Malware Analysis Report

2024-11-16 15:57

Sample ID 240214-fffxxahd8t
Target 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b
SHA256 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b

Threat Level: Known bad

The file 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-14 04:48

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-14 04:48

Reported

2024-02-14 04:53

Platform

win7-20231215-en

Max time kernel

51s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55CD31B1-CAF4-11EE-8024-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000069ba33f165bcf1f29c3827e11af898abb77d5542dcc0d4e8dad7df2ec8f8e212000000000e80000000020000200000002c49393f0d6c0b7e175419a13166dc3331f69737372bbf340061b4f3629260b920000000183b61c11a04fdbbada876e5589a9975765b1e6bd7753a960d93aa9abfdbeeba40000000e5c0672401259542421bc8a0b667120ff05b2ff291ef9e50c5ae910563dde8364f58404c2fe0121f82651a54feda30ff66b284da087263634f2980e3c610c31a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55C86EF1-CAF4-11EE-8024-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55C3AC31-CAF4-11EE-8024-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2640 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2680 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1800 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1800 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1800 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1800 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2296 wrote to memory of 1200 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2296 wrote to memory of 1200 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2296 wrote to memory of 1200 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2296 wrote to memory of 1200 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1040 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1020 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1020 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1020 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1040 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1040 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1040 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1860 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1860 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1860 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1392 wrote to memory of 848 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef63d9758,0x7fef63d9768,0x7fef63d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef63d9758,0x7fef63d9768,0x7fef63d9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef63d9758,0x7fef63d9768,0x7fef63d9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.0.25216206\453900786" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f024a7e6-0d26-4864-8171-a095582dfa69} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 1292 104d5858 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1224,i,8004668753753419292,14947289983427734028,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1224,i,8004668753753419292,14947289983427734028,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.1.1641531440\1153647222" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b035b4e1-748d-42ee-a3ef-7e81ffde4b5d} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 1536 e9ef358 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1328,i,15303390633163635057,8833353570222220242,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.2.426960523\1553209096" -childID 1 -isForBrowser -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdc5d7e0-0766-470e-bf92-7d1e43067152} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 2444 1045e358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1328,i,15303390633163635057,8833353570222220242,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2480 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2728 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.3.479106626\961579428" -childID 2 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db7a0cf7-557c-4d19-aa92-18d8e3f35ce0} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 2924 1c649358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.4.1294290053\526169888" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3700 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e343f35-8c68-4a87-91ad-5da8aa209d6f} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 3772 1f7a0e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.5.1545350940\1533865098" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fb60035-ad87-4e5c-93ae-103e1815bd3b} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 3864 1f7c1758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.6.231461564\1984286213" -childID 5 -isForBrowser -prefsHandle 3784 -prefMapHandle 3856 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f403626a-45fc-44ca-ba57-6bf0c1725ac4} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 3968 1fdece58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3364 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3484 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.7.272288053\147290537" -childID 6 -isForBrowser -prefsHandle 4328 -prefMapHandle 4332 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43643f2-9d9d-4d5d-b3d2-600b33f25fd2} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 4336 2236f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.8.376037955\76399194" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4344 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2d1d36-dc4f-43f5-8ec7-618aecdd134c} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 4480 2109ba58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.9.188813576\1207672112" -childID 8 -isForBrowser -prefsHandle 4656 -prefMapHandle 4648 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee79ba69-8ce0-4f3a-be91-76ba5090a62d} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 4636 211d2258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2732 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4396 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.10.1213474960\1129121081" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1772 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9b9e682-4e0c-410b-ac6a-b567c6695857} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 2316 195a3858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.11.1262769845\1784214590" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d41dcc2a-7af2-4fc5-b3ef-49fce7e100ec} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 2324 1e63a258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1116.12.2090646659\31976713" -childID 9 -isForBrowser -prefsHandle 5072 -prefMapHandle 3528 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3075e925-95e5-482e-8da4-38144feed879} 1116 "\\.\pipe\gecko-crash-server-pipe.1116" 5056 1fde9258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1476,i,17304558574183092515,12716694812943154524,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 accounts.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
N/A 127.0.0.1:50176 tcp
N/A 127.0.0.1:50216 tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-5hne6nzy.googlevideo.com udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
GB 142.250.179.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c36.gcp.gvt2.com udp
SG 35.213.145.237:443 e2c36.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c39.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 142.250.192.35:443 beacons2.gvt2.com tcp
IN 142.250.192.35:443 beacons2.gvt2.com tcp
IN 142.250.192.35:443 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
IN 142.250.192.35:443 beacons2.gvt2.com tcp
IN 142.250.192.35:443 beacons2.gvt2.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp

Files

memory/1040-0-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55C86EF1-CAF4-11EE-8024-6E556AB52A45}.dat

MD5 be2459767928a077de108387cb384297
SHA1 7fc4f21b5017595b61ad4f50d6779d2e71f54bc1
SHA256 34010007c548c10b61f7dc0b3bf2f00bd021bcc99a22d2de3340064c58681284
SHA512 1978d3477a07ee857c3e8bcef05d2468ff99a50f9db5c79ae7b77c6e6853d0dab7722ad5f9ba70bb2dc45a9b47dbf2509087f1e5ae6618c2eb08686651ae8219

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55C89601-CAF4-11EE-8024-6E556AB52A45}.dat

MD5 862ad9d8b3314b002eeac934b29021c1
SHA1 cf6195c421f61eb49d05ca4fa9a22422fb022614
SHA256 40a5231fc58ca6eb63e81ef0531e87b0de740b5b37151c5b3acb9694dc3a2fc1
SHA512 baf86a7a8b894caf5ac550f8a43beeed4f2c39f955a019a10ce9b3c321118060771649c4974bcec95b88faeaf24326606b410d7ba273f1f05b3be569e16b3bab

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55C3AC31-CAF4-11EE-8024-6E556AB52A45}.dat

MD5 7566992cd5de38ad5b5124e9e0d4bf6c
SHA1 f753090e7200f90f26b4766e1eb8e83e8d2d4eec
SHA256 f23185f6f85c6c0745f7716b90562d248e42037b3495aa751906ab9ce36a7326
SHA512 33002ed93ff2ebccb99b68efdb59307e8c6060877cf66e3d3faeca6f093b9e5db79f5155b67caa272d4a6272a09dc125b6d5f94e9786eb0ffd5737214abf9b62

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55CD31B1-CAF4-11EE-8024-6E556AB52A45}.dat

MD5 d76279075c9662bd42c9472789e0705c
SHA1 7915d49916898731d5197599af8f10b3d3ada884
SHA256 0b36dbe2cfa382c14df2e83e5bae010d1b894bb0b2646820926dbb25a92e05b0
SHA512 0d76d75cf59c6327115f45ca89215ffe65fcc1be18e47292ed2325e91c131f1a9045093deb718de9766cdbbdf593e004040731693b03d1ce498218efdaec9560

C:\Users\Admin\AppData\Local\Temp\Cab42AD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9711b9d5f7ac9a878ee7349c8549c42
SHA1 c93c817f939b8895a2a4df86ca0186a07743b96c
SHA256 5bed32662276f3db48910f3f1ce6d6201c5b087a7131b5538125ce6ab3428ad5
SHA512 2aa40c6fc0f2de6060834cca588f1bc5445f61270f09576f0743b6995b3f91f9bd80ce73b52485f59872b0d6ad34d8317d919fa77da90939e6af5971b20822e2

C:\Users\Admin\AppData\Local\Temp\Tar4377.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5920ea3dfca9ea7b791245685e59cadd
SHA1 bdb416b5e2675e47a453d5e93ba3050d63462b36
SHA256 dd7da20a682f13a37ade5ab4fb32086949c7940e69cd00efd7fc4124d55c7319
SHA512 8f27cb78d683010bc262b55815efe2fb27496d25307121b13503f680454cee2c5e401171d17494530c29511d66900a20916f4f5302e2f887930bb67319bd256d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 72a34de3c8329e0b3cbc5138ad6aa0d3
SHA1 1a20e0542c8db57f2cdffa2d53f10ce75b95ec2a
SHA256 495bf1ad49168d60f13385c613e914e0f398c84800439693aed7d266fb574465
SHA512 480e2266450e2e576151b803807de78d4e0905bede66961a163c57254645579f674d87e16c4622a07b53019f418f25994ebba6d45460641038c8dab990b3ba76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c1a59f68ef6dc1139a32e75cd313fe61
SHA1 3f8d30802363cd7ab50fc9b4ad23a27729ccc58f
SHA256 256bf2427151f51956ef06cbbd23e94ac15b4c759114c13da6a41e70bf298998
SHA512 a22fdf861849621dc9ee33e83c60cf9e32b4e1d44c60de4ed0b0badbfc1f209d9e1df01e0c200f9fac93e1bddba94cbf5f394b5699b5050e3fcbd2cfbac1872f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb7c9787e6e226aec2f5531cb4a7c282
SHA1 2b677ee6a997e7142ca7d08f74933d2c1f67dd9b
SHA256 78062b51b348bf4109422847435b2c124ccd796705c7dd013551e33caea32bc4
SHA512 a6995b197cdb5cf44685fa0976fd8dfc10e8ac5299eb692379052e3e7ba07da7f221c23fbd1d0175579732f4bd052bf74c63aaf3905ed7db8347928bc4865c5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2134c7c8213033ec632bad0eee7e08c8
SHA1 91c510a14345c4bef02498c711136ffb2a89eb63
SHA256 8d6ad21bf4e266c02091e0f3b49ba1c39a84fa7264b191c2d37965d32e406167
SHA512 a4328fe1d9c52cb5ca08c6decc5ac59ad91e2e07ffd8ac8507f1b9bf426db02626a02e803cd5ec8f3d10d92fb4683c6fa24060f0c6b1e31da85628cb2c1f5855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9850547fdab996e42fa5ca93b70a2e41
SHA1 4a4479a57d82c9dbcd709e3b714550c3cef1a59d
SHA256 19365a046e1bac475523c35bde15d69241b20bae105e2d2d10f63e13c196274a
SHA512 2533973841bbefa8532f7f6474e7d4ba87f5336cb865af063ab0fd23c333f1e30f1446deea06439a4ff6f0712e8346683ed55015cd5f1f287f78491a0adf4e4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c5f4e6b20a0f606028fced21dc1ebff9
SHA1 29f1eb5f2db244812b62f218925cca51c8c61812
SHA256 a0092ed9bf7f49382113ea5951e600a6d05c9da6fda7e289c423ed5eacfe8c62
SHA512 e3150faa68aca85300faaa9cf3ebae6a10f51a5562fe77579eb8dad87105a9b1464849bf0ceadb984d765d5863b1f84d343f68c07d27630f722cef2afda103a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ef0e5802d9ed4035a053a9a497e31e63
SHA1 8f5d645a981fe2b3ae6b4c31ccc33bd75ad35925
SHA256 4a9fbfbb63981101145713149a544502b2f7ff92ed927305db6dcbb77576f77e
SHA512 3101655693a1a72daa5fdc9847154fdc0a1b87ef4272e66a5b183f29da2d2726785d86952126841bf4842124c01f238d9ab785b63c27eeed673c9badd5948140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 0bf858747d6214c3e55708ea57abc825
SHA1 a223cc1625ed8357312ddbe37fbfa531e829f8ac
SHA256 6b924eeb63a5dce555eacd1d2e086d8cc7f3651a2f2b550da0b76c65624dc48b
SHA512 ef72a7f8c6ff8dbeaed5c6225ff84f06d69dbeed1d98251b3aea1d18f48f05c2dc2a8757641ebdf4f0c0f827edcabea357a7ce66e13c4768d45cc6d6b3776c29

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 6bba1684390b13055b5574645e2cdacc
SHA1 ed2cf92971c3b775ad1f48fa9fa0bfb39c4b600c
SHA256 75ab0f1af6adba594ebfaa5c3e6cd81e5ed703c7e5091f113c8a809182ec5416
SHA512 fbb1f7c389f47e0d627b9b9f6a910a9c8f6e3de0c92f5c831810a2d6576dc1bdee586acd8489943e9e296986dc2500976b503f7cf54cf26d57105cbe8788a1df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 28f091adf4208800641edd4563b83426
SHA1 08812ac56d27fab0776bd7a7c1de37dffad850d1
SHA256 3edb78e25622c6ec2163e72a65e404eb40b4f14af2eb53c6c9ae59b4dc7bf567
SHA512 87ffdad15d5062b2b5d94c54224a14d1d6f0d65e6a43dfbbeb370afac6710c9a4e870f99b98162a9732d2c8075ee9592d31a5da303522422f0e52513773191a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 5eaedb0cb57f0952d2d7d37437ca178c
SHA1 866f1d0ebf2aa1b043c53ec519cbe8cb5dfe9480
SHA256 50e85066eee4d944844f309d52ded225bfa62afe9fb82e29a006914dbc2f251b
SHA512 8dcc83dc6c8baf22b55087bc4b0e0f9b77eeca95c0e81d6c7174b1762e6308986e9a23c4955376a215a808ac1a83545e759eb44fb38fc17fd013b4de1b8c371f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F611BVMY\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\21VQTWV0.txt

MD5 dbb6f27c275911ec81aff933ba5a4f97
SHA1 63cfb3b7ccd3b9bf928d2a2bdd5ae503650dae9c
SHA256 3596a5b3e3b325638fefcac562893fc82ac14eb915e7838495b95240de7aa3af
SHA512 a59016eb1950a8529325cd1e483997000d25678b2aac23deec0497da7e801f911d2a31604ba6c9436e5e32897ca3a259f5c69496947a8259bf822cc62a993181

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 fd15e23b5d844887f78e63b0346e6b74
SHA1 cfee33d0880d23ec6def957ae03f120fce14facb
SHA256 3cbae99554d0ad349091538c982af81e43d121b6b958fa3d4518c4a95fe2df48
SHA512 c70a4e3011fb63aecaeb374af0b663939c0f0605ce37a750bdfa8ea563cac8e820823b27f426a15910f2b091b824f73cec91a8cfce70482bfe9f925ca12fef2f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 8ce8448262c85128b1b09117a3ae0984
SHA1 b09279311edb7e8b0b16d7044020f9e5a8a2363a
SHA256 c4bc483035136af89e6718804d4fff0143fe422b02d75f05730c0ea64a581daa
SHA512 f83254b56ec32df80d4d6b9dbddeed9c712d32c340ee52af0e2c7a2d793228208c21c9e92d341ad435895118708d80b168af26ad32d735b2e61dfbd8a61243bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 624751c4ef6ca1b00c777e4d49cbfcef
SHA1 3ff8b1ab1e9e98eebe0820e690017e247ce53006
SHA256 6f88ff0df0aa535743e6738b640b670578a5583cf55c7f5494baccd3d54f8cdb
SHA512 6418f2f33d9a7ad18f8ea32b44a417fd39b73c34ef2011727954b48aca72c06c6c00bebda5bb4ddd6e2ac7290dc4603259b9fe60e37953dc48cb4b26c627be07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe2755306b122ddfa1e4302d90662b6
SHA1 f76887778918bccac6676380592f4fe4b0cab748
SHA256 484aebd164d17fa439ca2eea08c695e517a5681a1951a70afd519bada7ac4660
SHA512 60cbdda5424fdcd387cdde974cdd6a526579a6f9fd45964082ca493dd315bf80de33e2f448cea38242d04b59dd776b1428664cb15fe268265ae7b8c52ac4b337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1b17e3b8890dba95824b9d8cdab57b9
SHA1 a9b9fca18a05821bd024daa44455eacdbf918b89
SHA256 81d83241cf8aa48bb4a8446840b4a97cc7317d24083e870efe223e5d719ecc40
SHA512 35b1f83a05f237ac904456eec5724b45df1ae206e83158e97454e5ff3417def1cae5260fbf72828d7ea01fa9eb2be79ab039a35ee9ff86e4677d8e0dbb219854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8506b62b56e059b52b38a18943c5f4a
SHA1 802f6acaef2a04033e160b0d7ffc690213a5329c
SHA256 451b0a904e4e77edbecde031f5a3a4efae743dca281050f6d11166cc9d1ef768
SHA512 1e5224db2872fc4f37882f8c43a19248a8ada671dc61f8f9c1dbf14ae216d1c8639b2da2f25b8e98ff94a68a083b22a11348fdf98359c07318e3d4767035b556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f9fb5a61c4274c217ce7a465adc8a75
SHA1 c2e53f4154d050995be873b544116e57fe4338fd
SHA256 b48b8c55d223e3297c20c1e7c482800aab3c3e09cec1449d22cb495b40cdd7ac
SHA512 08c1b6d424225906f6c6a27a57f8c33ceb799e30eff7c2417c721bb0d4e37838bd08ffea336608387a03d65ae42812108bbf3732d1c0c1ab3706417476730a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb06fc13e50d7289d363c8e96ae9623
SHA1 f3eab3d2e2a9a2adeccffd582b3e26f105c65df7
SHA256 6695acdda2eae87c38be8be9fe3429824a3b97ebe3f9097bb4bd48d23935664a
SHA512 1e0c5e539fac2544d8c2c680a17ab9735c121cf4ba58614c550c010e73df92bf48cba98e50910f66798faa9d68a48d47efd0907517e094cb3c61404d3571262a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22da9211cccaec040c84e09cffe647c0
SHA1 84499d0a57dc37c5caba5228bf860dd75af447f5
SHA256 b070c08b6a0f09ba1a1ab5702212354491db536dc6eabc8aa9a30ba5bd934935
SHA512 e8408c8e9096eb2ea7de9fa9876b0fb8557dbb8ba8c82b39e8cd7b84f3885c9e0210f05bf7a9669f0fde5652fee4d90dd9d34dd9375e1f24b1d0cf595e6ede9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29614cc91fbd00fb570f73d9ebd7e3db
SHA1 8bc7394505ffb9323932724a0eb8bf102fae25f5
SHA256 abc347bbf216a0033305e7426fca5104638ba466e4aae5faa78c29ea9b9f3c4b
SHA512 b4999284eacecd486bd9eb1332bce9704f331b7406c8789d04f0e10dbb13feab2d2f366c8d8107e1cf12c3ad92bcab176486d49ea4d814c0a52c1d7cf1f31608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45727c9a3b6657430073be669c2765e5
SHA1 5c33a6b2b61556fd3e872879f71dac8d04ad8454
SHA256 67115c8c5e3df7ad417dfdfaad4e57d2092be78acedeec3828dd388f07029157
SHA512 11e34711db0eb9bf068eb69ed7c3870b4378bfcc3f9e69453d15a8a0ec1cb0157d10c5098c96501ffaa1d601b57b904f227080cab519847c7b5e7c9f26e2f8cb

memory/1040-864-0x0000000000770000-0x0000000000771000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c6969b129900fb90d31dab364862d870
SHA1 456ceafc86e70382b2070382ef2e42263cbbd927
SHA256 0871a5dcfaa91de843fe3ba6daa4b926de5f84d9072219846df043221439d2d8
SHA512 8ebf456bf06ccf59ea3cb6e508429a7b34e522009a04876288c83985a0046c738fa23786ff6e506d7a8b82ed8a4b61cd741ffd635f793cf4761d789aef57359f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1860_UVYHRUASYQMLSQWO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3f8e262a-007d-4f62-83be-413eaa2a824b.tmp

MD5 2d76b2207147d5426d31fe2ac85dc790
SHA1 acb9e01e7b7b2d49db620eca114ad5792576e178
SHA256 c1cf013bee1157c48e269499bb08da312ba6552dba6c0472b5e7c5f1b2effb13
SHA512 09c019703a64b25754497778bd1365a45e7ed9603c1001753fb1c47052570cfd4f0fac32dcd134c1b6d9aecaf7c5180af176ce004924fcdcf675cb785e944dc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8015d151-63a5-449a-97a1-0c5f6d19a4d8.tmp

MD5 519b6f93835b98dbf33f7642e00f5dbd
SHA1 be85af9a94126292fe26f1d91f088c1b2c7ae002
SHA256 2d668c500c8dd1421e05e583ca39e7b54ad6f74bae6d1c020323d2c33cd5aeba
SHA512 2bffa0f9983cdc42281a0f6c57e1ba75cfafe32c41b99658fbf55f03d92d8ab1796e7f125fa5b5a52006e8d7a18162a4ed1b7a54dae52e509276914830339d21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\aaa8dd29-0059-4cec-9e82-b28524638f2c

MD5 a5169f8fc439b5a84522e7d5834a7cd4
SHA1 2724f8e1fa77a413dc68287b7885df6ab1554d7d
SHA256 c994ef2e0e625317f3e7034e91b3bea6fe53eaebe9bb0ef3fe06a39cf4e07578
SHA512 e2b54c72b0312590d14afe2276b564b189cc5f1d57e1ea4c8df99e5601539f1c0dac307708373478391a7d26496d06a5ba91405f6c8176e7f2a5cda2282ce0e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\9e2d6711-6726-4b7d-bedd-e874a21048d1

MD5 6d105d5ca528a71fd39406c00be67ea4
SHA1 bd2d8d5a8d12bbe3bb24f27e0579126b136f68ad
SHA256 ef639321638bec5c0fda6140837ab3b89de28425cc085ab10ea872223cac076a
SHA512 52d3b7a90f9c8a7fa5760ab9d816742c5369d2590eb756f0a486e076791239835a7a5565a43bcbe530f44a1ece131afb667e8d0ca419053eb101910b5eb0b3ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

MD5 25dbd592a71ded0394541fcb47b8e10d
SHA1 ff5e2e69abd6332ceefb6ca99c857d057d1780ed
SHA256 9452d115387f4da91f4939b6ede8273732a24a6547bf20972d22ca640e3252a8
SHA512 322fdc7d28740d932e705ded8c4f9fcec439467af5254a5c52f1ee05d3189b8fab86464537177efe013a291bd1f0b17ce6d7f77cc5b03d171212cd0e20b136e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 be1aadf6c82748bad5d680c324e56135
SHA1 0f1189804221d7a26cfab86d023fe7d75ff78e3b
SHA256 250457a4be807a6d8536e57f4a05449a6219bfef351cd07ab85250097090e884
SHA512 27b10aa37046a7220476a36585a37276d6451c94b8e73a98f2cbd75b1c3c3a2fbc1f5a70a414c60e9f2a19f255e7eb82cb23c7a056f5ff869399024b99418977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 9b74770c85b0ac59c8853e071a1d131d
SHA1 c987cdcadbebf74c34978fb913b8d5afae8f4a78
SHA256 cca8de5589016e7b9b4a8a26bb15f02883c487f40bdfcd6478c4c5a4eefa0d1a
SHA512 6ea61593b5df82ef0bc5173b88e677ea07d45b29056f5e16213e5c830d4702fb70bc1b2d9832dee1036926e2b3e7d59297ef9819e19d6d77ffc74c6cb4556a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 bee3e4a9f37e2f10c3524f9c390b92e1
SHA1 748df51ec8dcb496ac080e5dd0b8a40864fd4c4e
SHA256 1907a0e6d2bc45aafc7fcd0cdc989313f0ae9f0d7e0695e9a9918c991bd38654
SHA512 8f16854b5c49b3b430be90c673d17c3671612dd89de1904212a89b64cd2684c934fd032350e7bc3ecd892c06c5781e5b340322926cec7043aacf1315edfda59a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 45191f6c05d47148e4266d7b90c014d3
SHA1 0a84709f4b06ac1beb8513fe62e4966ae0d764b7
SHA256 0a340e44fafb55868a809d5785809ab05d5b55ac447d869da8814eb410f55170
SHA512 6d6832cdb5415af5594e9108b211030d36e71ce3d2b3cf5307c8077e30a0b803d4293a1a9d8e3944d76c3d9d35576868aaf058a6bf3534de8c91d3e06c65d02d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 ce16b0de00162acd2b6da9b4dacb7978
SHA1 36a8577b6e6677ce42113a5a7dcbe9a6c3709577
SHA256 08d434f565d5d4dbde96283b5e90f9507096bab0a559ac1bebf509900f21dae5
SHA512 f86352548b68afde2c4a1d4fb848ad7e11ebc17e76d5c95fba76442872e27d57e23169ec342c9b4ae176c57deba4b5115697b82afe6d96e2ed778bfa487d05d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8509351dbee7814112e853bb6aeb4d8e
SHA1 f237b9fc73dc9e05a25e0974f87cafcfdd4f53ab
SHA256 7a27dbfe88960d8f5a9a35ff8ba764a48daced3bfd6d27df978ccbc278106b19
SHA512 26bfec6b2d1bc747294cc58ad163091a4b4c6846424e9e4603fa1537c5b96181f64bddd3499749f147175eb520813de265ce2cb5438f3a94f9db4dad5b1221cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 47f1232e8afd8786299e353d6865aa66
SHA1 59f155a85398c1b0582a13330979d95b834c49ec
SHA256 785c0421361163f6c4629a90b2ed90a48ab5135312cd801149e0d33082f23366
SHA512 96a39d96510563a1abaa22390fafdd2b9090d3647988f07b11b4f121c9a7353e32ca43b89194baededf7b72bfae6d57a2e46bfb813300ffdc80cb115f6ded4af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_AEABA588E6477F0E580262E53F2FE416

MD5 3fd2b40a253f7ce5a3d2024e06dc2e2c
SHA1 43f4420bfe07af4e015d7344cbfb3c95a91f1647
SHA256 4b55187f34a0b4d206bbfce27a2903a076988530661e336d17e7b830535358f1
SHA512 be0d81608d8d9683f28b8680336a03ac1c87038c9b3aaa5752ab606023de2403b413049a54a17d68da4a250ae823998cae0fd5d44bf75035384eab9817f491cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_AEABA588E6477F0E580262E53F2FE416

MD5 93baf633594f8747683a174f6879e587
SHA1 bdda12239a113e9c6c389ed4976569abcd3f1d8c
SHA256 83b98232ffb6f4b6aefd0faa246030dc976eb4311e1156e81053bebc92c70d13
SHA512 f5a1eb09c7cd5a630b024c3f661d54cbd2cf8996ab0ca2504efba15304684c7d530afc185a1b267ecf2bddd141d5f65778291673c66a95205f5778b2424851ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 681035f6565510c97d77e12c2c04b741
SHA1 f34773672793e662265a36614f86e368fc258bb7
SHA256 cd3bc1fcadd72f4d1ed387aeaa9647f8c25f0c3e4dbb816ca046026132db859d
SHA512 ac7e13daf91add8f0ad9bffc7bc618fb4e2bf69be847916795ba91a88b738969868124455437a6d0abb4f00c6ca6937c3d67bd4054eab879b748c63eb70d5007

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 aefdaa48087f14b418a5b4e3c77b3607
SHA1 8f73490934b0b90fe1522808185b6ec4ac224cd2
SHA256 be5f3f9cd5a6a1da83b54c309df4dc727690fe089dc3a2571547a6fad9daad1f
SHA512 0854fca75bbd179167ef9e65e63c61b0875cd00807b7d243d434df46ec4b0b6a1cca20869769ed163c45a7ee7127d111fefb7e2d2799129b5ba675bbe0880f0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 37ad64e71a5827e41c5939ee370052e2
SHA1 6733fd55e4d5ceb166eae793304467486c31e783
SHA256 1f1d553711dc3cc01a63ca2b36bc1c99055d788125155fbaf3bcc6716a2688bb
SHA512 dfe3aef54265963bbe11878d67cdac53a47d3fe858e3d5e9b20970bbdb0f8de31f6736bbccd2528c9d5236208b58eca44debae294d2f4234e729e2efedf907c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c7a5ec7a2cdd4ef1da3a3e98f34e2be0
SHA1 498e95db9a48b372970073cda1de3ee907788cb0
SHA256 36c5ab0af83348881355dac2fcd760f24524187c82bd030dc6065c9cb6ce3968
SHA512 a1ca2f0f0ce580c38b7558ea38c1b240f835ad01fbaaf09df1a171ba2f33a58f4bac3fb8686cf90735ddba851815c80957405ebb0278bddd8fe99d3aee7995ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 18e096822f89de3aea228c36afe172c1
SHA1 25c6139615d999cbff1b03a1b791c20390d1cf12
SHA256 4fb5e53e6c817d23d154257111b099f44e5d92350b75c73196e64f109d2113b5
SHA512 cfbf09b04b9751e689bdfeb11e3a3f5622e3c6c7988c310d791619e1dcbfcbb621269017094c42b0c2470bb8c60dae1a88fd7d0c42db26c8d1c6ccd2c4993efd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7713de.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 4d96241c5540847eba2ef36a3b91d684
SHA1 49f643c9f9d3d3ff7e3da5fa94d17e27506ca607
SHA256 6fd3da13e55c04cf42947f26b3c12e9a699cece63eefac62dee1e9257d19cec1
SHA512 1ae2df1125edfc6328c74a1e17bb3b6cd7f1bfcf81b9f0db1191a15239fbb5e068da800089213130374756fce217496636eb07e5a8c56765d05f3c3c87ea02d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab1b3935ecb4538607e44718462c4cda
SHA1 4008efd33d7711af63aa3537e5cd8fed7b838790
SHA256 ea7dedba6f68719e04b24fbc6943533b3efb0fac81a134007a6b245c1b987d41
SHA512 ae780a1e6d6ff073cbc45ae980fbf391a23064ab5a6380072d0d6c8d498dca964629bcf19d5ea5001aa8f01eb84dec05f1861f4e293060677116ba1f59f0e4ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0b0d5e3776548d6141ea3e634338cb1d
SHA1 0902a84ecf09d202d864129e9036504e0a0821b4
SHA256 c65b88b70ae27c4ec8fcb986ae40d0cae266117e28afa90a01d20a95d4e4d903
SHA512 a0893701446f2098d3685ed26f08cf6a1f9a5adee6cf90fd775bf82bba4de698ce9923cb0c2b8c0607eeedc1894b4c3596f8e00f6ac09ffa970f311f9481e5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 0167e0583efb8d65df54d9dafdcadb04
SHA1 8f6112469f7ee2d6a96fbd5f1ac888e319cfd4c2
SHA256 277be26f644e96497d67532fd6c6e089c770dcf32559b56dd99a29751827658e
SHA512 61ee734a501167cfc969ffd4e05911d83384886da844925566bcb9df92fc84f28ceef7cba0ccc2d1c0e075f5d6b8e25f2542cfdafc0fc0cb86cad6981749ccb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9a3300175969f494c0b5beb350d6f23
SHA1 5c91257ea82de3caa1394d04002f74e4d190c2dd
SHA256 456339f7351f6cd7868836fa5090565777fe927de422bd308bbb1d00e5b11fb7
SHA512 e706255e6846460a5ff18ff4e13f7fff512f652af8d8d9525f342d6649b3327db8d4898741cac78e82e6cc82f6870955f9276cf2a7bed77fb6f0545571a4e1e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4d0cff4a3e70056124cfb3424cbb72c4
SHA1 be71462eeb4f3047326bb08787d3b8d97e5de9f4
SHA256 15b2885e1c3250281add6a0e897f1e40bdc61583c02cb853916892297454a022
SHA512 010c19b75cb147b79e648820a6869e85fa15fee1cef655ff5397d3443f31fbc42e52878d427cf227a745d2f353c32de9211a932fcd4d69e2e4e85a56637a037f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\9\{2f47dd36-b49f-4ef4-9005-20fe6e9ee809}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b33a8fd24c5889fb485871cba4b48816
SHA1 861758855942699f4fc713e2901565b6579f23f1
SHA256 dc52299a36f868f2a4493f14a5894feec398efee96f3a514f434a3c12dcb5d57
SHA512 863b472974ae64c299400a8ea9014f15d01cb58fe93904c1318879b0f6603d2883019d20aee0aa1041c8786d50f130aeaccbb811cdb2b1214ce3020dc398c359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 09327ef625b6887168b553664ff0d132
SHA1 bada737040958091b42f12414ecbe2aed55e8456
SHA256 0a4dd41b86fdd99a17c2a531e80ecd0b1d59bb527d3906df1b368c53577a7ecf
SHA512 e1a1e71f8f65f19fc6dbd8f633345b0db76c391d9fb5d4a26d20fcaae7e5a554fd7e75f074771ef104d946b9aa17052a7a65df18266480f42670931b41b90996

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 343be688d8b110e35b1198c349e50e23
SHA1 2425e9ba7fe856456132fac3657139ef015a5c16
SHA256 02a4f7250b44d7d3947f32c19ac91861e81625e67e5700bfbbe4dce39182d8d9
SHA512 89d6b205550d037e36319f5dd91aa3ac925d45191c81b691f0667d9bd73479643f249f311935767f62a78f522ca46d9b7dfc195141801c2d2f8df3337a359496

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0778e7e05a62ed4a635a2f5b376fdadd
SHA1 1bcefeb4a85a0e72fbd3b5df4ab3614074555a72
SHA256 96131b89d53e2380a36b61b5b131ed56909194b037b57fabf6837d6320a93b41
SHA512 372e6ffa8cc8216cfb6cd619fd56037067e337623ac47d6c4762a802cc77499664d99c28a12de30022651b581cf41d7a741e252a9e76f1d7020c1ff25bf720cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 2bf86356a9c66f25f5dc6c2b5e780338
SHA1 e7ab7a330e5e5e8d0067fc04a3cacc7e6c1fbacc
SHA256 c488d52ecfc9fa56ef4550e57efff03b731e132d9c4d72669683284a617e8c35
SHA512 f79dbf51df44b635ef68643526a78fb9d2bc7e8c8b04b6f5b4d8b3799146fbdcd3c96b895ba26f53572cfee358d656a1dbca3ee5045f9ed2c433d29c2b6f9a71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a674cdc6b581f558a09a5415460e6bb
SHA1 6d48fae0c1a0737b5ba1740eda706481adc3f7c9
SHA256 73ad32d1649bb71a51160ec5dc196456018f47f91f4521b1378a87d7bdbe8ba9
SHA512 6ed7526bf9c799f879adcfb443148fb1ed098d96e1320b5c979a4fa8de53b996079f1f376de80cb0e5c551ce3bbb8cf72704b4d658be081aa684d3ea24eb36a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3898260c337b5b4b5158a48fa10bea4c
SHA1 317d500598c9aa91141372a81ad6f6a82b6b66cd
SHA256 980d5123215cc06e1c1147ea32662e1198cfaa4c80032073f381c25eaa38645d
SHA512 597963650d0cc206c6b5cd77b1f04189caf641e536185f6699c782d4075879137d8830fbb19095f9387b96e30fe19a28d4447cf82e941cacfe8997c33e2cadaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00c4679334ea66fc629f02490bc4b657
SHA1 2262861c665b505b9b4d07486e5d4186a6ee4df3
SHA256 a972298ad0ffc1e9cf4574b176cb075cf8fe7b47834141671eabde9834294e41
SHA512 5d1298d5ed3a21c268f4f1946ed7b189b225e38a90039a2456fe247bf5f634491d0e9f5565646826f3e7ca2a2ae21a6bee05a4d7f5897d2ce9b6dca3ed140d46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5236e08cbce489ad836d55ab9af74335
SHA1 20b462ee7da78d64d4614735a2006eb596013cca
SHA256 50602bd5f97685f3b4375950bb23fb5848c74c5a7b784ad694a628b9e34a6fd1
SHA512 3bc42429bd5c102496a63256ac7def69ce8c4b0d92f08071057191df7d2ff5dd310b67a50fad75c564a51160f210bb81c9916ebcfb6a6c8401517b238b39bf83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11ff3f573824b312d602ee07acf0ea9
SHA1 26b9cec885b1063208b00bd8cab00decb047e000
SHA256 05b1e1867e7281e7617133abee1432c2d4198381e08d883673cc115bb1ce4e1a
SHA512 2411dfe5a19f2cd34e0bfc905005937846b394f5739143575bb34c8fa70f44344f3b2ad59110c3b660c51b8f77e677cb829f82ecc88ecd1ebbcadfee22d402b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2fd43fb9bb8719953abc32f3df182c
SHA1 2925d061c9d982d62915dba3ba4e90829ace6a64
SHA256 286402554fb57416504b174f9fffa65ff3eb2c6ea35c22f6390ebca23c82399f
SHA512 239779f1709eeaa1b7e4691921f0e704ce1275d212a936d61ec6553089523d7032eb1f20ec53dc06d601bcb922f1ca3e61369d43bed773e34addb67c12e29aff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c5f38d4d1594c3864787014ebc543f6
SHA1 da38482b84d3cabeda9a9dc9ffd925e9b61d47b8
SHA256 53e4073ad4c5b2e5d04c928368deb7065434f1d9d6d7a9281813fda8d1edeb06
SHA512 e3cab3ebc4f21317fa79fb72eded33c7126947a861937408042067828da628fe2a52781f7f5ed353d98b069e9c66f441a6663adadb1b45083ad956929a9fb350

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2a64d3472b995affa9cdf6ca6cbe629
SHA1 b8e668830f4b0452e4fe7bcfde167c7a074249dc
SHA256 2446e1c60a0de7c8b9b54fdf07e72ec5d5a6efb899f57a28bae077b1f4e13086
SHA512 ddffd9a52c29158acc1719642df18eb55cbdd98fa4e460b5c82fde6d561b111efe36491f0fcceca1e4159eb0904932194d86039297661274e0c6feae26f43f98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\idb\2997096636yCt7-%iCt7-%r7e4s9p8o.sqlite

MD5 f85497a8d582a482b8aba6429de7a5ec
SHA1 28dec69c287324638286af77c54747a5f256436c
SHA256 8e6c97cf251ee1f5415e980f4ba8d74ad5d5d59ce22f2955680721475dd99f1b
SHA512 318ff3fd7a50605b89302c0bbc12c7982989d312178854a3b82a1608360caa402f0b5ab6b258ecbd877e75f4a8e4829bbfac2394e5b46ae71006fa23e3e172a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f26766a1e7bb21f0811ed4ffd467f982
SHA1 43f9ed0092649ab1a22ec23bccef37193a54ddce
SHA256 699fd291053393e14cf7b58abc158d88aa742294f434815c7b4d2ed8dbb3d692
SHA512 2b51d15b651d82bad447cf84f2d05c157db4b8f8b3a4c29ecdcae0e2495747f62cdc7ed9402221f251afba968dc8c125b7d8d88560d92a58cc8364a48139c8c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d25a8846ad3c7c728f7fc3a028186a95
SHA1 ba16fbf87d00f22e21c6894ff68b0f61b246eb20
SHA256 3e756aeeae071c030259db13b4d10e4ab60412cfa36e435ed9145768bc98555c
SHA512 34c9c0b557264d5ebc5a6678c9b1af78dc7755f1c58c7164d1e527ab75cb21ae5af7531b226f32409090b6a7deac7cfc6903db1e2ba3d9fcffe3996be0078121

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1257e223956d268f154963bf629c4abb
SHA1 34a071a7ac5263e619a1f169f00dd47de7c4e2df
SHA256 d65bb560a41b1d7b1b97bdd210dc3b899fd0073bea5f7c1b07815edc1d03737b
SHA512 018b2d899d7e81ef1f042e76a53ec088f7b5ea688299ec6b76d6ce28acd4036f1c82a15e497168fe556d1ef38bb10968dbf120b22a0f05d63792e8df4589fab3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\138\{5caff218-752d-417d-a9d5-febec021078a}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\182\{3121abdd-1f70-41d0-be91-f09dbfd7adb6}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\219\{204fb30d-cf50-4d78-8603-fbb2238b76db}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\81\{9b318775-1c9c-4fcd-b3cc-27fd0b2a7a51}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\134\{dd69872f-00b7-4fc4-8785-b14c8ca48386}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\177\{9e78a0e2-bd5f-41dc-88c9-6a35c97907b1}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{9270ba69-867b-493d-987b-67f71d5f21ba}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7298cd4-44d4-4b73-b13a-ff6576374893.tmp

MD5 594a307d1cda6c9bbf1123ce7685dee0
SHA1 ae379b20e33bdf13f4650f07365c973ffa5a40a5
SHA256 a5210a4f245ee810986d45ad9ee4d44295b91431c763eb727c4e833e2093fc62
SHA512 abb666789e13eaed9c4c63cbbc4db67b593e0dd8a3c3e37672637e906e9e47437258e0a455c009e7ced08fc17981af6b468b0b41e6caee77b9761c8f2d64b245

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b35e02ac8252bf4bbcc8ff2f7ea77a5
SHA1 d80a78d234b0a7960204300b78def710dd16709f
SHA256 4280d74447314edd48ef08d90c2e7c6ec5c3d73adc42d56268f52bad0b6d3ae3
SHA512 3fa44401d6b7454cc1e0b4699317ee2a8b85de7ba442f960f1b83783c020255e9650df278b3d68284a2aae8cd63b7d097f1e440d67323e2ba727d8192030a2c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 802cd5b222d85db254006cc40dcd7a9b
SHA1 b15e9335be4959d10c240d8497f5d0c4e5e75459
SHA256 8d9cd5979bc08af0bd7c7aa9447a29d0894641d3c4840beb401aa0c2da5e291f
SHA512 31a9504472fb3843f12a5f60ab2047bd28fa130c588a48682ebe1ae836e2a5bd4103c725057ca5bb304ff014a0db021f9c348521378a503153918c6f83c22e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f08d0845228a38eaed3d14691037572
SHA1 5c7477b2e18a79f9e573a9b185ed0cef1aa7599f
SHA256 403be85a80f732c83941ef26cf3303d9c6d7208706399fae3277d4cc1f268e07
SHA512 db2cabddbcd92c12c54fccdd1a0c8cb55df72beccd07c8bddf291ffd25312b1637130d7fe30a1dd490325a356d933eac40cb7bd2004f3a4b25cb1fef3e3dba68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d87a2241c3d23dd752e74a2b744fef9a
SHA1 2fcb7cdb0fa32c3c695e46247db0f048720f386b
SHA256 19734e897b92c13656b8ba0a762bfa2ebc5e66c93971c1d9188c855a05b7f5d2
SHA512 c3d6585367ef8d4a69be496663b99b1ec003a1dc6d89911ac4437513b439e523f5087a7c595216fea88d69e568ecdf1201e3014b43b874346c6e5e102dc4d6bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9a54bd4061a41bf43efaab8e83455b66
SHA1 12da047618675870f2ee3c4401c1b71487478109
SHA256 d6e7f1c24e34f9aef1a5d4deb02dd9b027c36fa96e9c6944d2e056a009e995c1
SHA512 df121c9ffa4384988aa4b29360c3bc611edadb92a95a3fb8f940783612cd11eedb62426e638a71908c3fa9b4cce81a1fe2f794f66b41e4bb7828d5be68facea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ec61458736b42f34d5ebec628b3dc6b7
SHA1 185135fb076fb34ecdf2fa751574701eeca7db9d
SHA256 c9f66a9f1720d0d85b9fc6e3d6b488fa5a7c886009eb185a07e62d40fe45b4da
SHA512 af7f7544661fafa548a10095225bc98bfdb4017fe89304bc31a6b0be17c6b2fac3c59088ce8afdaf6128f548a32d37fed18f19f3c9cc031f433c91c04b80b71c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8536efe932443a6af7e1b212624f3a3f
SHA1 5b81c67034aeea50720b49913b493bad79c82964
SHA256 94bc8e0228232bf466f4243aa9b293271d4c32f0aa47e8cafd50cf53b8f3f5a9
SHA512 3ffff6ffd9cc8146527a0ccc9f67f76575719b55ca82af9b8b3c00e9fe168fa4e5bcd8a118571c6bc57f961dc0cc1f4db2bdf99e1fee2cab3ce2c005035b75d9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 cd88e2d6f9fcba361c11e4f7efb7b51c
SHA1 d79a26e2502ac54b6f7baed64f423cfce821f1af
SHA256 fd4f81167b13fcfaa748d5de6eda6104443755b951b6c640f794c425c06fb237
SHA512 1484e2315727203ddaace68d1b134ecde4388dab7283c7e06f7e0490590c1e81954a1298a1c66014a2e9d0b20a8f8b40f9dd9d8da956010a58bcbba1beb8c762

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc40ba2a0a10d54b9e403c2ecd2edf9c
SHA1 df625dff21b89eabae206bec5e1f926b36cfa919
SHA256 dfbaa61f1b7c4637edf7f6ebfa331bdadd2774b6944c804f602199d115661f38
SHA512 1b179c14c4e045151aebf1dc265051b84015f79012496ae9917d36c9c3dc146c0ee4be1969a5f775331b047e879319ac9d2e5cfec6a9775a73f9034910e63dd6

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-14 04:48

Reported

2024-02-14 04:53

Platform

win10-20231220-en

Max time kernel

299s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523599290557569" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ef8fce2d015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414665006" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2953ec17015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f227c232015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4704 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4704 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4704 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4704 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 4704 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 2384 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 5664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2772 wrote to memory of 5664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3860 wrote to memory of 5832 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5832 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5908 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5832 wrote to memory of 5992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5832 wrote to memory of 5992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5908 wrote to memory of 5800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5908 wrote to memory of 5800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 6044 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 6044 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6044 wrote to memory of 2464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6044 wrote to memory of 2464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 6040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 6040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6036 wrote to memory of 6088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3860 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6040 wrote to memory of 6108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6040 wrote to memory of 6108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6040 wrote to memory of 6108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6040 wrote to memory of 6108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffbcad89758,0x7ffbcad89768,0x7ffbcad89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbcad89758,0x7ffbcad89768,0x7ffbcad89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcad89758,0x7ffbcad89768,0x7ffbcad89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.0.1498963397\1211811270" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1652 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {797750b2-f4e0-410f-8cd8-97a3de0624c6} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 1756 1b7942ee458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.1.387483227\2055261273" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e74d96-7943-42a9-83e5-3eae7d965345} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 2176 1b7941f9858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.3.2053415424\1477867063" -childID 2 -isForBrowser -prefsHandle 2840 -prefMapHandle 2916 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa654d7-406c-4824-a40d-280284ebe7c8} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 3524 1b781f67b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1864,i,14899317695768434112,10188792900962786559,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1864,i,14899317695768434112,10188792900962786559,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3880 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1844,i,5980031883195814879,6655298466230880089,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,5980031883195814879,6655298466230880089,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.2.1378264017\2038969885" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2900 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98064bd-4359-4c64-b173-1b7711b20eb0} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 2876 1b7981d9358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4740 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.6.554112246\1608746316" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e323f87-ded7-4b66-8eda-fb54786492ac} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 4956 1b79a7f7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.5.347994779\525444865" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4764 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72f83f55-b7b1-4c66-b461-4e4d545df9f7} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 4752 1b79a7f8d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.4.266966029\1253916435" -childID 3 -isForBrowser -prefsHandle 4696 -prefMapHandle 4716 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53a266b4-d94b-43a2-8fd0-cb5e0f25f3a2} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 4692 1b7985cb958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.8.951988561\1527324334" -childID 7 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f80cd73-6b6c-42e0-b66b-8eb030c041b1} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 5312 1b79ae4b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.7.1169704233\1648226006" -childID 6 -isForBrowser -prefsHandle 5228 -prefMapHandle 5260 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {700d64cc-2287-443a-bf72-782b03db4521} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 5204 1b79ae48b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.9.699032370\507288349" -parentBuildID 20221007134813 -prefsHandle 5728 -prefMapHandle 4016 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02d80bab-6702-4365-8e81-40170043414a} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 3040 1b799652658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.10.1283682769\1408234975" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5868 -prefMapHandle 5860 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f04d16-a3fc-4550-a859-40f1566205cf} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 5876 1b79ac90f58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.11.1774995197\299894686" -childID 8 -isForBrowser -prefsHandle 6116 -prefMapHandle 6180 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c860fa98-7545-49b3-b389-f9907d9ae1bf} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" 6248 1b79b1ac858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=2272,i,5621253121662030370,5015334651451819708,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
N/A 127.0.0.1:51152 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51158 tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
DE 216.58.206.35:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 35.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 172.217.169.3:443 beacons3.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/196-0-0x000002748E820000-0x000002748E830000-memory.dmp

memory/196-16-0x000002748F140000-0x000002748F150000-memory.dmp

memory/196-35-0x000002748EB10000-0x000002748EB12000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 2b358907b174c4211faf4de120fc4899
SHA1 d0a6bf097c9424fad78f9517af0de6def5018f5b
SHA256 ed0b66e44923f8e65b0e3d6940926c9897c58f2fe8878f663aadb58ea94df1c4
SHA512 1cbe96d161fd52dbae46291e713b73dd59e4921661be06d46d0ed84ea77de009c2410831c8477da76641760c4fcb78262ffab5b99525ae5f5c4752d1ae3696e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b4a2c07203e6d7a6e75cadc00313f5ef
SHA1 f77138a9295e0e7dfbca0b130e26f692f6ec674b
SHA256 d171cccceb9e1b9b7487c6f3cecd03e480282830cd9ce6b6175acf9c1c052cc1
SHA512 848636b9a7ac53ccf443b40733022d6d341a6cc0707b1ca020b31637f539670eb0d105670f99ab18b4dad4f05f11823f3252ec25a650afbe2291d6df93f64539

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 265f2f244839121557d5512d9925b363
SHA1 9093690a7603d478883281a2489d7ec629180404
SHA256 fe12e00c76736e3d8c11b4bc37cc0a1507bb14ea958982bdef052a95ac509563
SHA512 349e446b34a130d408a03aac1425bfba2f95e32cd996c910657bb142055c94519f9ed8cc07943d9d4d2f5992c1ee05d83042fd1a48bce3b348cf42ed3e222ef8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NOHEAOV4.cookie

MD5 f9a8a32ec12bfda6bdfcee6476d7d386
SHA1 e92f7dd02f0b641209ba762b1582d184419df203
SHA256 3adb1d5a0c2a18420d7c89cd3bbb310a6b1ed731c9a0029fb25b0a9921daedee
SHA512 17b102c93e4f1ae21dde33897cbea7aad99766146a972ca0a974017577c058bce7f46eca3535d462d741e2b8d83639402f0c14021ab823e58dfe84f0188622da

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NM4GM5S9.cookie

MD5 c6fa6b6c8bf485359e165e6f03009f47
SHA1 7d023dd598ed81eac97df8cd056338b741d79189
SHA256 e344ef85f2e37cbaaf7ddcbe11bba0cae0320b80f311cc26d823148ba99a709a
SHA512 bbabfa65b9d809eeedc1a233bb8563c8be6ab7f21730b37444977b7092e776a216f7c1736a612d74b90e7155cc32c072ea2ac054ec9fe6689b9cce66816d98eb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CZGHT92Y.cookie

MD5 364d7deab81a4a60453d402aeca92a06
SHA1 c4b718ac714590a76872b33a5a9917238ab3f949
SHA256 aca1e88c44aca5083dfd3528221c02054d8982630341a8c69975d8e92c39165c
SHA512 64f3a5e689f82ffe3e439cc192b173d7a3eec76d4009f0dd8d199aafbaa8a40ddc49e65cae06d2cac9bf315815311fb7c8b667e93533e0c8c8c616b553d133f4

memory/1276-133-0x0000024AFC1E0000-0x0000024AFC200000-memory.dmp

memory/1276-152-0x0000024AFB950000-0x0000024AFB970000-memory.dmp

memory/4420-189-0x000002CE96DE0000-0x000002CE96DE2000-memory.dmp

memory/4420-203-0x000002CE972C0000-0x000002CE972C2000-memory.dmp

memory/4420-209-0x000002CE972E0000-0x000002CE972E2000-memory.dmp

memory/4420-216-0x000002CEA7C90000-0x000002CEA7CB0000-memory.dmp

memory/4420-220-0x000002CEA86E0000-0x000002CEA86E2000-memory.dmp

memory/4420-222-0x000002CEA8700000-0x000002CEA8702000-memory.dmp

memory/4420-224-0x000002CEA8710000-0x000002CEA8712000-memory.dmp

memory/4420-226-0x000002CEA8730000-0x000002CEA8732000-memory.dmp

memory/4420-231-0x000002CEA8750000-0x000002CEA8752000-memory.dmp

memory/4420-233-0x000002CEA87C0000-0x000002CEA87C2000-memory.dmp

memory/4704-269-0x000001B1745F0000-0x000001B174610000-memory.dmp

memory/4704-271-0x000001B174A70000-0x000001B174B70000-memory.dmp

memory/4420-278-0x000002CEAA380000-0x000002CEAA480000-memory.dmp

memory/4420-284-0x000002CEA9240000-0x000002CEA9340000-memory.dmp

memory/4420-396-0x000002CEAC7A0000-0x000002CEAC7C0000-memory.dmp

memory/4420-400-0x000002CEACB60000-0x000002CEACB80000-memory.dmp

memory/4420-405-0x000002CEACB80000-0x000002CEACBA0000-memory.dmp

memory/4704-451-0x000001B275800000-0x000001B275802000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CKBH1L7X.cookie

MD5 44e85fe8f00d177d79f18fcf9d2404c8
SHA1 ab297709c2f65d8991502d4689d684a241e0aa03
SHA256 b92c1cc011d14c8377c020151f374607ce223a8ae7d5b2fdde962bdef01d1e41
SHA512 17f36a13425d8bec46f92b002f70887188d94cd9ef89027b90de5f13256654f9fa8baf7ed52d99125b2e62bf6511ebb4fe8039b0992426649f9905d2ac31eafd

memory/4704-461-0x000001B275A20000-0x000001B275A22000-memory.dmp

memory/4704-470-0x000001B275A30000-0x000001B275A32000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 45191f6c05d47148e4266d7b90c014d3
SHA1 0a84709f4b06ac1beb8513fe62e4966ae0d764b7
SHA256 0a340e44fafb55868a809d5785809ab05d5b55ac447d869da8814eb410f55170
SHA512 6d6832cdb5415af5594e9108b211030d36e71ce3d2b3cf5307c8077e30a0b803d4293a1a9d8e3944d76c3d9d35576868aaf058a6bf3534de8c91d3e06c65d02d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 8cc7cbdcb90ff51078f2193bc010ddb4
SHA1 db53c659fd8263fc2b0437e8cf49e989218eac60
SHA256 c31ec9bd7f8e948c5677a58859810042c15035e847d7025227e3284790902312
SHA512 a1b0bd76fb437eca04be54470a805cd30a717c7c55c4f9e65e451c11271c8a11116ac92d89f5f505865cd923ed554cde2919e9559cef16f5a56a536a587080f4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac282bb636d500e3abce4b4e4ca24232
SHA1 6524f75bbf80cba5f3cbcfd540f17e20a7675075
SHA256 4b272096809af74dfdc385cc00f0f4455fbad6970b10d6d157c413447e4d3e0b
SHA512 002f09ae1152f3b10b4ae9cc7c95fdbf1279564687794d0fa74a5b5b0457b2d1b849f04076a3a231f69535957ade10cf0720551bdcb2cdbbb20f0bd06fa7b5a9

memory/4704-541-0x000001B275000000-0x000001B275100000-memory.dmp

memory/196-591-0x0000027494FF0000-0x0000027494FF1000-memory.dmp

memory/196-594-0x0000027495300000-0x0000027495301000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\E6M1V0QB\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2QNIEW4R\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9fa8fd5029c4a1bc65eb5dd510ff4bc7
SHA1 9fa13bc54424f3d06864043c2f5a2a4cbf1cc330
SHA256 cdd44f23afc180422cb7f4727ee147b5f3c8452edee57f714568d981a4bb054d
SHA512 a03812e1824b2bbb5d2953159683a73d4b103b85642b0fdf6b4e234940078754f64197a1b77dba46cb65e88b805e66bf2e1f9940019a2651bb979d21b9d19eb6

memory/4420-618-0x000002CEAAC00000-0x000002CEAAD00000-memory.dmp

memory/2384-647-0x000001F2E5A00000-0x000001F2E5B00000-memory.dmp

memory/4420-712-0x000002CE96A90000-0x000002CE96AA0000-memory.dmp

memory/4420-708-0x000002CE96A90000-0x000002CE96AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\2qvqnyu\imagestore.dat

MD5 afc36fe10bb6ec4d7bf4888c56d8df9f
SHA1 61c9c5f218ebdedf1c1d376d6a3644968214ed73
SHA256 a7d193e854337c09acb1622c248232459ab5417063288bf1ae0f7c1af51932da
SHA512 7a9db3e17d895f641e76bdd70998b01e384708b4b49c109c15e84ec1a5ae9b5b54ebe3ac43a5434d0a2514652c47b17ca2aa89ea9a0462c5e03b7a252817b6e9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IG9LX2IV\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9059140f9ff4706d0a1bed6e143de589
SHA1 789d4742abd63f87df996e996d9fcec71169c0a4
SHA256 0854ecfbf56e686deb573a26dd0e8d4e1f277dde426a749a0343873e225ed316
SHA512 69f4b4a5bcf300c71ea90d035bd75ff1521880f71b6ee17f5030b55afce58132d09be5961e3a662e381b35cef6be2bda6754d25b4f5286b1a6362dd8b4ebfec6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y6837NLP\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K9FEMTFS.cookie

MD5 d27d6e645c99cb157159619ca405b150
SHA1 7141e2b219a157929463df475902a7395e3b96c0
SHA256 afb0e9c5b80b93b436048d08ff57a180fa8c9f6d654b16ae2f6e7ce76e191b11
SHA512 ac9b46117718fef6a94b6e1a765bdacd1b3d2e8da203908d7a1cdf0c6e025753a37a7f91a295dcb3acf68caed878252505dd97f11590438df58bd32498582caa

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LEIZ539K\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FH0M1QI\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LEIZ539K\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LEIZ539K\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\rs=AGKMywHTaWCUsKtm5JqwWC-A6Bzf1VZM2Q[1].css

MD5 21c2e08aa4899d8a1c2c7f253c8ed774
SHA1 76b33d1d8776d94f1ff19b530e860f58d6f76b83
SHA256 ad12d4b767d7680345b3694db07a850e3070237aa7d759390a3c4e2c472eb982
SHA512 7982f1088844f85a99e97d1d074c0b36437a3525ac8b5c531261fb902f16d72760d5364235a2e56182b638a8cd2bb1f8262afd54ced682a56761f459722b0f56

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DAKXJLOH\desktop_polymer[1].js

MD5 65bc37f5af20754e831f753f64d5522b
SHA1 65252ac81ca1503f8270896f4c5a80453edd4667
SHA256 89e2d4f64f2f0fb8797011a50549ce7653446c1d82f8296d057800b87161735d
SHA512 83385e2632fd4ae3a3b2dcbabb3acf75ff11cbe268b9b1eb202cfa0ab3e3c532ac6e9d36f9c23d79901ad397607aebfdcb51573ccc40dbe0738f08bc33c0e51e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 92a43d1687610c476da12e7aaf93c219
SHA1 3a4dda66f5bd14b8e680aab8597d9252943ce93e
SHA256 d6cd22db98507c28469b80c7c0341a32500fe6bee4df36a334c09cac44a8f91a
SHA512 9b5bb7fc1c062fc9c723c8726a3ec0a5280c6bc61d866eaf08094ecfaa8d4a25c8e05790a10d6e9f5d5f233faffced86d765ab48183f8bc89448acf10a6897e5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 3e7051a0edab6044174a3b27ce977a39
SHA1 b46c9f04349d038d4db49d58f372bbf2f4a6e499
SHA256 5ad7744e72258ebd051df62af346f061301dc314800efdceb4202d90913df169
SHA512 d58a931cfaa3d9d357f3c6b792442ccba9ba8ffe3559a00a30a245ca10796ae7c70d2b8d8ee29015e9e81743be0179dae0a14857669d4ba7f25964775346ea60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LPEEJ8NJ\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ISWVN4VI.cookie

MD5 943d2bc9e9dc7dc14ebbc8b7b75ad126
SHA1 26189f7b4f7ab07b8226f42fe690e9d13288df62
SHA256 bd4076e89ec92b950a70f45a9cf28bf360bb8647cb3987b000f86652df1c7b73
SHA512 d61ea3bdcf8f8f380fd60c5d35ebf6a50da6ece6cfecedc7c3ce8bb0149fd93eb7d30fac929cad729edd6311a68c1fff22589ff2ded31f9b8b2d7286ba93ca88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8a018f5df0c818f74ddca85878733868
SHA1 c449236141dfcb55f3b4033c79732710bd97298c
SHA256 e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512 ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5832_QBZDDDCEVVYUTFKB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 efcecb9b4535a800b67c54189eaca603
SHA1 c5159501e632fc8a59eaa0f37cb16bc3c916f21a
SHA256 f75b3d743302423a4ca049f808e87e5703579524e38141dd95a95af5b989f86f
SHA512 1e701eb11a03ee7dd212944adb0e61f581fa030351a93efaababf43ee9dc27e32a9c31c577d4603c1eeb1b30d9da622d0eeea68f7d9548871ef4046e8ebf60e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 be53625c7df8da9a87c82b4924da87e6
SHA1 8bc8d94d373d43fd2f3b1446b60cb348844328ac
SHA256 fdb67fb267ee359c8dcf682e34e1be610c007455368cb65f738689099a0614c6
SHA512 4d0fc91f68c46ed517b5f1ea5dc26f26040e0d32583ae13cea31fce6e7862634707f4a9fa733ce5609b5a210776f646245e3001f5ca78d26574a796f458cedbd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\fe2e225c-55d5-4616-9a00-8b40456b2d98

MD5 219f9e9cb9641b1056315fe221137972
SHA1 6d53cf174e96b035b51f9a0c15bd8d0e13c390d8
SHA256 407e47f9e4d56e9bf171f36c27371e2258a570f325b8c7e9277fd06d78f06d06
SHA512 d46aa36d54eca250e52a8ba60a5bb889c67fb071658ae5df6562f27590086f9917c23ed2822f3ef5f78482432fda9cc260b9e05662f8a7363176b7a295ffbae3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 af69be7d7dc329fb35a8ae3a6446e70b
SHA1 42da27bbe76343cc4a6c7d2835db430abc8046ff
SHA256 ccfadbd0c76e19649b41dc01129920345ebc2c2a168fa40dd0c76e036c2efdef
SHA512 a658a57add8f80d579c1feee077b50f8e11bae8d8dc67fea7656de0a4a4bdf517d9a53b60f6bbf01d4213d641e05d59f760d113bc9aebd0e748879935161d059

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\da8d1717-6999-4163-8f09-3e62d6fe1192

MD5 8fc1af6aced4832b233a9ac2eb10af8c
SHA1 1b05b0d336c3aeff2555f08761b020600242a648
SHA256 02c98a52300937f9d0a566937d118c21007d2eb0abfa5464d558ad8e9d91e6f8
SHA512 8019f0d479bf1c831b7eb91165b942aa90a68e65a97a223ba0fa4d3bb519bd7705f23694f39fa6a1a6bd3e899df02419870531040b8c5e2546c52a7aafac8895

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 82cbfbe61ecdd1664b800cf3e5bb5491
SHA1 bd21ad6b7159af7bcf9cd77a5bb1d778a8f0a9d3
SHA256 404345c3244fc001c4ed3b327b753241b2f8ae19a5ef1718addd8b54effa8e93
SHA512 25be0040564d28afc9cf9bc93b6ca1a546ebc0040769409233040d554a72319cae948bf54d516e3b7e35d7ee352035b25914db62d30a8fa38db34ec4d381c912

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1328a761359162b51ba2f5f07644badd
SHA1 f485f17f774e2d9c16e842ec72bf5a557ab92778
SHA256 9a0afb999c82bd8b5d6207ec2ee09ed77e11b9fb2f5f5045347cdac107e08b24
SHA512 8112e7d3ccff0924391f0e42b9cb1085e178a6a1a9c4323afc3711a7124be9849080e75d7da122121cc65995368b78539e6191cd82bb85018449c75162bde279

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 2bba0dbad05e2ad35cdea2824cf8969d
SHA1 7c6ab97326dca28497e19b6ed53662d8fb32d286
SHA256 a90b9a5a37fe84761e4368d2f605d5a0ae2909395bb6c6250753529d45843756
SHA512 8d51adc088b79b3ac683750731a47ce8a7be6b6549b2dbe852c8a739da43b78e1e2301374a02625762f03853922991599a0ec73bb411ea92712df5e757e24554

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 674d4eb90f54b927129dde7ce1b7ee67
SHA1 9005b27f9ed0ba8bb1bc6292d14a8c57764a1a5e
SHA256 1ac1df2b348bb426db43d1c0a2067772b3a14f7628baa68d8fc1bc5be31de198
SHA512 6c8ac0c4a0bebe67dc89a36c5ad802b9f9c1e332ac2e92e09dd82bbd4cbff1e10c0f85d2aa23af5fc070d10107bf3e5ef28dff329f57ed35822ffc56d6068179

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 2a03152523ed6746faf2e8b6b591a660
SHA1 c49dfa71a77d77714112de780bc6f58235689637
SHA256 e4495de42aedcdc8eb0c8665bbe151afb4c83cddc4a039e85121abb99c9cf853
SHA512 5d66db7c997e461153731f76b2c61b72e12a2a79e7483abeaf2ecb2ab96212e4368efeef2cabf01647418c31626b5504362164e67ee67d24423e85270d367471

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 20695f3131c5287e6b8e2d591fa7b12e
SHA1 c773ba0a645d6a34013f39e8140c02264c507c75
SHA256 5ec6b681da0fd2117417f0f04dccd507ffd7390778c498b3c5b180947bedc057
SHA512 7f0e82258e5688d5310b55ab0ef45c647c5f043c40f8bff92848a84c2f26593d6ff8160b5430b3197242367fec25319fefc7e48930b845a0aba8f55e12fb2ed4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b234cb5f8c1611d43f23210273d1319c
SHA1 dd36b66ef8a8b484b8bb25fc67fa52a06513ac97
SHA256 0a6d668f7c03ec17278823fe7169a7f4d1ac259624806f7bd2c36eca6b8029a0
SHA512 2cb22d5ff664866b9b5cdd64e7ab21bc931a2b33093d6930b9027eff22f7a6f8b230b5d3eed916db39133f2f6e6a299a53e917505252191c3aead1354dfb775b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ebc7.TMP

MD5 7ef2df46507a707c4047c6751330cf9e
SHA1 a1b7182c41372f207034b8b58f982920abb77c5c
SHA256 794abb8161ae8cf3f373f86fa4bb3d0f5986213ba8b204d79b8e6c6fdbef7c05
SHA512 65dfee966552b5471791f52aa39f43d810251d8edc315c15d6f256944e842b773ea142618fb1d2c6c850b3284c073da45f2f9b336cbbf1b504a0e234fdaf5244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 89da9b9ba7d4495f5293fbb8599b1a78
SHA1 dff4bd5b651b07a6390ddf42a9d06ad24c4816fd
SHA256 1e22bc67e5622d1c8111fd852cfd842e06d6e2728c57434e631ffacd4239f821
SHA512 26aa59ce33f3157b8474a894fd8a880405923b33b2ff23e3cd550632a60e80c0b38d278b7ed24b14621691d9d3cae1c5f975d551454d09602ba4407f5a87bebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 f63a053d2a5052d21dc2d368fd5bff9a
SHA1 8e92fade8a87f8ae6af3020e66c3452533f18666
SHA256 fae06ea254375ed61ee575a8af108ada1923af14c225788dd010eee26184b007
SHA512 a8ceee8dde07c61e3fcec385ed034a002774d50101be0c675fbfdfd60779dbb7bc49ab18fdb9cd11acf84dc793ea3a874beeeed20ef0fbb7a2e0a798079f9fad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 0ce86457734339e2cac423ca45efbb09
SHA1 dc99c67ff9b617e48bd5c07dd5739171545cef78
SHA256 2c9ca56ddce09f07f64ec93a9c76e81af904825e52ba45eab163cc3e67b3c616
SHA512 bd0498a4e375803bd41051247b4b7c85c33b00ad834b7cdb604be1777a70f9adb26be4ad2991a0d7b036dfad5aaafec47d9255523d37e0bfc0a6911b361d87f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a877cfa61c812d051d6aa9782e083cc7
SHA1 91a286e95b1c4907b3d066d59d39ec8992ec96ad
SHA256 93b00d2588ac42070d0f051cb646b2ba6f4f64ad7a12036f9b2ebf045fa022cf
SHA512 93ce1f9db35012d03feb07ca79191372e5ca0d76930412b346e156e0b85307e3ff534380247c01de4a7549adaa03f95fc6885e62f14a0b32c0ea8670fb76bebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 865e31848a76e856eaecb876d3459417
SHA1 056b5349c2dcd51d08bb713126cde5d1e76bb154
SHA256 7716202de2f37dd00b3e55c1d41f563b5b22f86046292aa09294e94cdc7dfbad
SHA512 d2b6f7642a69557c467a378a01ef6f83dc793bde479c2d1c5ea1eb285536efef5a9420440070fc13892ce775694c30dd5b7380ea2e374c6d3f1f9bd122222d77

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\81\{b28c1075-5cfe-493e-a620-e2af55bd3051}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\671602716yCt7-%iCt7-%rfe2sbp7o.sqlite

MD5 f96be1dcb1ed20b0a95f4d9b9e4e7792
SHA1 3fd965af1f4bd45d5eb0b50eafadeeddaa04d558
SHA256 f1f57f8fdd098220cbc7c234b008d3f090dc6d4ea38e2ad6ccf240bf47121745
SHA512 d01aa8443e9b92ac2f6fa6106bf09b477d0010794c303a564f6752be5c7c9d2f61318449c1e14ff9ecaa4c8ebc3bbe284cbf55f9b40402783c76a4a499f01691

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11d739d092c74286ed850a91cbe28023
SHA1 8942be1086d18ab11b37e1a905766839d2cea842
SHA256 2f189c0635d0f4325581f6107114f5a00d5ac0ae7e530a5a488a3878f64f80c0
SHA512 f689c388c4cba729781d360c1bd3b68635c1fe1cde2ee0416c6ab857206b5dc137c02df2909a0acfe4735825e6783d358ae14aeb4d40b87bbf7172d1a915efe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fac7fe9d64727c34d8a36ae36103c560
SHA1 f5bc97d28ce809f75da9286a215d2870720b7f30
SHA256 4b1ab0afe2c6d559085aa87a145645d6f9beb5a9167e4cf5ebebff895c2c428e
SHA512 f6d3703515747da81c6c58a224c41bfcb336d0f23371d3acf26e6249726f2dbac8951f2b295d1614b64670c395a349e7456b1802ca97cf353c6eb2a5e7c69130

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fae9ad49c9ce3305161c38c6554ae93c
SHA1 2607a86593d6d5400e9f3cdfb94203c4f834e888
SHA256 f3787d98f4cd58e52039384fd5a7434f360c8acec3be372a575d3e9e293d89c5
SHA512 a51e6a940df35bc07135642d2ea92554601f6c50ce21a03bfb158f104c306cba1fadad80c0e4d65e4e49f70b0a3d7f6bbfeb02d2c2fa3f25dfe6ae3d8b30e607

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a55.TMP

MD5 b19ad13427223a01ade7f664a7b66f81
SHA1 2582c3f5023ac9bd7f7534e41b92a82428083407
SHA256 c118e306f1bd7a0debd63793fee6b4aee42bad0e6b4f7d52d6c67440e25b9ce2
SHA512 23b47eb1e6c8f32569e725df32cced2c2c298120c9e9dd115f1aff29471ae79ca63babe2538db01711ef74f7a64faeb155744b20d4059ab728adb87d23b93ecd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 d3e773baa8108e0fc3d16a974cd61fff
SHA1 4c99b2e14bc0e3c290349c9f97a5a84ee3b6ee5a
SHA256 e563cb48aace9163928771302e0063aec81326884fcd88a54312d75cdb623b8f
SHA512 daef740b2fb4e473df835e8d65f75e5bd3312d6957fc01d7dca420f92b952d2d384034d6ee959e212abd256aba239ab86f99e2ddacbc69deb64844347f5e2cff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{1646a70a-0901-4255-8f2a-6562220eaf80}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{efa4a728-58d7-4210-81a6-d454c3c30779}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{201c7c89-c107-4a50-8b8b-880c3d926d80}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07c09bfcf1c55ee891753a7b37cf7d57
SHA1 1fc6d1369603f89cea10c1c901dd20f60402ed8a
SHA256 cc3523700fb36c94adc487dbe0572a5eb72a41219dc68031a50ef2a1ea7535e6
SHA512 8f331039af0242f2e27eff553a2a8f832afbd518498896b53b586fb8f78e1a8b79cded12e730812e1da4f527d8f9c02b580dbc3a066ab589e763ae7f4aad2260

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\255\{a50b5440-88c5-4cf5-84d3-190e331f66ff}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\54\{89507241-bd21-4b32-9187-78ae5b797036}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IEC9T0S8\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 91e43b35e5442b4209553c8abb6e843a
SHA1 d3ebd00e1402891ec4da74e2432ef537fcbbb71e
SHA256 c074c297a0b16c8efe8396668bf4f956828d9efb7cca1b2c278768e4c522dad7
SHA512 179e01adbcce25bc39eb2b195528500b0930d814d36581107dc0f7267305689764e68dde4a67a726fe5b075d5f069e7925c18421e0744dd03f78f9244075dc73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e51b760218283636fc94d0d41ec03f5f
SHA1 69eb7b2e8512b31b3adbe075bb3fd4e291103264
SHA256 cd8ad50f492ea2db778efa669e3bffac6d0952f68bbb9ebac871d0ababfe9bbe
SHA512 30d2831f3a3050bf4c0f79b9a9291fe3b913890bec53787ea39ea63c0fafac86d153d93c8bda39fec65099b7eba155903d2bfc798131cad6e0a5f6576ba56062

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e80ef551b5bff458feae7fc8e71cd66f
SHA1 8e7b42c903c38dc90c132b19bf35ab3d90f92386
SHA256 3d10f3939f87898fb23defd60c0ac033f38640fbc55df9750708211d1e0d99a5
SHA512 38f12f71690f7a093168c183a78d06f7789194ffdac5853ae68403964f4ea5bb0a8a045ced48f61c2f742bdcf8df7c15a3190288223d597c2299351ca2f1a54f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 031b579a16508a3121deece8c548a575
SHA1 677feb50196add474b5c9c7bff34e2586471416f
SHA256 3f54e64793b2400f08b527c8ab0ef6a497a4149c4823f24af5f12af6dcb6523c
SHA512 653d9a9375d3eb74953e1413148c121cb72e63c9f603445e1297e0aa2b94b9f7c24ac71b42abab0d9a1b1a2a7dcad5dd91d5199381f5bf14e5bb124652c27ab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6a18c39cd8fc3c5e0021daf6b5d781e
SHA1 fc3b3f99c56d7c41384f90ddc285c1b660e91691
SHA256 c1843e5fd069204b5ac3de111231a4e777c295f8e3b5aa524e62e0372dbc9913
SHA512 9df78c5a0d3ba01b30788a94b318b313a79a88690ce088361727aa574e66d835b8207138266adf1e41818b6aeaee27c5ffc96eb81b45b7d73a918d334fedd389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c918bd7ca6cc06f425b98d45e7f6d691
SHA1 f73ab0b12742b4046e246b70a5e1e2f6ca95916f
SHA256 e524dd141fbcf0ceda104024a9b3395a48ff7f7049e388c78bc538662fe9e220
SHA512 60a19ec0968ba39a614549e5dcbaa4b4a2907faaaae112dc1034d98b2fc9eeb46c537bfb5fdf78c46a5b3a0a02a8bb17218bf1bca3ee70abe819f2376ac97bf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b30d1ef2e2a2177d8aa6dfdcbf044cc1
SHA1 242a2794b4c943b83a078c7de8934d79ab0adc3f
SHA256 cd1a1cbf53db396d9cb0140772025d54583a817c0bcc659a66eb48fe291ab422
SHA512 774bc7b25316f4a0c9a96c8417ccbcf443d93d798ade800e08581328916d33c06ca56786bd972f0f1b035842994e969503c3b8400c0c0725d5c317e9127b9143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fd7d40e7dca89ed0d5f5b2b62024a18e
SHA1 13dfd4f2612740d339c16438aaad32ce8f913c7b
SHA256 dbbe1a6b2e3d3409ec93914f8cbc06d096ef209e6c92b58cc93ba919e85d697d
SHA512 d1f42ed7828f2b309212cac004d8caf625c7efc6a1dede71b098ee248d6f99e272b7a140d0effd3270975f5b2698b659ece10a11bfded34b1d2777b218fa4b2a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 be8ade4ecf71ebb629c5f9a96aebd385
SHA1 f8cc5924d7bf23d84d04cdbd153857a9f7d000d6
SHA256 d12ac4efcb9b3f680c0296403b927bcb4869c73d8896981056d76a08d57c61cd
SHA512 7e2e3f5bd7cd55f004ff4988f5d360efe84abf99e7d5558bfd3f026a878d16d4705092733963f56366cd966d17c9f4b8ceeda4f7e25f2481be20727ded447b5a