Malware Analysis Report

2024-11-16 15:48

Sample ID 240213-fg8djsbf7y
Target bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3
SHA256 bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3

Threat Level: Known bad

The file bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-13 04:51

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-13 04:51

Reported

2024-02-13 04:56

Platform

win7-20231215-en

Max time kernel

69s

Max time network

272s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000000af48a6ab2ca13bb0c6b6523a881a8e3c1bd7723d5f34c0763f1313119129371000000000e8000000002000020000000f00cc5d2f98f16313e8d6bb93abe11070349856ac2790ed53d0d699642d16dae900000000083d08f6379f901d409119420c11ff7b575dc9d04d524576167eb4d76842b390014885749e62af2cb29b27757e6ac131325672bd193270ea76287d0abd18a75165577f1baa463e9e06812ccccb7f9d433bb07585a1f2b79b9f1bff376390d9b3010779b01b5690e7cfae2b63f8f7c9cb38ccf7e868204b872c347993ca1027b4d385e5ba1f27712996a51de4ebde5ab40000000c77179799320cfeebd86ddc31024e51d97166c4e5657e3f964632eaeefe685f3587b03ace04460d2e0e4bda2296917aa3c3db2892d6f97bac3fcc21c98c076c3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000000783e51bddd39080b34d896543a1affd57baeefd11313104890ade44a73716a8000000000e80000000020000200000002faaf37acf6eca11b0a99d706ee70200046a25d549eb4713e9e31e745c9b6e1f20000000a0392ee9202cbe02a46d50411acebbc132d3c6ad4e8e589228b6614f727c4ca9400000008c4b817fd47672233287c8a3e21182e47076e7bb680abb728ae0c61635314712604f11f99bd8bb0c72ccd427fd98bba822f809a33ac396b9897faa6eb7f83778 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A3D4071-CA2B-11EE-9905-C2500A176F17} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A3B0621-CA2B-11EE-9905-C2500A176F17} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3020 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3016 wrote to memory of 2840 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 2840 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 2840 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3016 wrote to memory of 2840 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2712 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2712 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2712 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2712 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 332 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1228 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 332 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 332 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 332 wrote to memory of 876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6359758,0x7fef6359768,0x7fef6359778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6359758,0x7fef6359768,0x7fef6359778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6359758,0x7fef6359768,0x7fef6359778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.0.365534802\1795551927" -parentBuildID 20221007134813 -prefsHandle 1256 -prefMapHandle 1248 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd2c874-2f43-4b86-a526-771cf981514d} 696 "\\.\pipe\gecko-crash-server-pipe.696" 1368 d6ea158 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1100,i,2793796534285943505,17256585584247809227,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 --field-trial-handle=1100,i,2793796534285943505,17256585584247809227,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.1.1141402510\313976643" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a14c754-5a2d-4275-a3e4-4dac245f317b} 696 "\\.\pipe\gecko-crash-server-pipe.696" 1548 42edf58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2632 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1292,i,8644100792771162985,1865754807007286803,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1292,i,8644100792771162985,1865754807007286803,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.2.1399177854\1607803378" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0faf4e4c-6a61-4c64-bf5f-3b9c233a6ab3} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2104 191c6e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3228 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3132 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.3.1458827640\645593653" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {646eea04-1832-4058-a82a-bd5caf3e46f4} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2904 1cf64d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3648 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.4.1560950355\654500643" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3740 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd001a4-8b1c-4251-bab6-40d67f13c388} 696 "\\.\pipe\gecko-crash-server-pipe.696" 3756 1ecc9158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.6.1378019694\238314100" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4dc9049-0b71-41ba-a125-27ad5913d805} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4052 2161f758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.5.990282639\1519560639" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3844 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83a290e4-76b1-4d6a-a37a-fe9a76ebb1a6} 696 "\\.\pipe\gecko-crash-server-pipe.696" 3952 201a6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.7.1080504488\1296366045" -childID 6 -isForBrowser -prefsHandle 4260 -prefMapHandle 4264 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31b2273d-a869-4d58-820b-d469871d22c6} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4248 21620358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.8.1030592529\787389386" -parentBuildID 20221007134813 -prefsHandle 4288 -prefMapHandle 4292 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eefd307-12aa-4acc-a741-7e9b57fdfac3} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4068 217f8b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.9.504834041\317983697" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4516 -prefMapHandle 4528 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {760ded9c-815f-412d-abff-4da193f17d8a} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4536 201a3e58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.10.413251661\456135184" -childID 7 -isForBrowser -prefsHandle 4688 -prefMapHandle 4692 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {347b76b4-c137-4899-89cd-1cb5c2333136} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4656 2239fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.11.176717162\357974651" -childID 8 -isForBrowser -prefsHandle 4784 -prefMapHandle 4788 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09b7147-b4dd-49ac-9787-0f08b97cfee1} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4772 2239ff58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1300 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4148 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.12.1331521633\773847597" -childID 9 -isForBrowser -prefsHandle 5232 -prefMapHandle 5180 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01cbfc82-acc5-42dc-b6d0-2ff8c4087a93} 696 "\\.\pipe\gecko-crash-server-pipe.696" 5184 20140258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 --field-trial-handle=1268,i,17334639335179480001,1320084430893295794,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:50113 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50156 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp

Files

memory/3020-0-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A3ADF11-CA2B-11EE-9905-C2500A176F17}.dat

MD5 7f0d8d18dfcfea802b87fc2d4959880a
SHA1 d571cfdc5d0ac023a3ff598883ef4f43bec02fdb
SHA256 7a6b51f16bf80d686da2f401897478d7075a3d4f1c3751bfd056825e9962d792
SHA512 b9644c23b1b415cf1824211c347a8a680c212160342d82683232f6e08635b3531b0c1fdc595eb9751b31e5dd13bb364d54ebcf3dea8e5644769e40f456e7b77a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A387DB1-CA2B-11EE-9905-C2500A176F17}.dat

MD5 008f0083b5ef11719aa8ae94ecf57492
SHA1 3786d0236dde23abd15982250acf54f6b35a26c3
SHA256 8efefceeece39a9ca3da866f7fa572fbb37bb2304858b2c1fd4b45cfc27a3c41
SHA512 7d36ca12e3d6ed6080d8fd1a63d0093870a956211c909eb5401d41fe57927ef91e68c0bc1f51b3a879c897c0fdfc9fc5c2b6fc68cc6f07c3d002b24cf26f6881

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A387DB1-CA2B-11EE-9905-C2500A176F17}.dat

MD5 78d88b38f72f59fcaa1b8b3504178ebe
SHA1 5e3235ad42b4334582ed8befde539462a27f8db1
SHA256 65554e04675a94a08550fd8656ac66e8ad355366f41ebf0ef7629c2e010176ff
SHA512 b497ca5e4884a077d3473e6f290f2ab579cb35f2020cf915acdd798a4b67c97648b00dd3fc6a5b227f5696a5e8881ec26f9b623af79ae0c2516b8eef430d988e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bda6c6f42dcf0ae570f0c17b3966723
SHA1 c3e6e747b2058d78b9784c7b893d4d353b24589f
SHA256 faae769b6439691a2b5c92fd07886d568f14b6c26dcc6c1b7bef199f6ce75a3f
SHA512 ab76677ccf843e77b7adf9fb7ab8f310312b5efc16536ab412b8958fe2070e100d2a01e96ce715be4fbea5fd0ddb925b1581d49b498a0e2a162211883518bef1

C:\Users\Admin\AppData\Local\Temp\Cab172B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar172A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c795cb2026e6b394a1e2f2177b46dc5b
SHA1 ab0eb06f2bb7521145ce8e2e53f93bdf7638c75e
SHA256 ae8391be1d75f524f66cb4c1532c6246c9c64c135ab2e2174e5e4cf8bfea7f30
SHA512 1ba6989cab8e617fcd0e374e0355dd5322ad95204b45064e962c9b992e44187fc29942c41bb68dc3490291b706bf896603ec309638a5e0d3b249cae9a8ab253f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e30b4463a11e6f6082675ba07624f0c4
SHA1 9e1c4d76483ec3126f9a6839cc0f6d688d7572f6
SHA256 0a1cd487f2e59f03d5a92cf3bed361fab6173bddef93ad5585b6ae60a58931c5
SHA512 65f29be4a72e7d477e825f54b95328816d5889363515c2363278393f5cab3feb0e412fce062eda8c87b45da30f9b96974d8f94f3b71196a5ddb74bee41089f71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0a3dc5f0e43b06fa700cd63fe27b8b5
SHA1 2b2a658843149d0a845175c331ae2d864b688480
SHA256 efc0b1338ae2ebc4f20a7c0d2a435f3e281db8e487a3758f9c5dc5e993c54347
SHA512 26deea9740b88faa47af00db9bf2f860d43c4e71c291edc9a23f2d0742b1f7fc0a9d7fc5c4a15815b455e9ad8e1694b798cbfda1c677b239b5bdf38d5a9ab23b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1d8ce999709c4ac158d69de5d00e5363
SHA1 053da19ea27626e8d89b2889e78d6850cf633781
SHA256 fa949d954a8a757841facdb180c775e2e05757ba6a516bd4954b9146333809ad
SHA512 6d50a3c06214139e566b2e726994d81ca706fbd6e95b0a5d222e1482d411e9e8d62738b49a7d33e9a5580452c2dd18cf90d35512eaff82e7ad7ed9a084196b7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7b693657b1ae8843d82ee1a68b9b719
SHA1 d2ac0f2344e0177813dada933df8f85239276876
SHA256 ef4a003883fe1c779f78b092334fc14eb6cd4c689f508a2bfc60f7e6b1c715ab
SHA512 dc0df7fb0a859234bfbf5b6ad5b1c18fc4f79be4f733d86a3d7814627643384f9f51cb1afbb64722c22246c471f60d25fa96ac6ff351c8114a79b225dbe49347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1398b249a64fa39fa9389589a68aaec
SHA1 a6d41621afddb5f16d6f53650fd78b3700a0673d
SHA256 52a7b59762e0e483e40c45ccef8cf4ebbb8d9588ecd01fcafa37b82bb762b65a
SHA512 70429cb578e6e27738ef0309c8eb9d99761b7e12ac959d6f2c7791f07a01276e674a378b3b6b86bf1301c4f0565db4984bb5f0de14882af60adb5e566b6782f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 57d0913db6571a846511ae1353fffe8f
SHA1 fc8e72133d394f9a1cde4cfdf0d03ba648c6eccd
SHA256 090fd9964281c4c191abda82636bf51a0a7fdbc8ba4d4fc21e1c372f900e4781
SHA512 b04fc838f905d46bd093f352bc7031334c81770f51592cc54a9de49c31683972f9e6e35c378761358fda50e0582862aab6af8524c7396bc81f451e35ec118cad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d55994dcdd4b219be1abcbe56a99720b
SHA1 f4b546a5fc65bcf2b9ab1ad2391f9bae87f36ce4
SHA256 e5db27ee22dbd27b16ed1f10b65ff0e574cabe32a64b64751bfe6239ae241ff8
SHA512 ccd8bb10c7bba2a457eebab07598fcf4e2bed3a4fdb4b5fbfff915a4d4f34ebb744e75e86f4c6967e926885d18a48f6204c2e9722b63b048a63baf3d1e2db60f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 be094a11400d331335a4e1c01e9fb924
SHA1 449b7570fc6ff1213c346ffa0ae44d211052e2b0
SHA256 a1455f866361bdccabf569f230ff07715ce3bba41e45902453fea92d5085755f
SHA512 4e4ea4e1bf880dee106002d6bc1896c54e385297bb26f79d968736999cf82c61309ba0dc2547df2bd42f93bddd14972448ebc054119cbadb739abeec2e7f78b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 4e191e67040b2871a87d0633fdf19d69
SHA1 b71d5afe9f495f1439d9e29855f30d6c9e6ed1b8
SHA256 1a7d5b9113e504576bc0144a51000431d881e79e0c26249bbbffa0dab153d5f8
SHA512 309c8935ef5bcbb3b158f6ae445f53a68eedeb56b0b6ed595e2c43a32261b93e8d478fad051c18eba83050f456a3322d18930dcf10b4058c97ec8d3a8f7602ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7867YRV5\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\13BAAUB5.txt

MD5 74eaa517925f2349bd4185440349bf24
SHA1 32a8137693ccfc75e8644b1c37796ff7bf02526d
SHA256 47d02372333acd348e058260b989a39e3d592c3a0b11d9c6dcbc786ac29e8b39
SHA512 b8871dc62f3ba0a90658f5f395958db0f0244f5824e479b499c122da6526868d7031944d55b93eec8033657e4430fd25ec8cc2b06b36714a01c14a47f408ffdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bd3014a2e6f91daf201809c3ed3c9241
SHA1 e4a1899883f496a34f55646a532a6c9402b765c9
SHA256 01ae1d0b6d37edadc223ebfcf778579d497dd984fc638882fe484fcd0a3a2372
SHA512 3a8d986f5ec9a09cfbc793a8fff049c5efb1392d533e7ffcb323795b82924b455436997a3f377d4890185cacc3663f6a8124c40e6e52923395c6e4f90ce9f5f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 1eafb519e220f8c8058e5fed5b8b655f
SHA1 5887ec025353d6d46390446e36f4ddf516be6c07
SHA256 df15aa54bf7155a9027096e97a16a7ed7488f969c621bc46adfaede91154c4d0
SHA512 10d14f6f744673776332797f8b556253ee67fd5d866ba531d99d49a2d6c906890bfff95a378044f33aedd6f4afab6b18d217d29c0b879be3a8d3a83c11bc48e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 d7d6357d07f943cbee676a5ad5fb8cae
SHA1 1916cf02dadc46c4935e9ff0f3af14bf717c402e
SHA256 5dc0a8b11d7cdb6eb81e0419720f075d3cb34f3553f17466afeff8eb21716964
SHA512 14e2a6f66b6ad6d7bf166951ebb8137648584269724462753f96d0b8fe0ff61e8e7d0dc589faed36acaa469607a14c26b53b868df21d0e72c327fdb9e2c98105

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 e4b1b14f5c8e85e12476d1e7d246f9a7
SHA1 ef3f8d9fb17b4977e29092ccd6288822b30e5c9c
SHA256 8c510204c228cccb2ce31113f570385f6706d83b63ff06170460c1c747a07c25
SHA512 4529b7168d33f46f379867c97f4f329fc864be7249a727ef38cb161eeddbe755adef9ea8e67499649eabcdfbc1cf5bee77afb9c7636ac5b9e76165d813d4e8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07bdf50edcf3fe88f3af99b62295be7b
SHA1 fac636b65cbf4a1e3a9697db67c8aef125279545
SHA256 614b25e8b64fdf533d0fa69d6409ace4f1150049ed89ce0394b518c2ecf88ad8
SHA512 7fd072b388734e704e73bc240a2ad5b2230f785b7a434f06af9af34a3dc71c6d5c442d3eda42f868900dabba93db30f2d9c277ac2992736100a88f02b55ff2ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4d086407fd1cd35b35088da8d8e58a3
SHA1 078cebc3bb97f7c1bad6ea40582e048e8fd544f3
SHA256 b7854758cc207379bfc0ac9560ff2affbf61b228b0188b9628b8ba1d06c3b51a
SHA512 0c669f0fba90fb29f91c417db502d3d4d607bc6cd36c51a69de5f56e5eebbe0d5f6ab438406cc8bc23f2a01da1089863f4e1e381e2329b8034434b2a2b485452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66898c3802799b985a87d76d2213ac8b
SHA1 7c4965d3f4fb2eb866f377aec3eb4ad6317c8f1e
SHA256 5787a930edf9fe28975a7d1e160974dc47d8e548e1b9d46d5f348ca381973eb7
SHA512 cce7881076f90e5e55eb7f44289f9ce20a35430e4e075bd1c56e442ad670d5d8430d2516f26956b5d72901cde1896bb91f6ad10118eab9456c0a577fd846b30b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48bc4538bac1d20a6960aacca2e101b9
SHA1 b1a5c53c7f79c3cc0e4d9ef0438606616930d49e
SHA256 498b01d6418e11746a77e0c94940234a4790db50bd4d30c1799bea9d6ddcd760
SHA512 93adda9e195cb56593bf6b5271025623be35d79bf3bf765ee5742598bb3ce71a79e69007fbd2f00439d48a950d472db1f6850a416026ecc3a948e0a7b2f240ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c87496273d3aa96d3bde9c147b5a45fc
SHA1 274ac4e204520020e4edfa138c2388f0bf6555f1
SHA256 4cb45e6d32f29e32bc03248ba8b804a7f9dc6e4c12ab47cea92e55706aa32f4e
SHA512 c3a71f487927ae5f7e92456825af275b21c8446eab6fda1309a47b6fd9f2d8bc8eb265e73474e16a8d0fefb1e07fb3875dadf03c69ed29cc0105175ebb4bbbfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a59b4f78ecbeb41aa28620405247175c
SHA1 6af35c395b6051c4e6cdc71db2ae99866175b08d
SHA256 033531348380e919bc8fee389d628224f8b3ba5ebc1c71aeb2925b4bbbff2e2f
SHA512 d953115c8b80957e9ec84796525890c26d82d141663adea1fc6367197d335cf9e7c8d916f890d3eb8bb40fb7f997a807da6fee9789128c85834b52a04fbdbbab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 136ba8825510a2c946e330711f78cd45
SHA1 69980bf9b358a073bbad2f43cbd229a2992f90ae
SHA256 3957beb60db9fd0e7e2df9d14c60d3734c78aaaa3d03900b042d842b4775243c
SHA512 303939748623a9fe1add67e926d90decf8e2e735dde577802acf07707f5aea0eac9737e85ee3201ec95a6dce4c3e61bc0893139af1fb4c8967cb3516ef0bfcb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21b82495f7895417aa4459fec0429019
SHA1 37c6f6b0c663a5d706f3e39776649c30175e89a6
SHA256 c830a146e48a9bce2221a5c065c78ef861d4f2701c07b17282b9749b20c93765
SHA512 1a10a262901218131f6664dc7c794cb02b00ea92b112ef294e1abde92f430c7f6254d3072547170540012330758839f1066242ec456ef3b42563d892de272a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65fe304f20e24731e4db5c0aff9bb7bd
SHA1 dec4b684a346af3454b86b86788be86602ed993a
SHA256 2c4857983201f08d83939dfaab0f9860bf21ca22fda13e9c4195fb90bd91539d
SHA512 38e272914114cfa05f597f3fc8db7f7b7160cd3880a72a9f13ccbd8a5d66a9aa9a31ffaf00c86dc157772c73aa79860455c255eaffa4c759c6e11874609dba0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d46d9b6ff9e0db235374658556316ae
SHA1 8509fd70f2aecc7ebc9af54911e1135758d09be4
SHA256 abf0d813d0cf474c8f7dbd6a2a437e0320b94683720d036334bb8fe4febe514c
SHA512 e1bf3789c5b45f78f2ccacf98eb5c590f454f9385f066a051c85b2041143c2178af2d2e4bc641d287d23c4c074947c17dd3d67937c8505fe9553b741282cd385

memory/3020-840-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1228_CTSYGPUYXQAMTHMI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b74fdd5d-69e7-4ac4-be26-d175f0f8a026.tmp

MD5 4418ac350921fcdf34873de38d641b2e
SHA1 2a2a2dff3eccd54965e1da73a30bf4ed35373cc2
SHA256 9da310c42d86bf72e49757efc86a51b181a257030c86f4c2b1f1f590f88d6e9d
SHA512 d8a113a49935ac34b225d1a19404bae3d6b6cf8dd56b4a4d648c72260bdbaa8ce91fe48f6739b72b53df11e195151e6fe1e33bd5adf2cb6a1412812ea2a8953a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\610176e6-452e-4ab5-9086-f081717892c8.tmp

MD5 1daa5ad73da32c734607ed28307b1aab
SHA1 58d660d26df4dd1d0c915813f514c0b5fee5cbd6
SHA256 ed8766a88e0f2fea59e9569e8f178603561ad4113f25dc23bcbe62ab786479c2
SHA512 0ae142fe5cdf8d43b3e06f9a9008c15580864df485eaa6318baf05a3f82249173d3057d4c8261db73352962193ce4a9f4a1dd8b87febf7a8b55c3a05d2a18d2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 fb0cd142c12ef222396eecac0c5b9303
SHA1 7c202fe783235b7a9e8a1b14393c166b42d58fd4
SHA256 5655f4e20ff1610e90fc053eb8a87db731d99fd2624c04bdacc9387490b2c9e8
SHA512 15102efcd0c5a1720eb87397eb3f9df243f956e2022fccab3a28aa07bc4d743621c729ac25c8eb5dba93fd6bea56f82dc641a0f770341973eaadfc95d84791ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e8fdef2aecff8fb786aed05074c3bbcd
SHA1 908a65c5523aa44809ed6667f81647f4ca45829a
SHA256 5d7669db1f20de27c3058598a4abfb81247fb3ab5555bde14106aca016dbdc5b
SHA512 23e30624509b07102c871abed23a364a0f0a974a271af80386fbec7a58ba1d2fd7cf1ad6535609be09f837ac3599016099a56cd47b203763df06f28604884632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_82FCD36BCC5FD87B35DFF8FF8B1DC2E4

MD5 83c972772397f561ee3c89f3aad5ffa5
SHA1 a63af3dc7eb4ed648938dd023f7a862cb0e73f91
SHA256 3e52a530346e22756ffe008c4760fa3492a035950e2c4866481ba799dee4199a
SHA512 f74ca721569216a7e24600ab5a1397b783f8d192a46a5551a18a7a1a1c416a30253f4aa40963e4ca11b4a85d413a081e1399161b0876e39b51bd14a88e83b293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_82FCD36BCC5FD87B35DFF8FF8B1DC2E4

MD5 7da9cec61b96bd8cdef4ea046e6c3ab9
SHA1 a61325c55e16dab84b579044861a41b7d55b3c73
SHA256 c6138a8f58c97a10494820e3b88030c41bad25262628d7d0bc378e334566b2e3
SHA512 107c5a862e81308a2113e84ab3519a34a9a50761a41aa8052d667668343ff2ede7bf7a730d7ea90ac779c4004b127fa736e4e8631c18aca4b6381d2f198aa6b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 8d3a6a1af8bd6909c1c423d4d5bf0c3d
SHA1 1265338e0dbb5172ff44e2e79648e5a95206a1b8
SHA256 ca578712f2d4dfdb9596700499ca1882ec85566f4455483e87cc22f14969c0d7
SHA512 8a8d478f8942435ef5a8a9cadf3dd248fac279d2acf344927805c1e905e6ff2bb0fd062d05a107686d3e0d7cef6ca0895c0ee162beb61350e381e37f2d2016aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 76e6910e5a84e5ac595d8a7fc41de0ab
SHA1 31cd4699bd778bd33823765b35fe4156781d645e
SHA256 6323985cf95f4070b25de82e4af772643808d2350e2bd2d27c5d8e59fcb03b6d
SHA512 1daebe4f366eba3f7feeff16db2657969ec795ec11dbf78d57888c0d4b6e339386871b1d36e65d171cfc403005ceac43463c004b133e67b37862e01e51abd36f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 c1b1cfe1698159d2cc88db7354d6cfb8
SHA1 9b4850d9c76fb17334a27c004c74d0195b4efaee
SHA256 1ac8706f0e2ca786618edf9f1f4c38c55d4f79f4298c6f02b1d81bb4151ef9fe
SHA512 51319d4b09abc9863687a055fadcdfc3e9afb4a65bfc8d57e61060f362ad137bed3bfe2f96432547caa461c9e075175bf0d530e0f0f2fa5460804496771512a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 d53a3001860fdc9f370853b4d2df4d37
SHA1 3528b397c0dc00ca49b1552702a98d64e729f79b
SHA256 ab6a43ed478affe3390309b53ffdf8f5f53d275a97ae0507daf1e867203bba98
SHA512 fe3055b158128510d273b40157d0ce3601a0bf9c7f0f84e0ce1b618e612f8f8d5fb25cbf4cea1c9c520a0c400bd4e5d3da2e46163d42b3fea7b5095304f619c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 dbe1f4bc457b7f346ea2b22911a3cfd4
SHA1 84514620f9443056b13c70b05d2d49a5efa12fbb
SHA256 9ac081e38a6ded7527d33bd5192699dccd78af53fdf8c59f3225dd37a7fad31e
SHA512 9474c7f8c5d0c017bff82cc969d87d7020ec0d4976143e2744a30859dbbae3fd7da4239e6f570826d0ac2656b63aa2fffb665ea9a05771e384b1e3a2f5f5d332

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\9b8fdc59-6d64-4c31-8b52-7f7db93da41c

MD5 42e164f4da85d1388bd6f935e26832b5
SHA1 332f220dcc609b095f41e7e48f412ed2a5ccdd69
SHA256 0d9baa0157392f4f18e29a70bf845dd643b6c36f47c67c6284658d46748c8dac
SHA512 f0f93352264ab6e7ec30a95d651ad8989953243837065808b799347b0d31d91ad23120c30335b13c0233d899c17e8979ff8b901522d33f6eacd14511c4c96e3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\03a2181b-5fe9-4aa8-926f-1db2260a7317

MD5 240884e1ba5db80cf1e1d9a274d0d63d
SHA1 78a6007244b963814742b2e1f90f14300aaa200a
SHA256 1618e8f04af21bda3dc10defb891f273f09eb1836b8ddf80384ba28bbea8c697
SHA512 e06a67c5eaf760ec98f4f38ca0d9409616a595404b7a5b88cd772f84f0662ea3712631e2118458e316e20bc05d39f1cc60b3ba818dc2707ad2436725ea9569bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 d968529f2db1004a81b74455adacfb6e
SHA1 bb02d4d46ed882f656e5e393c6e704fa1eb25e93
SHA256 fe008ae7d2cebf9f4779fe865b946f352b9d8aa8bdc9f93d0c12717085ab9c25
SHA512 9b0fcedea3f3945f0d8c4b5f5d4167be34c616e69699642a97e0c6b7f39cc933332e2035cf8d6f6112684bbb93fc268e03e7dae1035dd06077b462ac949162a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 75a528804de84e1a33c3eb9c156122ca
SHA1 fc3ad52718b25ee94ac5ff9fb984f5ca3fa3d626
SHA256 cb2e7f82128f42f6128d84d62a31cb9102e918a098bf62a1149ebf755f61446b
SHA512 bdb5adcfdf1aded91bc7ef9453f793e4f54a9d1ad4bbbd06610834642eb50e50011b6c89113a65e973951192bc8a8b037be01e23f9e723a6e0dd49899cd91ccc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 214503c42e3d726fc6f2c7a2a0cec509
SHA1 026ad3dc9c4a26d5586d8ee20925a3c608090a43
SHA256 5ebe59dd27951d570c081eafacd38d729d52e9f10e4984526193bf8f3aa886e2
SHA512 04489c288ecdffd2d2cf411fb0402f5f9792157b6a2e225cf74cd39f8396d39607ad35ccc6f884e9429120ece5c016718bb05ff7c67b6413baf7778e878e8c68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76950f.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 64629e5bb11e51b18ff4bef8dede4e41
SHA1 f42017f3e9c7588d6ad8986b0342f6f61ae3d6cf
SHA256 8dbbedbd6f3a7acec2415db6f091f10d82c07ba7c1958b5201845db1bad26ced
SHA512 210643614ce567768137b60144c21cc8e0c3d890b5328d1bd73eb5cf6a512aed9e7c9b5103129cd4e82233b17481e139631643bf291aaef9fcb83a3294e80fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1228_1406505110\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\24\{2ba94dbd-6534-4e79-85fb-692e5c15d618}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\2366116558yCt7-%iCt7-%r0e1sap8o.sqlite

MD5 46d05a9495cefc9ec5f365f190f98b5b
SHA1 970c52023e0768e7116ff5390dd9c5693a4bbe11
SHA256 4638c0dda08344c847318a0ee40cbf20033f397b0c9025e2a49017b5d2d585ce
SHA512 9046289856041fa8a3899d7bf94c00812671f91ad56028e58e55fcb8fa452e6caa30919b276a66672515c19d890013f82c278b6ea134ca9f55c9fdf0e3604548

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c8a0389c9172709680c2448e3423c96e
SHA1 33eb8d9e9934d7997284c0689620c85d621507a9
SHA256 ecd1529d64ddba60a341ff7e2e9f113bd984182be3c674b6ff6f80b449cb6242
SHA512 2edeec553b7cd8518bc7ac688b4faa48f11ca29ca298e24675fb4ec7006d080e577958a2d2f82997efacaf17bff5413d1b6110305cecc3ddd071f5a6fe09c419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 cf7ac2fc93b747235a502467aef68c2f
SHA1 a5437cbd492ac3e1b8165091e9d14f9af9141418
SHA256 51a332b98d42e0b4597bd5b5efbe42fa87921e4a203703e6745686142404f6d1
SHA512 5014e422489eb69fe9f1f041e8b9c9b791fe35c7db001b7f3bf6fd2e6fddabeac3548c6a572981a7743b8401fe6d871f8bd1a11fdef3c7e3ab0ac18c2c92917b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 d8d10a086626df5d6049ede16d25fe84
SHA1 89cc160f713913847783e3033ad2c9c8b0ce790f
SHA256 8307a796dbb0ac1207a8ec849ea0e69ffb3615aabb3dc63620905805a05c71f6
SHA512 1c1c0cf7c35b88f3331d8ae0a9aa18202d7620472037178386ac7506ca79dfd4e11538bc200228ba42268ee230a8e03de32e01d62775c511bf386b5344371093

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 860c7d47cde3c2191e7c9d5d7d3a7275
SHA1 92454395e839fed1c7e8a4d393fffde68f49b1c9
SHA256 cd3e989d3b5b75aff8a12bc3f2eefb108de2f323966a72cda6b7a16df0575f01
SHA512 90b39874d883ec0a76d30afd27dcd0e02627d05e020b8a5c4ffc0442bbc4734384580facbdc32e56f8130e24ec14d70215292cde7e7241ebe9f53ce8abcdf519

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 121e09f8de05ab0634bfb765339faf29
SHA1 ea6de725bb0c1219318d90a622bc5faf17418cf2
SHA256 daa9299c688d53963dd146efda34770ec638b4bbcc5ff2784c66fbab8fdca0bb
SHA512 189110a0782563bfaab3ace330eaafb8475d22f1dd248a70b1125dbc47a12fe7f8d922b5c2622e70ca84d7c97eeac83181828ed36f152053ce7471cac9a6bedd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c4f45df106f0fda2744d0a3944d85fa
SHA1 c72a21792ad2449c51b4aca52c47e3af16a417c1
SHA256 86b7604545e8b11301586ba06ac7aba38aac37e6d506f60cb74379defac90f5a
SHA512 32796d5dec68ad7cfd7f2432db5bbdc9fa7b323ae719424bf8e0464abc287e2c84149d1b68d263970c6376989493c51e11ad19901ba9b18c84fffbbef63234ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 2f4d7cfe807cb68fdaec8d8edc2f2295
SHA1 ceba3f8a5d6edd2111bec645a1611310b56a7776
SHA256 9f2b881656348bbe660d8e017d7f23a4ac63c70e51b8b8fb802d96448df5322f
SHA512 f2706d38743c958a8910563cc60e7d86443fcb6dc77fb44500c38d2a5480195bdb04d0115b78f20991a1bf2169d1d27b395e3ae76887879bf6924d45e516f9b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cdb0644a744e554120182f5bdcb2791d
SHA1 8da4e80db650e12a3a92cb33219a83e87eb376fb
SHA256 79c4665788b40e066c2c84fad4b6357a0cb36e958391cb8622df86caaf3c22c1
SHA512 da97b39aeb6096a6a161baceeb6d962d7aea09b17eefe4e0182d0cfd466632a85dce286eb49f6d3ff5702ad1150ad885d425543b26acf15f2f08dbeb248db9ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90c78f16-3154-4a41-819d-f0cc9c620d24.tmp

MD5 6575d7f4140fdf62c5c97bf70059b0d3
SHA1 639731a91b3bcbdeb048710ba5fbdb17108a496b
SHA256 0d1329564c9498877391e0c7449f3515a0886b83d406baa01627096403ea3c6a
SHA512 a2fa237898ec34e0f26ff75ebf5633bdc8f4a33bf7ae0e25cd93ad60cf190717191ea533d69ee91ad77f981dd349afe1354b07a9d427b99c94f9346ecb7a82ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfa4d57169ead67c71b23ce5dcd408bb
SHA1 398ef0b9864651353f5f73fe551bc8915e039206
SHA256 dcb247cb3aaa859f15ab98c95326cdcb753a16c5a562d8097233761d357f30c9
SHA512 bb15ca96a20302c0dfa13cabff7999da024f81fedc9100fc4aba5a5788e68c49587efa835c85f55dcae328860979a0fe504b880c416de7d2a7e2392d5aef9dd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 cedf88af9e196afc6c252f17a7fc72cd
SHA1 7b160c542c7547ee997f49256b1c06f51a73d184
SHA256 1accca868b8111acd6b2027b516fd5f4175030d89e459c0b54464ea5f29f171c
SHA512 01cbee0440a64bee05294146122654ef76a7276a9165c2048cb7a40cbaeb3d95002fd6b39906da0b3f205863e2621248218924e38fb8d14e157ca574808d4be5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fdcc382fa29f1652dc580c83cdf7ab0
SHA1 ae48220e1e07df61e5d474dab59d1a0ad75d80f7
SHA256 a4d990df300fdccc14f3b392c82f9b3ceb52a8981cde673f67f1f7c8ca716465
SHA512 3327546a6f4ebc24097a63bf4c2db058da7298727df01573bb37628ccc26b20659462a16aacf069ae85a1c65ad9f04b2fa03a0a603886d37ae80048c584630e1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5486deacd5052bf77adc416a7012055
SHA1 6a31e0bbe6a7dc6c628f0f30efc0119cd16d7daf
SHA256 4b3874d858414295be783d833bba3dae3087cc3012e9a075a2df614c5c883790
SHA512 1727d37716f286760ecda0463f4a3ea6004148ce3e986bad4b1ef31059b7f108272bbd43f77d96e40e208b96af3435e64869f39c36112564f9c088c0c53bb54d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 209e08f0d2dec9387a0f020a13b5946c
SHA1 20af7fa248c5c97493d52aefef62713576918be2
SHA256 16db522380c239ad56fe36bbfe6d7d75825587e644aef28791c7289110f2cae5
SHA512 f9200846817b79b258fdb6bb31bdc52f8c58c69e9d90b6af52528cc1d53e307ac06a9a2a7c05c90ee1b3986f78f7d2005bc3a12914af3fd351dbcd87c6412f45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c212492edb3b02c3252eb97d12041a89
SHA1 7b1eef723e438a0d2e001cbe3dfca05e96389116
SHA256 35646b08e5038a353ec7db30f09d377da42d5adc53eba25003cf011bd0026224
SHA512 8a168d7446039f1c8cc9a59aba2583371e983a61425b95a5c7805e280d6f017a7a8db31dff3b611877b47d91088ce001b6f8ba3fb5ceb18f32c9712030c53fa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 612f43e13d646534b372df13f2cf9890
SHA1 930ca51dd18462a609cf423e8ceeb84ab5e0dbea
SHA256 20edd0ed3405bff21469565b82ff72b24e810d31a2e9329908aaff99e1e01cb6
SHA512 1703aa2b7ad84e84b9cebbec65cd9daa61b8dde78d04a81d765b3692e634459a66bb02a6d88e129ba2d27f0d5107db1285f2e6ca6486708827d3b98fa7b25452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48e283400bebfb5dd4112263c8c3b9e7
SHA1 993e0462301fb3f236906ba27e324639bdd32050
SHA256 41ed0ae51409f164211ea847e31dc4e7fb3b84b7c669191e18f22ecc3b73b011
SHA512 3544102e2a7d19a77afbafa0362216a1dceef2079007d255fa2cf1dc77c9ae4450f4a68105be798d2c338289aed7beb59a755d23a02e314332a3ab3d2f9d7375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb1a88ee1e6fffce084a8459408e9dc5
SHA1 89e3f4b1f2f8c1b915f9b73bf9cf450a117be9f7
SHA256 cfab48e31e367ad46b351f575e53fd6454f874f0397430bf756b2a6bfea64135
SHA512 880675fcfe49b52cf96ff976aa008d2fcb672bff7e5a60d92be4be68b8440fe14cbdddca4b6918429e2a4eee1efd14b03b8b2c3e6b58b820cebef0fa8595c9b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 483297055d11de33272144403e7a463e
SHA1 7296c32ded6185a957251ed9cf5b538d5bc573bb
SHA256 3d1cf505613a2d20fc5396c0803c2be98cdf6ee91f47cd8608dc4a1b14a4a604
SHA512 b3e8d6ae8b59c9859784f4a85fa35ad6e9244a19efabe329bb371ad3e2d765293374679d829f54678526d7fc56524262bfc917459fbe7432b10982fe0d2074dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fae9227015474ea2420742de1b84909e
SHA1 38cb70663e2220d8d866774f068e7d0e71e38e07
SHA256 37b62c30c9699a5f7b6a3c85cfe069b8fe7ea742abb4780d3c3fa9572eaef8e7
SHA512 23f22dbda34b77b622e57440c231409b051619df5eaaa55e1b5a1f7fc1d76803180d9bbbb7cc5ee12ce04c7dddad60f6d97470b1db7eaa04292db66303e1ec20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 fbec006ca41d93165032aace6d97de82
SHA1 0560af58be1627598245d42904f6ebe0bbabc88b
SHA256 46573318a96f15c56ba65a5bd254b4544eec8f38bd5503c362682e6fce0cac5c
SHA512 44d87996ffc4144961a4415f6499506d4983be3c2de8219679bd2c315cfd23116a5f5d9ca1ec801cb9a9dc4c90da973c45e09742d6f553abb7e3900f596e77ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bee33c1df99baf8ec78ad22fbdf9a1f
SHA1 73aa2e64f60af7e78e847328f78929d4bc99744e
SHA256 f183587ea235fcea46f55cb609b21aca024d2fc6697afb9217e31ca096a07cf0
SHA512 d1dd8fb34c6b44ce30571b20a2ca14b288ffab67318f4972af2bfd8f8f0e5e60c3f1fa51f14561231c963c00b96f620f866574ac07849a512b0c870604bd71da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ce3abdbbb1c31c45215a08b0fd02b4c
SHA1 887c65410ba32a02f2729ac4ecbbf75665c0ff5c
SHA256 3d3617f8b12f6b13a29d384d63c3a6e45744c004163681d2a4182cac8a05a875
SHA512 79a0aba03ed193f726da2b3bd8f6d3a8c9fce6f84e1476f4878c9e6cd69e7caec847f192f7e213213fdb94864de55f8eac43532b9f9368932a3dd438bb6cafa1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 c2a64761fe5a01eabda222732b4a29ed
SHA1 ec1ac80bfbf57c1a0b31bd0f369c0bc7692c3b70
SHA256 dc6da7c88d3f91a27e167ebe73d7d010cd5f858a4ff1b5e8c81566b2ad5fe9f3
SHA512 a9943d56652fb72c109b42d99dfcfdac75797451a5c97073fe8192b454020282eccdf884c16bf52dca66fe649154aa6e78c80b4ecccf127a83426b90c36f204b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 98e675bcab9e643abff464c66888b40a
SHA1 1354348028399c3798d5a3f9bc33516518e238f9
SHA256 59945e0b3d40d110fda404066b4e9825f9e459be0bc9085dfeae8bffbc99628b
SHA512 4dfd2fe8289b2488e1617f5f0c43af6b233f51c43742bfd419e4fefdb5925608b4788df184639ecbd577b418551d8756187126e4ffc50065eacf81175dc6ceff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5aaf008356a2cd19b7d3504d8e6524ec
SHA1 01e7c5cff2b6f94edff76ffe2a94bc19484bbe17
SHA256 659fc562adde54587ead754928df520a423662000a71d3726d58299c1fada317
SHA512 157177bb9bb45d2158264667daf6170dfd697b8abf69531c473c19bdad38f72fc87b072f6a56c16d7dc88ff65f0621d51f6eb89f8e5a51faedba1b03cbac76c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c62f9a6c0cdc128b59c9a0762286968e
SHA1 57d936d58eecda6b0881eccb64496954688aa55f
SHA256 ed640fe27e4862dbbef7adc5f85867b0839e7d2067c1521309ade3021485f702
SHA512 f0498cdcd4fc6351111f83694fd29ea49c7c7855b801a539989807f71ca906684be32c73e4c944c4b2d2cb9d9770430e81ecee5c622f1e9d98fbae29ed5bb480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9a6693b5a09ef6153595e3acbacc207d
SHA1 42ad0a78047a9c5e903539736c3db37593902fc3
SHA256 90fa532e2c092751b5fc3502cf705d458cba2d93d1ec86a9b487f89bbb6503bb
SHA512 0da77715d8c47cfc825c900b27db51aadc52bf12b36cc0792d11a4233eaa3657c04256f48bdaf7093c96c24caa8e37ceabdd0e11820ac052f33704f8ac57f82f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c7b91c2e5ae67e593b910bef883bffbc
SHA1 52cd0f8e23d8cdc22a3a1e24ff75642541129465
SHA256 4fcea2ba19eccfda524f919dbdd3b561f1c0c6763e4a5a6ea048ee55cd6b6e53
SHA512 264c55152cedd3bbfe40193d0e58b7a0b68afe63e1bc177dd60f65a0c6650277bb515fb75ed224f1dedb62068b07d1011f6f3efbcd5a2b20aac9e777be1d487d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2ed5c735d2735d552327220bacd7e743
SHA1 1e608755e90555a3a73b32a565ec730129ce7869
SHA256 6d0c4a5b98507ce2fa01575f4ef48d1369005167046325dd88f0c0612563553a
SHA512 f7a3df3f239735b742e188510e6b36886888319517caeed89f37a21f3a557fb32a75b68ddc0f6b3a16edcc00a305db93008d652d1f17bd5a988a35b62bb57178

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7a5a7f.TMP

MD5 24d50b9e034d82b60d75790f5fc060fc
SHA1 6d8c2acb370eeae8dea4778bae31a5e8f5e124ff
SHA256 77a9988bc2711ab6b05aad029328ffd68453534362bf11be11fbd8b35a3c62b8
SHA512 54e96d6feaa1190b2b11d0c627ccf55081459e6570ec9db7d20f2406ed66cb0cffb15e2dba0b1d93dbaff9985a2c02bd0c26c9d6f36ac7675d50dce23b5fc2cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-13 04:51

Reported

2024-02-13 04:56

Platform

win10-20231220-en

Max time kernel

299s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522737207464679" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 929a2c5f385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f5be715f385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 27dcb479385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 395e0865385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 41c7bb67385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 40141cad6479da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = d0da7c74385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6a32a65f385eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3948 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 4800 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 4800 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 4800 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 4800 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 4800 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 3300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 6072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1460 wrote to memory of 6072 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3008 wrote to memory of 5156 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5156 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5312 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5156 wrote to memory of 5324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5156 wrote to memory of 5324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5312 wrote to memory of 5316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5312 wrote to memory of 5316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5288 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5288 wrote to memory of 5348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3008 wrote to memory of 5392 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 5392 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 5440 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 5440 N/A C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5440 wrote to memory of 5568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5440 wrote to memory of 5568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5440 wrote to memory of 5568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5440 wrote to memory of 5568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe

"C:\Users\Admin\AppData\Local\Temp\bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9f21f9758,0x7ff9f21f9768,0x7ff9f21f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9f21f9758,0x7ff9f21f9768,0x7ff9f21f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9f21f9758,0x7ff9f21f9768,0x7ff9f21f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.0.2122289611\1681707495" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af85f05b-8652-4034-9c39-08937a917621} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 1820 21c7ebd6458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.1.1145850161\9194445" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a117b0c6-f9cd-4439-a80c-776c0b25357c} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2180 21c6c5e5e58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1736,i,5277206976817669710,7161682851460944380,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1832,i,9428713031867957998,7026523389017493043,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2744 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.2.1989057145\832455999" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2756 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11bcd0b0-02c2-4808-a9e2-948eef38f2e2} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2760 21c7eb5d258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1832,i,9428713031867957998,7026523389017493043,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1736,i,5277206976817669710,7161682851460944380,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.3.2118019113\1395826923" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3088 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56300c80-1bd3-471b-ad9b-fd6f0ee43764} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 3128 21c02ba5e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3676 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3536 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.4.1248977040\292100677" -childID 3 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c9f2783-0c54-4f20-9287-7591c604c90b} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 3836 21c048ed858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4652 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4516 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.5.573537088\1780230690" -childID 4 -isForBrowser -prefsHandle 4620 -prefMapHandle 4628 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce7cf5e5-2258-4b1f-a906-4fd0163b613b} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 3244 21c04cb6758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.6.1338008874\557701089" -parentBuildID 20221007134813 -prefsHandle 5336 -prefMapHandle 5320 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e671a86-efc2-46d4-a785-aec31ed053cf} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5312 21c070c8e58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.7.922128610\561470394" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5364 -prefMapHandle 5312 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03abf220-d25c-426e-9c05-63f26f2de2e5} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5464 21c070c9a58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.8.1078504713\767502403" -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5700 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b98b5ea-a867-49fb-8c6e-51ac04408359} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5712 21c070cb858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.11.75472483\68050912" -childID 8 -isForBrowser -prefsHandle 5780 -prefMapHandle 5764 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0c717db-284d-4ad4-bbae-9e4ccff2df72} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 4784 21c03092f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.10.1081114663\39938609" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 1612 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd60c4a-66d5-41d9-9b2e-2132766b21d1} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 4352 21c01da8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.9.1354743094\463218102" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5784 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af428130-4103-40e7-ba0f-d7633f41adb2} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 6032 21c000bda58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4448 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1864,i,2059574106632254660,10655736834015258933,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 13.107.246.64:443 platform.linkedin.com tcp
US 13.107.246.64:443 platform.linkedin.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.246:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
N/A 127.0.0.1:51066 tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:51077 tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-ntq7yner.googlevideo.com udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 72.28.194.173.in-addr.arpa udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 92.123.128.167:443 tcp
GB 92.123.128.167:443 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c59.gcp.gvt2.com udp
US 8.8.8.8:53 e2c61.gcp.gvt2.com udp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
IT 34.17.18.17:443 e2c61.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c10.gcp.gvt2.com udp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
US 8.8.8.8:53 59.74.154.34.in-addr.arpa udp
US 8.8.8.8:53 17.18.17.34.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 e2c70.gcp.gvt2.com udp
CL 34.0.63.29:443 e2c70.gcp.gvt2.com tcp
CL 34.0.63.29:443 e2c70.gcp.gvt2.com tcp
US 8.8.8.8:53 210.74.116.34.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
OM 34.128.8.227:443 beacons2.gvt2.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 29.63.0.34.in-addr.arpa udp
US 8.8.8.8:53 227.8.128.34.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 udp
GB 92.123.241.137:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.204.78:443 google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp

Files

memory/3560-0-0x00000249C9D20000-0x00000249C9D30000-memory.dmp

memory/3560-16-0x00000249CA600000-0x00000249CA610000-memory.dmp

memory/3560-35-0x00000249C9F90000-0x00000249C9F92000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 78ded5976c1d66234e7c13d6d4429c62
SHA1 1385c904df0e81d8b6ca427d7168b153f85bb2dd
SHA256 ffadf7d252293e6722354cb751cf7ea05d5bc6fa07e3ffe5c90594bca3d0102f
SHA512 51689f5f7bafc534e5bc1b2336da5eed6707b062b0007950d7578100bc8e36572edc5aa0e012c53813567c513ebe8d0d528a160296c073c3d7a01a40ad9701c9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0a3dc5f0e43b06fa700cd63fe27b8b5
SHA1 2b2a658843149d0a845175c331ae2d864b688480
SHA256 efc0b1338ae2ebc4f20a7c0d2a435f3e281db8e487a3758f9c5dc5e993c54347
SHA512 26deea9740b88faa47af00db9bf2f860d43c4e71c291edc9a23f2d0742b1f7fc0a9d7fc5c4a15815b455e9ad8e1694b798cbfda1c677b239b5bdf38d5a9ab23b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7ab368db4df25adffe1186e45e7fed29
SHA1 423fde4669df551432a5c9cbc7fd7c00bb42c504
SHA256 034ddba5ef724129ee863801e74d835541cdbefff0a033118850eebf02570b0e
SHA512 fe4db55c6be5af96dc4d56836e541ba4ea6af30f47d051343e338de087bd5ec06f3df68c21ca8a72b2f6267f8723fa8d96ec65ad0086eaea9a727ac6aaa465df

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\W8WICET0.cookie

MD5 bb560ae0014c765d8aef593c30007292
SHA1 26108fd6a91a4a485ee83cfb1faf71fdf81ad127
SHA256 ee5997bd880dd9e1b53924c9d011df7985fece9dd99b1950a842def30bebc761
SHA512 cfaf6436ae32b5fca729da0c49278d0dd27275984236fa398f66530fe63fbc4e5db531122c0408fe684ec372e0f8bc4239f36246871f9c29ebb3252d8eb1b470

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G66WUICL.cookie

MD5 a4dac99bcc0bc6ee309cec31c4f483f0
SHA1 73e761b34807637cc615cd8929eb3819497561a2
SHA256 e37f373a7f0c9e3c1107ee81b6984e3cb1f146870a1d7ed0d5b6d6b6bfe3277d
SHA512 7820282d3ae978ff76d8a250558a1387aa929f545aebb0305991bae4a93dfd11a9b440c5eaed8b8dadcece4387e0d43fbf1a1638dfbae5163b40d28cea45a11c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PCSEWIQ9.cookie

MD5 b86b241297020e244c329ec236068c53
SHA1 f1760d681baf9123b3b95f3e8e46e2200f0a96ad
SHA256 f39ab4c04d4ea64566e23d205134d6172b4b135056d302eb593beba984d66255
SHA512 3e986b3b8eb0a1765ecc3f05e2fbf2853ac1bb9093823d459df2897d108fd4e536fbc655cb7b271c87bb1bfa2f7aeed5515b0ac590e5981cddabf81deab94d45

memory/872-126-0x0000022AF18C0000-0x0000022AF18E0000-memory.dmp

memory/872-145-0x0000022AF1030000-0x0000022AF1050000-memory.dmp

memory/3948-186-0x0000015988BC0000-0x0000015988BE0000-memory.dmp

memory/3948-204-0x000001599A1A0000-0x000001599A1A2000-memory.dmp

memory/3948-198-0x00000159994A0000-0x00000159994A2000-memory.dmp

memory/3948-206-0x000001599A1C0000-0x000001599A1C2000-memory.dmp

memory/3948-208-0x000001599A1E0000-0x000001599A1E2000-memory.dmp

memory/3948-210-0x000001599A300000-0x000001599A302000-memory.dmp

memory/3948-214-0x000001599A3C0000-0x000001599A3C2000-memory.dmp

memory/3948-226-0x000001599A3E0000-0x000001599A3E2000-memory.dmp

memory/4800-232-0x0000025C723C0000-0x0000025C723E0000-memory.dmp

memory/4800-237-0x0000025C72A00000-0x0000025C72B00000-memory.dmp

memory/3948-236-0x000001599A500000-0x000001599A502000-memory.dmp

memory/3948-241-0x000001599A590000-0x000001599A592000-memory.dmp

memory/3948-395-0x000001599E6C0000-0x000001599E6E0000-memory.dmp

memory/3948-394-0x000001599E6C0000-0x000001599E6E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FP0AC4ON.cookie

MD5 fef51678ce79177bb2490176245405a3
SHA1 3f5b09e0f93e34eda1b13738b6617e6b2a263550
SHA256 c6b8a5a371bf71cada4e802fe65446ac69c083d8b97adbfbafec5d2a9c6ef41f
SHA512 3a4ae6070e32c91205826d0fca2b4e8b705a79b6206a888e301b4a4c37addf5d5e7d95e359c40eedc491eda84fa46973c7930838b650dffa4b70195f484f4b11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 fb0cd142c12ef222396eecac0c5b9303
SHA1 7c202fe783235b7a9e8a1b14393c166b42d58fd4
SHA256 5655f4e20ff1610e90fc053eb8a87db731d99fd2624c04bdacc9387490b2c9e8
SHA512 15102efcd0c5a1720eb87397eb3f9df243f956e2022fccab3a28aa07bc4d743621c729ac25c8eb5dba93fd6bea56f82dc641a0f770341973eaadfc95d84791ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 ec985070da1b4ed2ec2173a31fc336c0
SHA1 65fe986aed149780b448a6e2c8d1ffd004e3f5e2
SHA256 03521fc6d16ff1be0205186640b058fd487d27e270e882a6dbb48adb0ef65c2c
SHA512 5b2f7ad9040be1d0d5616e7db0661a003f949a6764e41d2711de978c6b6136172781503ba09437702fdca49b2cbc45d02a1ecfe8188991fbff93e318a7ac2acc

memory/4800-455-0x0000025C726A0000-0x0000025C726A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e1a18e8a7189bfd1910790db30e072e0
SHA1 b49dcd25166344ed90851153a8493d1477fef7bf
SHA256 1cfba58b258a5f1b359763e22069eb2b63d401c4f70e5ab7b4619c218da8e913
SHA512 751730fe8837c823f7a6540cb98eb0f2bee216ee309b964ea146d8c4004bc60c09720bb3bcf96981f26e63f6d1299d6d26f3426b90ee7166e9ab5af2ef94bede

memory/4800-468-0x0000025D735E0000-0x0000025D735E2000-memory.dmp

memory/4800-473-0x0000025D735F0000-0x0000025D735F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GDQLUWQZ\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 1eafb519e220f8c8058e5fed5b8b655f
SHA1 5887ec025353d6d46390446e36f4ddf516be6c07
SHA256 df15aa54bf7155a9027096e97a16a7ed7488f969c621bc46adfaede91154c4d0
SHA512 10d14f6f744673776332797f8b556253ee67fd5d866ba531d99d49a2d6c906890bfff95a378044f33aedd6f4afab6b18d217d29c0b879be3a8d3a83c11bc48e7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9445c00a1fce234c90a073871ec92011
SHA1 92dc815ee9aafa29ba3f10d5cd6f2902ac934a86
SHA256 335858175592f85aa9b63c37f4f9775f6c215fcc42d2984eac65dd8a82c2681b
SHA512 e207668289fffa21791ef7a4da4ab4833f0912e1b384898c24cea125a4bc9ec90ffd1263f7c3685425a85d97df4fdc02734e641d63257d0c6cba3111af0af7b5

memory/3948-588-0x00000159995A0000-0x00000159996A0000-memory.dmp

memory/3560-601-0x00000249D0840000-0x00000249D0841000-memory.dmp

memory/3560-603-0x00000249D0850000-0x00000249D0851000-memory.dmp

memory/3948-625-0x0000015988700000-0x0000015988710000-memory.dmp

memory/3948-627-0x0000015988700000-0x0000015988710000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\84KXNTSV\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/3948-634-0x0000015988700000-0x0000015988710000-memory.dmp

memory/3948-636-0x0000015988700000-0x0000015988710000-memory.dmp

memory/3948-638-0x0000015988700000-0x0000015988710000-memory.dmp

memory/3948-642-0x0000015988700000-0x0000015988710000-memory.dmp

memory/3948-640-0x000001599FD00000-0x000001599FE00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d55994dcdd4b219be1abcbe56a99720b
SHA1 f4b546a5fc65bcf2b9ab1ad2391f9bae87f36ce4
SHA256 e5db27ee22dbd27b16ed1f10b65ff0e574cabe32a64b64751bfe6239ae241ff8
SHA512 ccd8bb10c7bba2a457eebab07598fcf4e2bed3a4fdb4b5fbfff915a4d4f34ebb744e75e86f4c6967e926885d18a48f6204c2e9722b63b048a63baf3d1e2db60f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 8abb481b8da113b9ce9c806ea27f1199
SHA1 3f748ad489c638e8dcbe69c0894c5aa5fcd9f97b
SHA256 f5f88dd9dc630468267334bde7f74f042698f73ab0b5dde5be98ced6d7ca15ca
SHA512 7f4af25fc50ae67b4d996080a03792455af151201de71a9b042eaa0fbf116348590f31dc6454ff98306b36765194a0224a3e521ddc602747acc2489e9ca40f0f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\vqbgh7b\imagestore.dat

MD5 273294681240c831813f6eba3114ca80
SHA1 5891c7221cb34ddc760e29d43a97bdd53a7a9e72
SHA256 e018ff0898d23296490b365e2e341e7615c6e7afe51b15818fb2af5fa282ec12
SHA512 203278fa9cbf12b465b4280ff13dcb66d652ef438658c2f864f357b8b17ad4aa7d43ebee5a8f740cf17f02d6137b6b9c815fbb2524daa0db0bd53ef7d2194565

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U4LZB81Y\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BQXJL288\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N4ILKHKN.cookie

MD5 4bec29cacc89703ff1e161d3b0d9e44d
SHA1 d9d8d51188804874ff67dda273a8a40d652dfdd0
SHA256 b47295d9a6207d13da970dee32db238bbf85f81b942d354a4415ff0f16793054
SHA512 30e3d381a255122e5b6e1f8376749d50cc38b204dbf24dd27883e3608d10e7ca5e3ada5941ae018fa2463eb39ebaba6828e6c955150eb802611d8e77712e0c30

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBIY82GC\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBIY82GC\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBIY82GC\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ELBQ0IEH\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ELBQ0IEH\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBIY82GC\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ELBQ0IEH\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBIY82GC\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ELBQ0IEH\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 527442135dc529f08ffe2f3dd5e1314f
SHA1 923b0d539a9ca7303c10add0ad715caa2b3b1d47
SHA256 010bbefa39712afc826b63ae576b51826a506696db5c18c16d9db07bba4f8a8d
SHA512 f11f910ec724c6649429b27f67b4796d2e619027b507df1bc178e09b2d5ead308f2e08cd4d54419c275baa844ba9f507b92fba1458347e37b34cba1e6ce48243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 3c0b6339934237451f7c3ce6697c7d29
SHA1 2ed880e09f9333ca3cf469ff077c9310aa245e49
SHA256 c23ee105ebf0e27956f6fd51d702424cfd2040783e3fe0359db9cdf3ecb20e71
SHA512 495bffdc853df76fef6e41c822dfc3b0ad11a12c8c509061230894b23523501b6d469077e6afa10c4ea1de44a13277445211d5ec2f5235b9f21b4e944ce2e5ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EYAS0B9S\desktop_polymer[1].js

MD5 fdb51e26a9e29571b30276bbf363991b
SHA1 ab294f1df607be2e4266be348a525da228b6b139
SHA256 63c4d5501e983eabe9afb5ca33b8277ac6526078221486341efe6aa81aeedcfa
SHA512 c13635733b590c93a0d8f29f1d1534feb38d82cec54e6f6cc1ac8cf2aaed52a7b5d3c811b4eed5534e3a68236756e8760d64a3632d129b334744917d4a3e756c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MNGIG31V\rs=AGKMywEOA3PGFoxTHdfIA46vv6M8Ohqlrw[1].css

MD5 0bbf1f6f5d261596655e658e2062fec1
SHA1 b7f635acacff60c45d90e6af91392eca91c4d952
SHA256 abe97e03d0cbfcd54297661c31de987d6af007804eb5c645a78fe2df628bb802
SHA512 aeaf388815836d6c0cf01dded3f52500aca981c45998509d6cfd8534d16aed0d5a7cfadfadbe745cfbc9748fe5062f6650aca6bdec5a0285e85e699a70581532

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EYAS0B9S\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EYAS0B9S\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MNGIG31V\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0BKUQW1M.cookie

MD5 12b3cd30196c3b5c74c66cb5f7b78412
SHA1 34c37fd0c350d53166c3d00f145446a4790dedf9
SHA256 f0dbb5a400a722a0095a48f3aba587b6946a3febf442e164e7f7607e8d2178be
SHA512 cf6b6d95f0e29ece764c33817e1e2f94cf452dd335b29f817f6a86327cf0d785d69975fbbecdb5e32120967cd640bd1c6096c587bd08bd6ab6fd5e2294d1d0ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5288_MGVEZHWUOPOTPRMD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5a62713f-6517-4d78-8947-5bc279d4e313.tmp

MD5 ab6465110f70c0cec3d70cfb8a0c0b90
SHA1 3190d92b1a24e5b3a84e723dbfaa06739dceed92
SHA256 3e5e0acab7cf77b5c10f089e6f6370efd9dae93f20e65c955745e7761b8bcbfe
SHA512 199be780b0fc215e396bce882343628278cce0a7cb83957157769b30f8f8b4619d6fea1c13181b9dab96721fc49626a7fb766eca816cfaff28fe64394c3a519b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fcf7f585b474317a4c2b7aab6d3aaf3c
SHA1 cbef032b48d5662a5f9aadc7bc1608a8a8cdcc38
SHA256 f0aa6ddda5d87e5e22fcce628a367df26e3a3d718e68e3727fd55a404edcf7fd
SHA512 96b5de6c3b62483f82d242fd4d635e2fd54e7852438494bfca140f85d1058167234e6f737acff76bb7a798451cea808ecfb4706f4f471382971f261f6bd26ab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\4be1cb28-f440-4bdb-885a-27ac2cb9fff1

MD5 662160ac9bb77b220326c2367543f613
SHA1 1e1e1d518f5318262c96265f2ea1c68385d70bae
SHA256 a6f097935c7ab65eb3366bf8dfaaaf61ceef1db6d895dedf1fff984a871d71b0
SHA512 25f64fccabb17267559a6855b7dac92f72ba61af962e67699874125e95b541650cea243a968c34c47ed1875e940ed0c023e005ed0452b79da55110cc3fbe191d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\2c803f90-fe6d-469a-a5d1-db87a2df04d2

MD5 8ad69ad0b73b5ba5336a571e0294ccc9
SHA1 7b76022c07d4a7d1a093e93e272ad6187c1f90b2
SHA256 4f932b87dc726fbd8981130b112b77d088f5140840e0f81ab7fc136c4c82cb54
SHA512 8b9402748653b28927ae4b0d23e8b3b1ac846b7800bbe764089b4fec7c5fb6d12b670840607921ed0e976dfc693fe18b7c7c3b055de0a7c950dfce876ffcd6d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

MD5 95418cd342990914dc6934208b435a25
SHA1 e5dc04045e60069d623907c72010da2767cbc145
SHA256 61b236f96c2092b0561b821e63fd26615c4cca7af18cd73cbe7f33411f1e1a17
SHA512 d4deb9966d5668a7ea969085f512f24f4560110dfba4878dc0e11d619c52e7412b46054ab36177a6e82b6710a6ae2fdc0cd1383d6731cddc4e74a1e4d16bc8b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 81ce148c8f39402740775c9b2a11fd01
SHA1 7db05d4ffc3c90a6c3cdf85876bbb7e47275430e
SHA256 9162f15d49bcc6c2d8b2b2e36652ab9d7bff481d6b9ffda7c5b82382c77b8830
SHA512 d412d32acab4dc7b1837fc491c31d5addb947763162db67b1042ff973eb625e1e7a1d01b597fa6eb3285b4f64d37821bc8a0acd35c4e1ef9ccccb84aed135697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

MD5 e3599c6aafd1f916b24afc654485816f
SHA1 7a8f7239e9806cb83f618bf404bf7f57d6b678e5
SHA256 b0104226467a53e6aebcf883c6f9e00058a77e00d40faf7864a0527909bfc6e1
SHA512 1a44433e4c8629143681726a3a8d07577c567ae3f0b458099edd8b880fa0e7eaccecbc2aca49cd1df7e4fc34d8c9a1c52d4721097aa2a0d8418a7488c91ad12e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4ab7300fab1befe3d685af3d7247e081
SHA1 9a4cbce26b02a03c07226a6e79733957b641de2f
SHA256 ec56a7d87a8a1c3f6a4e525a0da42af4fb3337dcae69e1be9132e7587dd5e8ec
SHA512 9d948bfe1d29c7d840a8049b7174970bddf5b90157232fe358543c5a338e5e836e8535cd6e1ca5199aaaea84a4a5dbf8810541ee47193c84a0fa9bfc598a6624

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\cache\morgue\97\{51fffdae-ed88-47a8-beae-abfc4915a861}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.youtube.com\idb\4290870080yCt7-%iCt7-%rdeas4p4o.sqlite

MD5 6461d33700586cb5a202059ba72ecd54
SHA1 c328c07724abc786ee06d1d90272a86a969893ed
SHA256 daf4f3d59de67633e098c4b8aaac8b1d4cab4c8861a53ee34d24d56c8d92fa1d
SHA512 8a9c1e2a049a7dc4110c5fcab472f32a831ed72e26c8d25c32cbe2af4349015025aab12eec8242bebe04ee06bbaf71669532b8475fd131064f9590440fd8e992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 81436e5315e5221cb5562fd4ae59791b
SHA1 ce7e38c568b89f878ed6b9c0186ccf37bc784e3a
SHA256 74c9c0213f0391f499600e1821954b45655f655c0889d5b1c75ee823c71dda6d
SHA512 0d348df207f16bbd9414926c0a122a4fac9224523d69dc3611cc60e41b0cedc5a092003be1d298fdbb3204f1a6af53291f833724b8ad04a1b29c4e14aa94095e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 ce3ce3ec249dcc09b9ee2bff92a2018e
SHA1 4cd1e8f23da11dc6ac22e3b2150886e911065a4e
SHA256 b76cb78fc9f23e750261aff5968bbebee210efc8dc98b5b0bf9d383cc1070e64
SHA512 fa858edfd14d4e2d6e7b45e6a6d3249666522290bd06e02c582f59914f01629d48546d9559c68221787b6c79dc120926378d3747cb9b9b8e709ca2e9f31c4d5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba1782b0626199aed62a4aef9d3c8081
SHA1 489ec66dfcde5e30e2e4ca6d312598d59c06258f
SHA256 b5eb50b1c424e0ab6d82866f83b5abda299c42abb497791df08be0a1af59efa4
SHA512 dd8f71393bf502ba3b48de601bf961b8037409d5cb5c1b935077a8a6f173954710c0ce7b09ac66cbb35604ae007e9908f966d1472ca274b34a88989ee73aba24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc533b999f1c2d03fa6f7dfa67f25980
SHA1 5ab2e60c85336829e8927ceaa792d0303502d424
SHA256 c13947ee79bcb002df90129d65f39bf6614745e03d26234ac83ee6f4e0484694
SHA512 9cce8b9001dd98fdc8ee8f841e56cf0fa0423c8b188344df49261cf612f341151b6ffc0ef064adc15aa0488bf08137754b2dc1589d5d4758be521c4613d8187e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5f7a74fdd9158c85adb94cbd242c5a33
SHA1 fe46b42ec4a98d9400137df1441428b80b619380
SHA256 b054b7449101866cf624e494471c58922172b7060704d42ee4a75d5782b4608c
SHA512 16c5472c7eda4b7df128cd481d2c23ff7540d9fd02fd59ab894e6bac7e0eca5aa0c53ba39d987143fbf5fb54bcb40a9052ceb192189ab177aca256b3e75c374d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580ee0.TMP

MD5 ff9b6ec65ee16ba207c1bca74abb2857
SHA1 fc87e62513051dcd236a24d1fcbcd60070bcb2b8
SHA256 ffc49cc62fde0a172df66590e1a5c3ea22e68be0d47bbe809fe4c41b7c8cf34d
SHA512 ede821a0e6d5f293382311e1e2ba2ed86c3c6965808a8273da93dab002380106ddd06a8efd633cd0c4a839f407dd2c8fb74f8478ec9ede9a2973a35035d3399a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9586cd869c0b9ef8445f01d625e4b84b
SHA1 a7329fd26d7f9a7f9cea2ecb48c137e85a85021e
SHA256 43976fa84f61cb8f3b34673114f40c8c38b855bfa5d939ec755a0218e4965104
SHA512 3bc97b244cb38518b638c355635fc5e51cb5a4fe370d5a038184e8d6a0e19c7b0c0e8619a52db066785ec906484c208fc628ef1df40549d5f2cd1c077a0b9e2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3c87d9256efeca738e4a3e5257e77401
SHA1 9bed1cde98b5bc4656508f0e11d8eea3ae765eb5
SHA256 11c6fddcdf9c28bf037bfede634e7fc6e23c4575243eeeb54f9d27a984f8d84e
SHA512 d21605533e027126e8a05108f352ad037d2df185beb0cb1ecedb56886e90efe2a4ccd12f9b35b4a519f16e2f362203aa0230429ef6710070043a6999f4751356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 22450d16f2e1dc609fd5919ca478066f
SHA1 54809abbaecb7de458dd8aab5a639f530e8b0393
SHA256 955bdfa357f27c2ac6afd2e4c29c27c267f6cfbdd345f56df782cb4fc1e70503
SHA512 0cb02cd61041fb15c47e121f951e8a0358b4e05cfe002942489535e38878a2afefa99ccc3414f1416669f7d2da14bb0c4722219347ece4b23662c4788b038b2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 0df9e59659b435a2b6eddbfecc8da92b
SHA1 02db4d80c24c0827c872efb58c4d2701fbf64047
SHA256 a40f7ecd24e4aad8f6b0a6957293122577666e50b3af39112bf71eed89f2e565
SHA512 71474b6d11a6a4e63d9e27eda77c4ee2500e5071a4bf3612549855dfc504e7a31b36b80e7a4d0f7917caadb3aebb2259d51d322ae94969e7f7a267476bf7e886

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 01da7e68272da5cb4135904a3f43105d
SHA1 800867cf515e87c32fbf28f960b1da8fcc20ba7d
SHA256 d17385b0dfa038b77e6a145a81fcde64d1555812beae01123b30b79490b34ee9
SHA512 2aa1edfc281f00ab2c7a1c2121531eb25d9890160830b6d4fd9f5fafad552b4e4fa422eb223d1f5103afde8256427ae4cac6a62fa3c6df6d3805613a475d659b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d5d.TMP

MD5 c5f7f287237e15daaaa6df79f7c3ab0d
SHA1 6c86a3b089b0ac9a4318190d461ead9b16f2e8a4
SHA256 16c36b014aac277dd512908dfea96e2a5af7c8c9e6b9a6dbe412818c431ca6ec
SHA512 d794224d8ffebf3e60b66e671acacb4a5a3256550a09f39e08e95c97589a68855ba39724620784686751e32bcf3ef1abc1bb813630ca1c5c0153174e5566e050

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ea3987e6b4da831c82c5940b77dc44e8
SHA1 da83c4db36ea2b9e34f77807f2e0410068928185
SHA256 4151ad9b15804a86744ac6b3206b1a91f44c9b419fa9f6844c2effa7f899bde8
SHA512 76cfa7744428c9b2d39819ea4731708fd85be9edf9021ae747958bb75e9a4afc5b14cc9fb0a5adc46c51c14fe8fc908198e9ce547051eb4745dd7335fdec73b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 f2ee156cf3b97e550c28e97da4f09cfe
SHA1 17e7c1f1444aef328ee139bcb06b6efdae5ad96d
SHA256 a7f4ca2e01fcb2d66c7aef5a2196a0bf2a6cee1a40c5884b85b966d45e7f49a0
SHA512 800f9ff16817c0fb062983dec16191f55af2a635b3d5e1f7738348cb9bf5e4b0e4ff26de98bd60481a0bebadc5d823b0ecb999b71faea4a11fc547cba973be7e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E974GTUP\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 b3311facfca2742792565b96f86c717d
SHA1 e5f198d2dcaf95db0c021283cf327a361870fd15
SHA256 4b48f33c8b77a42d3ce5132caf5ce369fe2a4eae6e525b1e04161c58e085e40e
SHA512 23af9187c90044df54f5f530488f304a950be46327230a997603b10a0c7368498891cd25036eb5b98b4dcd06598d1a2703c497cced3d4daed0a28545fa8eaa30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 3c3f7e6648030176216086890d097b2a
SHA1 1be8e482b6f6524a5d2e5431e0ebe2808f3f83f0
SHA256 a7247a2c6140c18b3aa177fe2f59fe9f5795b5abf82ecea1617285f4e4d42f78
SHA512 4994c6d2aaef0378fdf402a3665276a22aaaebe2d6bd036212d4d2b9ad4a123832f772bdaa2e2ef57811f020c1facf1ed88a3aad593ecfacc050f3456d11ac7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 f314cac0042b3dad14b76f260036c14b
SHA1 b35ff3befb9ee864cbb911b76dc245ca6d17b8bf
SHA256 5251903fd6f461072cedf4dd0cdf15b36d18365b70d5640362e53c79d2896458
SHA512 08ba8834c24c48fe9ef6142efcc33f953ea55f1f54b7b698a670ae383131f5695f37d7a3b5000b7e09fe3229a81e8d9b5b69d8982c6d865980427f2b7eacdd1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0403fc4791bdf5d18c91b21c75f06e27
SHA1 9bf1989ba72441a1e4fc7bc9aefec402fda7de7a
SHA256 d9dd09c1438e3b1ab6860eb19953727e0786f163a451debd66ad57040942225c
SHA512 22fe487a111982521c02babd5664c44bc0b874377c8ec21906d1ab2372a796f7d08769b64ccf3092c038ce3b4ff4944aab53ce5c062a2c68a3dc57e560ca6853

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03efe6ddd3d46736744f99132febd661
SHA1 c9969e79ddb9dfccaf592d7c7976ab6d7910fd35
SHA256 e68f3feb56e7184162cba91320e29d4f56043e43c5cad74d3935736fdbefd40a
SHA512 40b91f405f0262d16691ff5f10ac7ba14f4d6a30ba9c5693fe6c4e16634fa3134a1c9f7c712cb853dde25092caa1523989e6abe9b5610a82cc64914b33ca7d26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2542b745fc1da7797db35af8991fd6a
SHA1 6d9e0d1fa50486d773be44042a283b108aecec59
SHA256 9faf8022bf87dd3090044ff5fbe18574351feb18662f8ef837693bf0c778c568
SHA512 b90b3ea49443ad492fd29437559cc5e78534ae6071224610d6361be6d97fd877d6969602dbb5f344b2c140cbcd1261e406b1a7f0837e1c72b31e3425c379ef2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 278027700ecd0fd0cebe3d4997b2bbec
SHA1 d42f1a0c0d3ac1fa25482f31197ec582c6982480
SHA256 430b1d3f0b7f9298f233ada7b03943a89e1baf43c1a9d42f2dac195ee26e563f
SHA512 4431a4d1629f0a8e54180238c74a6ac7cbcaabfe015b4133ddf904d99e7e7cfece2afc05ae0b0f5096dee5faaead8c396cb023a61db7b3e95b4edd6c68cae629

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7b44b98b79ff9cf4a7c4129d2038809c
SHA1 28f09699bd1c6545bae566d7fcddc08c650352eb
SHA256 70ec79e37f4df1c0ef0a53822c356cbb2cf720925b37f9450d77066d3852d6a7
SHA512 7648eace3849bdc9e3ddccc011cd3c2b7f5897307b8836076525d086dc5090b01b90d2d5719f355b1471a42a425751cd1c91b0b6bc8bb86c24a388d4e42479e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4b3b6b5ee5fd6a9f0d818dafc591f891
SHA1 12fa1fce67490adab4cef8a5be565843160dc81e
SHA256 fa1afbd18016cb2acefbbbc19ca8b2230b5cc122e3386f92968fc14ff8b186fe
SHA512 0a28e0c443bbb0d7a2393ada313e4008dc26502fa39f03df4e5cae4e606d8252cd56dcb79f03fadb6fe22e02f4585c5117ff6eb73a1aaacdd36ef301c2e0bd60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 387cd1f20ee8ff10509fe9a8e51cc5b7
SHA1 ba0d9cbc7f2c4f37a29a090de912b78123b05591
SHA256 1be213e77402ef4265a10b1249b4599722695c0709cd66b22b7b99250fe9e22b
SHA512 58945f5de67691791877baac91ac9b0b61ca7ffeae6a8b1a376e00e88e06a35840b6e3900152a3f292b9b9c0a83742cfcf9200c353f8c0a3ae7f652e0976e278

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ea465332964444aa7375f6661b786df9
SHA1 1853cc5fe34b4efe3ba0ca31f31c71ab149d5c61
SHA256 e1e0360e7ccc6f67eccc9ccacc073fa23d111d2898bf2897016b5476b3cbb9ad
SHA512 cc71bf3a73c9b22ef03a0758063bafcce7e1d0f3a20bd6d13cc22aab93cef0139591edb12f704c39123de2acfa929d88b72e336480f16824b55bf9f256d146d7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 42f107fedc6ee2bc16ab2f9f0d3893de
SHA1 0209e80aa458dbf2fcb8e7d879df396751e0f701
SHA256 4b588d49045cbd5c057ccb8d354f5f738e7ed46638d5568454b77ac79212583c
SHA512 c22d5771779e8abfbfc05a887a9b4d8a144824c96f3adbe427fd4ac87ac6673c7c5220eb3dd24b86426f2cfea11203bd59f55abd4f4e0d9a072f762f546a764a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7eabe8b02bef7d175f9e8c9c9501579c
SHA1 2b823bfb1ffce6b3cc69b1e20f8d1f42392574d5
SHA256 2b51150caebb1622258e8a8fa4608f0cc9341a18e0aaca37dd6ee4235c379f49
SHA512 bc788519e58228ed396c16980df0e37fd9e4991ee90f116ae2851b23468c22348b925d95e8f93ace7bdd32f463658a2cd557af5d9e6dbec21097c1bce1eb297b