc106036845e378f916bffa0837935bd1b
SHA256 469625e4977eeb3bafa8cd4ab692670bd35ea4236b7592941772b3adc915c425
SHA512 12f736e40f2139e85783ac9f2af5f506286217f3605e15a17fc89eb03517aa333f5ba1e799b0dacb31b0a3538815d5a747173f13e684d2446881fe2eabb0bff2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 690d555b125c237912ec7d4dc4570d70
SHA1 2e55d341359493659d03877db05a01c583e526b1
SHA256 5a535e397f56c904f4370ec9d718a8b490e677f07acf50f0eaabc3f39f230cfb
SHA512 b51933181045fef13935df46e1049f114b3be2f9e9586b586224a04ceee9ca3817c7acd56919cd7921c725f64a0c7b3d6787641744ed7d4fcf4258fb1ba77e7c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 fd9b2f46b0b0e6cac0170f54a0e04a80
SHA1 573eb751bdce7f62de54c31f47a4810ced10be89
SHA256 e6248060f87cfc556ad01783e700e61f56ac9e11d0b9ee8fe405b434875bdb4d
SHA512 de6e8f19913bde6e92e5eef7f4ac9edd141e7d9c2c74f23496c60d7d9a0d35d2c70352be162f90e98865f6973984d2640a21d4665b3973731288c667a0eb5b7c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q9PUH6EF.cookie

MD5 c84d4b20789802895905a7fc97ee0559
SHA1 61d7165845993beed785eee30e670f983c5ef83f
SHA256 a12d9d58339a766ce0f411b94767506db769daaf592ff4bd872082c5521e0b5e
SHA512 7c83c906befe47bbb467cd7575016fb8630242e5033bbc932132404186f1c626d4ce46e30d1092b51e148db53573720fbf3556d8b358855ffbdaa01caf8b9a77

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H0E0SF31.cookie

MD5 89e950ce43a55c274bc76794b2e172be
SHA1 c169bf9d8987afcfed9fc3bdda661423e5cdf89d
SHA256 ebebdb887f6b1b08c5ae0b42ca73f514d20a73f277dd0b4757206f66b38cf74b
SHA512 eed306d37993e667242bf71cb068938fe88d6fa8be8e4c2e5a237f5400436dca3c0bd41bb7fc28b0a125006b677e02f626db5170205dd350833a7302657d6aed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UL12C7KR.cookie

MD5 6587377c34b220636ab48ae7d2540f1e
SHA1 ff59b393c57e1e3277d78a69d6a89aab16da228f
SHA256 0a5ff737e5a275b319a702cd4b24da21e04240d000b37b11beec7fde011ec99c
SHA512 bd58fd485d31c758ebbba5fc5e9328ecfe48a089ac625812c9c5b6cfe888627d54a31bee8e3b13a5774865f540063c66d13e8a621539b5b2446fd09ccb3b2296

memory/4040-133-0x000002143A200000-0x000002143A300000-memory.dmp

memory/4040-134-0x0000021C4CA20000-0x0000021C4CA40000-memory.dmp

memory/4040-152-0x0000021C4C6A0000-0x0000021C4C6C0000-memory.dmp

memory/4348-188-0x0000013D57150000-0x0000013D57152000-memory.dmp

memory/4348-190-0x0000013D57170000-0x0000013D57172000-memory.dmp

memory/4348-192-0x0000013D57190000-0x0000013D57192000-memory.dmp

memory/4348-194-0x0000013D578D0000-0x0000013D578F0000-memory.dmp

memory/4348-211-0x0000013D579D0000-0x0000013D579D2000-memory.dmp

memory/4348-236-0x0000013D57BF0000-0x0000013D57BF2000-memory.dmp

memory/4140-261-0x0000028CA6B00000-0x0000028CA6C00000-memory.dmp

memory/4348-272-0x0000013D597E0000-0x0000013D598E0000-memory.dmp

memory/1116-260-0x000001D1C8460000-0x000001D1C8480000-memory.dmp

memory/4348-258-0x0000013D58810000-0x0000013D58812000-memory.dmp

memory/1116-266-0x000001D1C89E0000-0x000001D1C8AE0000-memory.dmp

memory/4348-278-0x0000013D58820000-0x0000013D58920000-memory.dmp

memory/4348-273-0x0000013D59D60000-0x0000013D59D62000-memory.dmp

memory/4348-287-0x0000013D58A30000-0x0000013D58A32000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 957803634eec1e067f1c80790b365ee2
SHA1 74c6ee09d849fb58c71b7b1c4228bef2a565d9bf
SHA256 5ebcede24277883590386a4bc784fa48d85c2a3a703e1c161c44cc2f4a362fd8
SHA512 9511bf56a36e383d2063094f2f1eb1ef30b02b5fc0f8cd520b92d0d8d536b6b5f73b7277f54b5397f37cebc3604bd458e7b1efb82000dcee19f1f7e7da877b01

memory/4348-295-0x0000013D58A50000-0x0000013D58A52000-memory.dmp

memory/4348-417-0x0000013D5C300000-0x0000013D5C320000-memory.dmp

memory/4348-415-0x0000013D5BF40000-0x0000013D5BF60000-memory.dmp

memory/4348-419-0x0000013D5C320000-0x0000013D5C340000-memory.dmp

memory/1116-424-0x000001D2C9580000-0x000001D2C9582000-memory.dmp

memory/1116-438-0x000001D1C8520000-0x000001D1C8522000-memory.dmp

memory/1116-448-0x000001D2C96F0000-0x000001D2C96F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/1116-452-0x000001D2C9700000-0x000001D2C9702000-memory.dmp

memory/3536-467-0x0000022DE2650000-0x0000022DE2651000-memory.dmp

memory/3536-469-0x0000022DE2660000-0x0000022DE2661000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YYSZGCHM.cookie

MD5 1b2667de2180b7bfa9674254b299970d
SHA1 0756745026f5a4d6b6c844c900e6a2f635b01171
SHA256 1da3ad0ac6a063a9649ebedfc246cd5d9cc86de614c8f3c4d603568b2c5d512e
SHA512 c99281dd3eef42c635086cb5e5ff36f6140292d2ded30da932aa2e8a81ab4d1bbdccf093ef98b16fc41f485cb5331775bd62246b0c73e65b6b5df18d0e1cac59

memory/4140-485-0x0000028CA6B00000-0x0000028CA6C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2V12ZLK3\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 0a1a0d02f662148c43e5df0d764f4dc9
SHA1 04b1d73a93ffef9851ad23bb533859a23480b066
SHA256 d5860f7838cfe52d63826be869822b45fcb0f9e55e061b8c9f16dc7acc742d1c
SHA512 0dd46d17b08c0a36c8b6aff5ebb2dab3d8e7a2bdd6e330a7699b324d25cacd7703fb2db82d6790e47e414290d447878667b024efb02214ab97da6f6839ea64a7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\5UW64Z0V\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4140-672-0x0000028CA6B00000-0x0000028CA6C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ODU68F11\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\j0ehm6y\imagestore.dat

MD5 074c8f76a18fedca2f6e069057773890
SHA1 f3583de3a4064262c185ce87e0e50f477aefd66e
SHA256 6c4150f8b20eb7313240d4e4c43316995dfd56a8bdf132eb78e5a86a1e0b78c7
SHA512 43424fe388f496fd5f992ae8ac4d664a34f886df5500197f80edc9a6caecb6ce51d0f72ac5716d9e9e1f69290ee53f4afb9318b20da29d2dedfe5adfaf3c4ccd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bed26a7cccdb93460883bab3128b12bd
SHA1 2cf245777d2195cbc043b2b97e6133599abe3d57
SHA256 ba0f4e704d9c0c62282308afde7a4f2fdefbac676b2383a781c9a75e7909398e
SHA512 deb8d9aa4f21430d69f88d6d04ffc7c95b0eb657ba9c263926cb7c14803445253e90ccc56b0b299f3f930f7b1db3535a38ea840378e3e2caddb04d0269b95cfc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 40923f636f15c9b7682e070c2141c716
SHA1 f207252863f9144f4be30f50ae2c93c356962f1d
SHA256 b912c0298e19709f43b8df639beba2e4def4cc625a5e5c23604b7262a375890a
SHA512 0091810d0659711e0534d530fcae6e3ce6d61d6a38bc8cd8381d0006fa36a9e2a61734a2fd5a307744e72fbfc335bf3e0d82f5b78265336e4b68c128dae42ea6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N8ZY9FXA\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IM915LFN.cookie

MD5 90cbd6a0ee0a870010f433be92a27694
SHA1 e767b703ed9c600eb2d9a9775ba297b234005747
SHA256 6b3b10aabc87b8217462e9f6491c786dbfb997a712423ffc7ce150670e54a5c5
SHA512 c48136a18de1060a7c04ace5b9d4231dc4eceee00d3e29230645fe19fafd3dd9a9ffc9ba13b45bb6b79e0002b47ce934ecefb990a5b372a92879dee21e5980cf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F9FSM4IP\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F9FSM4IP\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSCUME5D\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9DQEB84P\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VUVZWCI\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSCUME5D\spf[1].js

MD5 f46c2d926d8f3366a9f85e6995d53a92
SHA1 4b019b5f749359e6253d742f388a63144b4a7a5f
SHA256 85dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA512 4eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9DQEB84P\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bfa7b255b0420333257f9146630ad85a
SHA1 02e3cca69dff8261480dfa02bdc4e844c8179595
SHA256 6ec7cfb93c34a5dafb4a820278b90ff90cdbcdcbd386de524417bdafd12400c3
SHA512 efa7dfc731bb9b7f59177f0aacffc4eaa44cef2bd179667ee546a3844eb86915edef6c1c96861f3843e23e144c1f4cfe529bb5bb633b9f12848c5d494ae4f798

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 d0a499e7c0f5479c0979807edbfc9cbd
SHA1 7402bfbd135fcbc114f16f24ba8284cf2a688bf9
SHA256 b0d6a992bb4bb0fc13767fc270ab66f78b43946e2324e6cc03f4d7b32ec1915c
SHA512 7b7b85c978d30def8a3b794815043c79de432eaf399caa10988a7a66c569323a28299d56ec8c827878021c14bd4d8420393be50a221fa93a4af67b6ef3ca56f6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSCUME5D\network[1].js

MD5 ad6aa3451e397522b056e0b8efb6cc27
SHA1 2b491439bddfd73418cde3ef59b309259c58928e
SHA256 b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA512 6c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9DQEB84P\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VUVZWCI\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F9FSM4IP\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VUVZWCI\rs=AGKMywEozAOwriJtjTEd03-Z9Xpf-qO2ng[1].css

MD5 e99e5a3e256b54e2f373739f7f5f2673
SHA1 f6274dfe4d1dc1cef65c834a38d24e4a3e83f215
SHA256 978e7e0b8358151be638b2f995d146730b31ec19b8ad4fbd485125826b327188
SHA512 6bfde89e84e7558f5b469a17bb54d8a72ab54ed1c834ea2f2ef532a4f16271d18071d4d5eeef05ecfc66e9c62abfc6179786492027384b26d1553ad602a1359e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9DQEB84P\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F9FSM4IP\desktop_polymer[1].js

MD5 4c7fc8a3cb0d48b179b42030a0e9d2ce
SHA1 82de1c200fe718d7744b56b883a87312931090bd
SHA256 2b55d87c47371611364fc85af1f4a8e7a967105dd794893eb5f29ad3a9bb5fdc
SHA512 a3a9b737ece44f51a5a01445fa69e6c18e338eeea6c6df3b92ee4b4e704e0ae65c9ae41c8d509a618aa99c93796d73bcf4e8a60c43e9934282b7778126d8f270

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 93e4fbe63a4869fbbee38926269d504d
SHA1 ea8fcaf353b2a31a608dcbf0dcc43f5ac19a383b
SHA256 e314bf24b0e2efe84515fbef64f19a59b9a8f08bb1d1b28c5d7c02f9702c38cd
SHA512 2e8f8b376baf538b2c5f808fa6719f0a6d1e803664ba040fc86d4dbe21e5cba2d71983ea9e65f75bcb33ac0f68f32ef8ae171b64d4457b7a0e9f4ec70263523e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSCUME5D\KFOmCnqEu92Fr1Me4A[1].woff2

MD5 ee26c64c3b9b936cc1636071584d1181
SHA1 8efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256 d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512 981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSCUME5D\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

MD5 8a62a215526d45866385d53ed7509ae8
SHA1 5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA256 34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512 845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

\??\pipe\crashpad_5552_OSAXAJNQEYPWJIPK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f8b0638f907ff5a89ee29e6b249bc973
SHA1 e1be092dcd757e799be6315aa66b2602c4fbe592
SHA256 53a91cc3377dfc42718cacd12e7a4e33cc98c258b3946460b80b53bf8506be26
SHA512 840f647d2bf6c2f1476804e0b951baf9024df2cb297bd5cde20816b66190cb22cf9373dc9e6731457405d7ad38d52e100a7c9899812cd8adbaf8ba757226b210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

MD5 05797303ba41f0de90822e6c14ea6262
SHA1 c904ed8550a11f21f687e40760d26cb0c00c1d10
SHA256 e359329faee378049c0f05a645199a6be2c31cc2339cd3cf6e058d4fc5cc0846
SHA512 4c5ec46f384743e5f8eba10485e747e31fe9bf567a1dd0294ae7b79f4c99a17db4fe0c890339817879241155324e5217b1f58979042c5ca3eacebb58a3b7ad79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 c9a994ef58c295f0a0212db61068f308
SHA1 b98d4a1e9d33c4983ef93dab598e924f95ed7468
SHA256 45f886cf68ff0c9883ec72bb42991db874d48fffdaf100e26d821fa9e92bbba3
SHA512 e1f07b532a4cef206a27cfebd712d85ccb2ed47c49b6174466f129857e29f5d54796091e94dca417aacdf9fb9758e1d36cfb7d357ac00bdd1619e0e0fe8112ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 84a1e734aedf25753551b5f6de0c1e66
SHA1 a73aa7885db27cd0aff7ffb2ccba3d45112a7d69
SHA256 2ffe77174ce3d84ed8c8fb1f07827b13b0d91da317bb3331368a81cd033e034e
SHA512 5aa41a1610f2322e8da1fd8845462982592d17b72760855a3c85fc9b598a8d756ec6b6c20530af4001eb9b03487851ff33436b4ed80122eae3e4597ec869352a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\588e7dee-c5d4-43e6-9fbc-4f5d2b387975

MD5 0609a8743a7bd6bcc9923945b0648e08
SHA1 3b13ad53ea1d5adba2259a116c46412c70bb6993
SHA256 91aed22c3f56f9f2c29d3c2bdaa3210cba6c94811f784657f19d0ebb730c7733
SHA512 d0d096a9531c85a55287c03d34c62783e2ad1de4d9593a1eea769a0ba2df837a6190d4a539de4562b9a8067610f59c6d59e45b899290708783ca015f9667b4be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\a82237bc-e84e-4829-ba81-a5aeffa045df

MD5 30257d9fdf17128ededb225466ae5c28
SHA1 14dbcabc1b74fd57befa1faf65623e463c81ce00
SHA256 b9592d949295302520c82f7d70173e96cfe63c79b91388dae5dbb46cec8bf43d
SHA512 d5ce920e65aeadabf20c533ca58d6721ec115c9c772f65278d8939687fbe6b9643ce0f5a6e7b3328a1cc1545a4107dc2c4b77b4d2d49f5e2d287d594d4bd9dd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\db\data.safe.bin

MD5 45715ea5346fac68d863cf193171fea9
SHA1 15951344167aba1ecf74ff9e30831d8f5baf9cd9
SHA256 ea58207cfe0bb01b6522cb875d78261741f263b8e675c8384ce25ce407c2d7df
SHA512 8fa2329e450c4a143d586280f2b9113f3f97d7935e6b781e2436168703be0ac231a9e27af965ac8b0e0e9099346be4704f6c2cf0bceeea966d7fffdd49a3e3b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

MD5 04f5bbb8f159db400c44a0852818c0b6
SHA1 fc5913e21de3e7ecaaac41ba0bc720882f3907e5
SHA256 e0caffee995a410346cffd6c65ea758e8e4cc7482d0614472b34a7e54a6fb69c
SHA512 d7884333b7fb21907d12abbec1c8b12fccce0fd8ee33fc32d1cf93550e133d5fdee036c4f35ceb43e74f0c6f498fb00fe380156065e72ff5450ba435cbc667cb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PVHOJ7OQ.cookie

MD5 675ee1ffd10c93f710df52188f4a593d
SHA1 d9d2371159d3e44aef7f754e56ca8357c5700404
SHA256 1168b5b439728ce8dfb567e5372e1b6598cc23e029503fb0961c4afd17a242dc
SHA512 9a46aef0160a77dfe981df3aa2b11755ed0c67d0b6a1e21399e18b6dd62cdf80f2228b165783150f7e42567e7c0043209c3e66224bca6d0b77a46574761d17d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 929d86679ac9a2204183060093802cf1
SHA1 b3983beb41e84dd168f96727a9a80472f149c8fe
SHA256 eafd9397dd3a2ec9340f9c4d5adf585a0e6c4205803c25046dc1115196277216
SHA512 54af5db137f1fc95390f63905859a7d8935f9573165f82fb84c9244094c0805ecaa7c3a55c87b6a67aff5d983953f79f2302dad6c58f3b3748ab1060850a4b52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs.js

MD5 3bedd2775ea7cf47b09e5abc86e68e48
SHA1 db00f1e7a4d7ffd9f4b972c855c583de1d83c3a8
SHA256 b0a3ec2726c1ef287972b3b18861293e0ecc659c5c692d974bc92a9cdd955db4
SHA512 68be9296175b446b35e29c372077da2a2f96e4407dacf6cb0f7e85077ea8227d73c9cc7b3fd800a08737a04535540f42f4cf14ec1fa75fc2329ee42d0e06bab0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dfc22495c090ebacea4d4bcc6b1b7ab6
SHA1 25e1f3490969e7b07599a4b08ac023c8faa3b87e
SHA256 8c63fdc11a4734445d9108592d8e5cd08edcdcae8bf5993328c45aaf15a87189
SHA512 238d86224d248a73ce8f1eb7f227ac3b20c93e1cfda29b1077f00c72639a84f77e60d1fc8bb6c7acd5904ffaac0af2e14161db2d9fe6ce5ed121d7550d70505b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3e5f14599191ec2b96e6319d4f21dc4
SHA1 686ed01c56f49d8f8d1d7388c5a1a693e1b14eeb
SHA256 e490dbfcfe6255f291dec2cc8082dc0d23a039ef9dc352e3a0905f5ae8c8fcab
SHA512 eef4bb091ecbfb8eb4382a8e4f9890160a39fa1dcb575e048084c09d711f5db9442aefd5ab50248cc838d32a729ba68f5dbe7d757e9b44989930e7df3ceb632d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9e7237d5ab37e30a6edae1b037aa288
SHA1 d6a13cf3583651f0e08d45de2a9141bccf8ec986
SHA256 1af727aa29b1b909faf8fe90b7568ce5831f4580f38f0f2a464458cc8d9896e4
SHA512 31d45c0aef79a236803f7215e930db76ea5ba69f369b31e362ecb95a7f6323925f1493429a6a4ab717d340c9b8bc9773a619e87ce7963de59ea921c4d1e6a1d4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6OMHFB77\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{b308387d-3d45-4536-aa27-86c8c48e072a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\idb\3550749352yCt7-%iCt7-%rfe2s8p1o.sqlite

MD5 1fe737cd3adbbe6f5613d9189c31e5f5
SHA1 e9c22aeb41371916fd2a64c8f57707557af33c5f
SHA256 1217068e66847b23d9a4b43a46351d3b280d62a278a72ff0caf736e6a599d36f
SHA512 0c172b5aa6e1084b061f8e1fc4fb16d97856ef2ec078fb14141d8c4cdeaffbdf75c8470016188bd6c73d06977f773f36ac92d44b7dc5f4ce5e8bebd4052c0fd6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 0c38564704871c517967a9ff704d1075
SHA1 164bae15605f7ad057e15bb64587368f3b94e04a
SHA256 bd0079fb8eccb3eab9f7b509ddaf4833d9944efcde3e1ec1dd572d709e084aef
SHA512 d41c29df4e47ce47644144625b75039c70d10caa32daf193df03b2ce43e365fa847d628909f419a146030efdee9cd017019805d9c7fdfc07d5c09bbb11a7a1d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a59cd2f8da5b166f91bea81d1a15ad71
SHA1 d649b5450b595818dba518be9ed1fcde275bcec3
SHA256 89b39868c2ad8ad8a5467e8c37bc9abffcab8620481e63a5788fdaf3d10b74d1
SHA512 3e19313970deca5e4ebe27225fcfde31564677aecb6298848abf17bc5fe9af21436e146c5270e4bbd74e3b159b8f29fee986d5287cfb287f13be390e3f914704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583dcf.TMP

MD5 15aff463ef4ed9a25d96aab0ca56f241
SHA1 5874ff731c28c18b79628b1c8f32eb9b11cf10a7
SHA256 e46d87a8c26b9950f7e692cfa9a12833e6c1205ea3b6522b2cfdd742c6ae7700
SHA512 903b93d0abb0b946996b55a8b0349c0847332aa13a1bf8753036f2db21022b75f1e08e29ec6220aa47be4b8c2a0cef133d2c3125280ee06dfbd9c3b40c6a6e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 61e05c431603dbf81d7a0e8924307b35
SHA1 c11ebe0fe51f4512e3b2493a96e8fd7584e1a971
SHA256 653fde2dd262fa37b934d2b30fba9e9e0e0f88c8a42d08f2b8b703700768ad48
SHA512 70dd06d091269ef83a417d749d0372ec6fc612797620ab9cf2a57a65e8524ba72b8d439c6b0f79a77c9ace756986474e420509914f32710ddf7512ac7b0c79c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d2f8daff7c6596f261aa9008e3b7864
SHA1 b4c525a8f35c9f64a3eef58d6844fb58991b1f74
SHA256 1e35a941ae4ef99dfa505a4ea1b023a2508d062fe639337c3d3b4efff63fe900
SHA512 1a898f72c10ac6bac27f13ce4c11bedde308626947032a45d248304e73a8d4cc7bc1ebcc34a0cf5b4c36ead6a089d46521543e47b5f856dd6da5e51adf718fa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d807eb23fd81fb4a534a1b8b801a5a9f
SHA1 a653825a5895783dc4fdfab3b789eb8e67cbda88
SHA256 b87ea8d3528344e383b37eff814d73f3d5764a366b4d3e0942b9c54e7fb68987
SHA512 267807876c5ee7a6f5f6fc7bd0c91145f024535dc6d6db614fe425dd23414e18421e05a7abb6295bf5f546d2052f8f2170a2b30e3d74040ae25dad2fa8b7e81b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

MD5 7f66120e320ee971fb9dcd0d56eda807
SHA1 f005d4f5efa790cacaf94da776168c9d9b966bb3
SHA256 cea67375f4f9fef19af7b1de78c51d4e87e7654e72b74ab4d0132ac32dd3524f
SHA512 14e6b302cbe9679bfbb9676f5283dbf927b0064fd1b612a2a3a659b0b0b959a09eca1da0af621958f120b5e2aaf1bfc4687f21c36bae535ed2eec5265dd5e6cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 62b94c34bb16e07d10268c5ec37e2f34
SHA1 39a3e38415e076f5402f0b2b4274872fbb0ca1ea
SHA256 e6fa6fd229ac6f98eaaa6f4185695554596b9a6133ee28e248c9f1f83792bf42
SHA512 2d63af80c674b90ead464033062339b28f4d446187fb5a0fdfab47f7047328953f435730e88989c9ba76a8223f14b309e2b5732e03c633574cc1e8b39816618c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1db1dd9c52d6847fe4673c96ec323efc
SHA1 1d6cfc1736a6d6bddb00f5cd03588418d4b2bf7e
SHA256 b9441e2641d93d37ebb89e8737d4d821d285feedc8391f76258fef423e3a42f1
SHA512 8a91e2f6daab68fde1e478ddaa6ac64aeebba98a26e63afb2e98ab3ccef0c07dd1c7872195fd67c02b2a0c14f1ac0f75bbd77a349a030b4c2a488343cca58b2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ee3f4912c28b3692fb9ab5e69a6a5a7f
SHA1 a134ff0f61c9d5dd2af6a2fd2e7611bb611a4c23
SHA256 ace99839f31359a523b82769cf3b2ab8d5f50ed7a4e8e90f3e6ef8d9069dd085
SHA512 1c62cfffe0d873fdfe9cce5f76c9f228dbea21c5d3c515f74c3e14063647c576db9b7460a103ae5dafed53845ae61b8ba06bfe8c42729d37c5f17d9000928d50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588c6c.TMP

MD5 4a265b62eef8d2cd711a66e2ab059d29
SHA1 0a0510960c18ee5f0daf8460ffed6c5e299cec7d
SHA256 61e30d302227fa4111785c734c9c76fcaad65f08e40d35d6107cba4730775798
SHA512 a8755533b55deb8db8b75a85f8bfc38462999e31174c1109c1341143b2345da119720833fc2e30b53961ec66e193e914b2907d8d4b7a8d0babb2a04bda16dac6

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X14679LK\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\prefs-1.js

MD5 26f7662c2eec74ec7733edb47f4ab7d0
SHA1 0382fd3b3c10673b33335489cfb721a254673fec
SHA256 efc570ed54c5598057dee120bf9fe2ea23152192336601f6997a9a57a2333b95
SHA512 e627e2c231de6195406118adadaba045882f965d42710b8dd7429e0a462a9a75e72b04879b4e296422fbd3d7258a90c95bfeb0a61472c49896f718e1fffaa70a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0c64aaca8e3f15b0de62eef94780a75b
SHA1 b3c65929f9f373760e68dba493eb890f1416fc34
SHA256 73713622b1ea1bbeade46e80518608493c37cd5c91901f90db44d96bf34645b1
SHA512 d4c1f46b9ee06574ef143c9835a6bba9047481c340acc2a5a565ecb18457186d83ec5d71d1220cf0b469c503a1c6f2ad828ea038c47aa19823cfaf8e74a941f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 4c23f95023297c39b852a64e9fad3562
SHA1 0edf665dcb9b19ddc2a1fee4d1a3034d99222bfb
SHA256 f33259b76c50d74763343f86f330d845be2feb26093c124bbf57b0c51f4a00f0
SHA512 6cfbfa8e30711f6a30f0b52cbe2f54892aa3e070d7121071af5db365cbb6f23034f3dcd191e69bbe7b391115cee5d632de985f639bb02eb50f8b60e201b0d40e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 faeaba7c31fa2b98af73bffd0acd22bb
SHA1 d599ba6a8274b7f2e8f226f7c3066e624cacd216
SHA256 1dc34ba7b4dbaed91f0780cfded8c1c350eafba2aaf78f0b966f20aeace86907
SHA512 8708dbce70e3c4cde2c56dfbdaa52525f06a28f114fffdbb901be5c085ea936a8af804433567da6c9a5d49fbe5f3d7793e1bddbcb984bf76321b78db72d743c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6307fd04dc547cab9349237ef4ac9390
SHA1 043337ac4c22825e760e7ab527643361d0bddfcb
SHA256 0cda92cb0cabbdf47deaf1a88bb55e795e32eefdd11d7be2fee0020aa0e877f4
SHA512 4c4bfc599b68409101e7e370c081d36e5deb868a7f621bf2b251b44552ac95aae426686d9f96557fc22c748ba89abd558f1d4e9de1e79d5d316f7a74a25cf697

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5034eedfd13cc79957c8a9127183fef9
SHA1 ee482d16eca52d3562de9c890c0a4c4f58808c28
SHA256 8db74a4acdd4ea2eaa8e19b1a749c0a2a78ab8470c7ddacb529f18e1fde8660e
SHA512 aaa30c16e6345aad2c263952f2d4df18c861a53f82a9731d5a1de690476f74558c52f9b9aa69def5f666f0f2ccc46ada08f1215ec66e1d490af1b82b9e442b90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8db4e87f2f3014cf6345f83c8d00c3f2
SHA1 2d1649d1956b98d435b829e73b63e2313950f796
SHA256 04e96b8dbbe6c77a596a5447475824dbcf87bb7b93592fd55b286582a272be82
SHA512 77d7d828352ecd4c0b2e24dfceda59a9dc454a117806af8dc2184004d74eb9fd21361e233ae63ee1887cd94f7e312d6b8dbc6e07a31819577b9701193b9c3a80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c10206e5eb323fa2540740866a681272
SHA1 514006c5989457b4c260a2cad7e3ceb9553813a0
SHA256 67293a840310c77351f1c77be6d223225ba17a31d680f06e67e3a0160238baf7
SHA512 19ce91c656da571e77dc46745b420c1d270dbfcf816aa4fdf66153d8f02d9e9f35ccce27378f36062fa1be4762fa03f57c3bce57f620a870b8fa89f98a1fddd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 265abe86a0f883af38adc82c2f378042
SHA1 3fc680ea0ab681b7f134b7956ed0f0973e464e00
SHA256 740daffa25293eb5f1590c5170ff3bcae31151304eb7cb5a47e28a1203d93c0b
SHA512 ea71aa6446a7574054265725b14bd32ec7137d418f6ffb2e6a2ca383a6529bbbe5a399fa0f045e8a7a5e31338acf0162e11c406fd96282ece20616e39747c562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 874106f7bb68d47b59e56b8ae3bd1fcb
SHA1 7dd7b6c84c56d51858ab6170d98036c08605ff7a
SHA256 5330e715e529b9261e787b7c02f917aee26b988446c7226d967b8026d2250657
SHA512 9aa1cc31db7cec34273bf59652a8f8110f44faae21569c58170b9a90a480b0df8b870e4e1a6808c8f83d8b98b7873c20dd2b8e42a36bd3d2921ce73efa79858d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b0e20a0e08ec9be3e1cbfd58a6cfb46
SHA1 592d80d836d43d366866f2aa65619545983b7413
SHA256 f448d6e300a460dde01584bf4fd199dc217b1c0ae0cc30effb584ac16840fe83
SHA512 96981c09f33b1031e19d6bfec5ba89746c4076fb1c20cef394b116d7e7e50e26fcef843423ea5de786b9504122992ec8f62a13b297a29643a969ed6c7e6a7715

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 17013b36b3addcd035c7354d6ffda635
SHA1 860c0185bda4cf8d7393fa4e2d7b319cd4172302
SHA256 8f2eaf2c91f611fd78db75e2fd8ce34b25afa6cb47895fdf8f3354b0652ea042
SHA512 c4da4e76da0f85471f7309d2d500d1f586d2701bfabbbd0a6a2e6e502301730be5ec99c29ed8bcc36aa99e39cc95500753fe37c8da5fb15c472876d86bfd0e59

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0f9d1013888b45303f07c285825fbd19
SHA1 110607780498f5f94bcafd3624f78804a353284e
SHA256 0210f70f91a0142b8fbae86aed872d02221979f8f89c38ff94f7cf6ddce432b7
SHA512 97f90b88d1f0b288f3d774f65303efd983e003b02ce822e654255b2c807d25cc4b40aae30f8ec4b32f5c2dedfb8a38d2898ec94c27dbf0f1dd55d81bd7a8fade