Malware Analysis Report

2024-11-16 15:53

Sample ID 240214-fj2nsahe9s
Target dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad
SHA256 dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad

Threat Level: Known bad

The file dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-14 04:54

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-14 04:54

Reported

2024-02-14 05:00

Platform

win7-20231129-en

Max time kernel

134s

Max time network

274s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000719923effc5f7531bb2716d87f80a3be3f06effeffefe3ee90adbeba2bdf0337000000000e80000000020000200000005b204dfbd10d2ab3d9d52e9fb6e6eae127e759910a531fc3b8dcdc49028ffaf720000000f89009f3df60e7a82bfa889520842e550bd8aee6236056cdaee2a466bbc0586040000000cd33c61e71712f8dd3a1b939e7ea4946cf73ee88152cc4001450b502cf3eb0a27b438d80ba0e2e7316c1e7fa56a5422aa00cdcee412e9ece628216365f756413 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3409CD81-CAF5-11EE-B5EE-F6E8909E8427} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414048366" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3409A671-CAF5-11EE-B5EE-F6E8909E8427} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1720 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3056 wrote to memory of 2856 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2856 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2856 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2856 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1580 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1580 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1580 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1580 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1720 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1720 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2368 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b39758,0x7fef6b39768,0x7fef6b39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6b39758,0x7fef6b39768,0x7fef6b39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b39758,0x7fef6b39768,0x7fef6b39778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.0.1401588134\609756611" -parentBuildID 20221007134813 -prefsHandle 1280 -prefMapHandle 1268 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19e7d462-6fec-44a7-8ed8-fc3ec363798b} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 1344 fcd6d58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.1.818710735\832727524" -parentBuildID 20221007134813 -prefsHandle 1548 -prefMapHandle 1544 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d50abcc-07f3-4b8f-88b7-3cf0670f297a} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 1560 ee2558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1312,i,561348322932187239,14861851493824462502,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1296,i,17631915501716480409,14557817016661464712,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1296,i,17631915501716480409,14557817016661464712,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1312,i,561348322932187239,14861851493824462502,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2648 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2660 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.2.1581283342\1767777943" -childID 1 -isForBrowser -prefsHandle 2544 -prefMapHandle 2540 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50d2d21c-534d-40ad-808d-3fb439b932c2} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 2556 19347058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3384 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.3.593492592\1184080315" -childID 2 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63c2dcfc-f13e-4e68-ad76-9b76fc1bb879} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 2880 1d232e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3184 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.4.225163649\112820289" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3544 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {690a74ed-dde0-4604-8c09-9c6d9e79a74c} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3660 209a9158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.5.468011505\1718486638" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {933463f3-fe33-4473-af48-4caf1ba7d806} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3780 209aa958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.6.1849171451\1501066706" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba97b307-b969-4573-bcb0-5d40ff6a29fe} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3952 1fe6c858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.7.1575271002\1515314527" -childID 6 -isForBrowser -prefsHandle 4288 -prefMapHandle 4336 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0916a396-dfe3-4c77-ad34-c5fb94c68ae7} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4356 1eeda958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.8.631322779\1524741883" -childID 7 -isForBrowser -prefsHandle 4448 -prefMapHandle 4512 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33567218-f249-4f24-bc69-ac218aa1e9e4} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4376 1ed0d958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.9.2030254850\671377625" -childID 8 -isForBrowser -prefsHandle 4636 -prefMapHandle 4640 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e126af-7597-4003-afbf-43701d7079ba} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4624 20853e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2792 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.10.1607406454\617255420" -parentBuildID 20221007134813 -prefsHandle 4660 -prefMapHandle 4356 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bfaeba3-7f52-439a-bb31-d96d8b400c7a} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4820 1be77658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.11.395123743\1538437346" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {213295eb-125c-4150-b51f-157bbbf17e99} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4660 20850b58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.12.695646468\2038204261" -childID 9 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {024a33b8-db55-46ec-ac56-279d73d64cf6} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 5124 1ed0b258 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4d8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1296,i,3219452051051125868,2978260794893127992,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 static.licdn.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.240.103.52:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
N/A 127.0.0.1:50471 tcp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
N/A 127.0.0.1:50498 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-q4fzene7.googlevideo.com udp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.169:443 rr4---sn-q4fzene7.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.187.238:443 youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.179.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 74.125.139.94:443 beacons2.gvt2.com tcp
US 74.125.139.94:443 beacons2.gvt2.com udp

Files

memory/1720-0-0x0000000000260000-0x0000000000261000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34093141-CAF5-11EE-B5EE-F6E8909E8427}.dat

MD5 b8f7c88fc289022a155a2db1975dd35e
SHA1 4258d60b9a327ef512426da2330a9a2cce1d2afe
SHA256 d81770b50c8335bdcf3c6bd3c4eb17e31f50dc8ba0a1edacffe0a551a0dccaef
SHA512 a3c2a5d2925abb6cd77e17e04760f8054401b13d0ec2902ca6322dbdc76035fe245dd7cc1728942d363ee7468556e6919cc9d77fd44669273d49b21331071dad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{340C07D1-CAF5-11EE-B5EE-F6E8909E8427}.dat

MD5 8b0e2411db192d04b23af503977f6519
SHA1 2547e044f6b44c9dfc958f4d6723fc551d43e0fe
SHA256 b57edab191db8d5a4376339f7bccb5cdaaa56731b58ed9d951b61f03ce334961
SHA512 c6536ad9a0c80a90a31a0a803193d0ceb7e44cd22176293ce658637baa9300a23f71c564208ba3b2d4430368b5f4bae095f88ce2e57ffacb91a4e1fb2e9624d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3409CD81-CAF5-11EE-B5EE-F6E8909E8427}.dat

MD5 09f23c991984845ca90573f05ed88e27
SHA1 e624be2a616ad6153740a4532f830b7a21a7b624
SHA256 06db8d590744114265def7dc01f03321cb688a4fa76d0f3c81bd694e8e62836f
SHA512 e10429f31a64414637a3fc9ef2a84eb9ef2cf96f6858919b08cbcab728e7198bea95aba87ee29dcf0b393cdec9ba50e5f3570817219f0c1bf8a9410417f01213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 ae87f33875e6af9cdf7492664633a9af
SHA1 5f560d5d9ad8c968c604a457af21e8f66c692604
SHA256 c7e00f201617c69c9efe9d4f353e8e2946c8f862ca65cdffb746156d0cfc07f4
SHA512 8d19a1171d026626e37da7cda48038437e6867e340c09a6c148ba0306674e4efc688a9fb12f8e996aabdd3e2af59cd1d1a68f532217c91628fea97a3cf113f80

C:\Users\Admin\AppData\Local\Temp\CabD1B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a4e167a42ee10b78f964d25c8c4370e
SHA1 e44923dc0e9c3bf6b419eab658d8fd341acab685
SHA256 b6d76a81a04758127696d79c2d841d22e62018e827c48dab238c8fcfc33ba8f7
SHA512 e495238dc6e8db393e645ab42327b960dff2b31faa835056a87e7b29c45fada15276de5404eb4836487edacc83f4f4c1c2f56b14969f363c9d9e21d22dd12f35

C:\Users\Admin\AppData\Local\Temp\TarD2B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2d8a999da46617054cc4b768983cf926
SHA1 4514e6d00031d09a06cc4230c8177c0c68eff650
SHA256 ccaf11279ae27ea4264ff86305383ca21af0a4939d6e431f9fbb3b5344b7e6d9
SHA512 8fb1ba7e50fb522850c0fcd7ee220a0ff920787478b035de3c08a9390e2a9b6b460c5e0ef2461796570a00730cac2ce18b507dc510e4deb5b7ed55e4ce795ced

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fc7aae2b522995812957c6c153f0ac77
SHA1 27366538512c17fc99189c22c15500cafc6cb949
SHA256 2f9abf6f29d515b5415ec8586f2e50ea609ad5bf31a5d1d7adaa70cb2b004552
SHA512 9341dc2622045e2ef2eda437f353a7dce0dedb1c64d0802f2ed25607602e11c1cb4c8fdaacf0cd6c417e0d4eaf92a9b66f683db0534edc276fe89c8f18ed09f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a48bc5a32db8d767a578eda4f6598eb
SHA1 4e0e4b472fa3659cf327023bd8fc6fc719b8da00
SHA256 d5977545bcb9809521a513b01d05185a2f7304efb3b8e8bdecf315330cf675bf
SHA512 9b2cba2da8df631ae2afcc106977467aa34c5e376cfbdc5fc8665aa928b6846178da29328539e86f8d0b541fe95921066922b35cbafb808fd29e7dba49b40129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5f4ae779647b397eaa2c4314782cf228
SHA1 1b4879974812aa07c8be4cff17573b520a54a0f1
SHA256 a18f1d4bfa363a1408755729e8aeb1b7b7d714706fb0bd833490e621216840c1
SHA512 647bb13d5dd5c4ef36af85474b23977a212b873fa5a20b0ebeba8088443bd3355835a627df076a203b475e42ef1a347804052878288794d90d1e51daa13f23a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee068e1dc6142af450b3490f9e3a4a6
SHA1 b2a9f199d1aa60a2ef4f708854c2c4a78adec58c
SHA256 ac29f6d5be3a3bfaca92f893bda6d4ad1c48d786c9056d44cdcf4b3b08ee5956
SHA512 5eac3aaf2517d7db36bc49760be44f8ce709735e3f9b4dab2e457d35afff9ee4154a6d0a9a1e234d404731332167175c91e569017d854f5294c36c21ccdc7336

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6ab19e347ca98bc078401430f84c5411
SHA1 52b2a5138318e7f2143b55f5d1f8a2ff167f0f28
SHA256 a506098dc6837e6b2db201879879b9c18eb5a3ea5f34e151c5c58e361bc4c8eb
SHA512 cdd1d876aa1bd7b330cde071a8bab57bab9590dbd3c1d724f717e2345524aba5bf9769bd9112b6ac4921a7b4b098b1fdbc5d8c021e3396a74d9c79e22f754467

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 85e5b61873a5b79da430ef92b2b9e516
SHA1 5bb41c8fc5ed89aa57bf1eb196ce0f1684104917
SHA256 69f2228020289e3e43ade341d03b01c47236b8c9c2b2f956909fd75d02dd1cec
SHA512 1038cb82528ba1aa736d68e34a29b15f8c7f09f2851c20d1271da8b8f13fa8767d5ccf8a22cd918f018354bc919aad3c3e373de1c3c615d6a584551df0f4e823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40b3d675c6e6ef58b50acf962e58d76d
SHA1 501e822a20f97e13725ea59bc8a5c6347dd48fbf
SHA256 7578ead4774f4acfd214941f3e8894599647aec36a3a8b673cdef5fbf6d7101c
SHA512 cde984f9da74e22b1b931ea17543ef39e4abfbc1fefebd39f4f29a2ed425ff1bf01abdde9eb30170b356a639f21c518dcad6bba51b4c7de34ce847b6ff1ddce0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1b730d408f8f8515bdcf6f7e81320f5
SHA1 7323f7355c681df0626d7893de042f96234c22ba
SHA256 2485a1e2a6785e5542b60372db48b7660158ce74c2f0efa3789b5b2c7f5b7595
SHA512 e7f81faa66fa3914e87ebf33b632a4c92d2df8fea4a13b2816408db738565e4bc2c204a8e84b25b04c25279de0efb0717c8d5809e3b5ee0095172e0a4211ace9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b7e81be329accf0f96abd10c26a12f7
SHA1 cd4be674e15812226e4e87a6db81264561b73240
SHA256 31795abfb3f240ec492081cb6c78e5c7471d1048b25ecab0c6ab48b7c3c0760f
SHA512 f63f63603a4fb898e8c9c21b93fd2d1bf753ca78ce3df2ae7b1d99ed46549b3a531005357043c532fc7a5dc6975e37f1052be652600bfe0288cdeaa5bda49660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cdac946d79e622904941a365a59b27f
SHA1 5e6b845aa5692dab64cbb5785d049741542fcbfe
SHA256 b55b90ae74f1495d25ac23799494cb13b31328ecefebc1d2dcbb4e33c4d8c618
SHA512 5d7cf1a35114ff495ffc13063265a15de698b5a17b034661ededf17c7c893409b263954a7720606ec79d129335d8c2afe9f61f5bde037184e34d8b23c0356bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f21257da1e5cb312cf4cefa721b7e979
SHA1 d808ff0cc58d818d6065a21fd8ba18ee83be43be
SHA256 b0108b77840313d1253612b6acec866d053b7bc8823ad5f1cab3322666fa805f
SHA512 f1d6a9366b512d702562afb29e701b16eb59c78f446cd63854c8c774f9a0919588683e7ef00df9f7fe43866af4e874968d2fc6a2783821702055f05cb0f2bea7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 36a682610179e3fca05076e115922fb5
SHA1 b2b27a384c134ef920616df10efeecfcc70387f4
SHA256 90d5cacf9fb2f4a5c6f221244dce7965132ff744de87d99755a559769e120f5a
SHA512 e619aee384c4507bea1efd641d0752e3b3304e6f814be92b4b0a9828e8fe2755591dd439880bacdcfb404430b2be7991b04b08c68e347b5253e4b8d9de5519a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3eda91a50f1bf1a9c203fc6fd171146c
SHA1 a9b1b2e8a28f98b40517a6660cefe7ba92771c06
SHA256 7d09bf67025e30d7f95cab1c3d8cd197b55eeac0583ca282910fe41fb7ffa06c
SHA512 c5408a519e19d64008fa28d0e0a446fc0ebcb9834376e85534227d6362fd980cf4c6bb809fecf283e2f57fa266783f1dcce7da7b80be1db6db1751ed7d1adf38

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7WYPF2Y\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 bc9c18374e2f2d19db8acd0cf7cfeace
SHA1 7666be346544ccfbd826fad6bf42982e04cd3dbd
SHA256 3b66da5acf96d37988849b61fa0ca4301a9f76c4cd85dd80b5706c2e203a7af6
SHA512 3dd8d972bb0047f83cb9f8bf7b5e9a047d51b67b123da1622fa7eab6f25912836cafce36f030f7e51b9dafa380d20e5f08c3c470ffe2c3fd476633d8343809f7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T4WN9IB6\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VH5LQW6D.txt

MD5 a6990818b98fcbe60a7dec846e23e6f6
SHA1 ebca55e6ef46b0bb6d3785fd60bbd01aa972512c
SHA256 a8df3d22064b7c069b7f59feda2fa73b3bf760b64c69d030c64528822f26fc6d
SHA512 b22d30826822a4bc723d8b820380218415e8d467872ad05ce99ed3d7890d4ebf816a8e1ae3b33ca7be4bce3ea78ae804e999ace90d25f22276e57ce02ada1913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 210bae0083b1efd74879ed225f65fc31
SHA1 c53d53c5261d52bfaa30cf2e6c86fbb54bd32702
SHA256 3bba224b4de85a00485a5a90411c94519e3fb1be3e3b971043c069161154aafd
SHA512 615f70e65251759919dd886fa931825daf4e271cdda199293dbc7879008a77e5d7d3617cb960651a916285d928a0d51531ada925788938b5824b3d6967b92344

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 60651476f99332365e2c176aaf8e0eb7
SHA1 ce7d7ae8072628adbc9e024bb66a2fce7fb11ae1
SHA256 bbb542c2effa70dcedcb4728b617b977234b6097cc928b62e720e4a2f286b576
SHA512 2d0956216e29f98a9ef99d55ccd64a86072ae5c50a6b95a85d95127af8e4f578edc10218f2f5f32b0bca875da1e58531836582d6b190c2632ec5b51361b61180

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFXAYWCH\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RKYAA42\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 5330c6e47c3cd87cb96bb2fa0f56dec3
SHA1 6e8ed4081eac436cfcd82c8e42b15e4f2895ca83
SHA256 99ead685e5c37c833ab5dec5af8991cd07de025d7ce3c1775fa8da33c629106f
SHA512 98ad37e369a41bbed558d5bfc0e0ea2768044da73ebb88baa2a2316b79ae2a3199b0f81dd53b4af969663161799223c9628237f1a1ebe4648e64aabc7b114889

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 7a8217806cc597ff273ab31d718aafbe
SHA1 1a300c169c87ce7ab41a3a14503a6d417ab36e5d
SHA256 ac97da75424520f9ab2fa42ca674cd3fd8c428bcd25ff36ef9b082c939c0a2d4
SHA512 c84a5decbb45189694e742b67e6fc75e6bafcc4f49356c9e12b9f028bc4dcf2b47b84613f81255148635a8a60fbb90bff35698ac7aac0aa0a709c8a79952841c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 e7dd7afad0ecd442c4555fd855d73ded
SHA1 58e3c6e5625b929288f98d2110428dbe78ef7528
SHA256 759ae63bed00a9a4ec5a6c9662af12acebf387b9ca2fce0c3e8353c54a9873e6
SHA512 dec01fd92b72f68a1b8a7263ab776ad42dfcd18dee5e8e5e5586e7c1065434885b94163e69c7347038b0e656c920fd1339c434962042a91451e7ed89cc956542

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFXAYWCH\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be3c768fc7f3cb44a1128e77ef8c9f83
SHA1 328081aabf1c7b7336a16ccec99496c43921dfc8
SHA256 bf0f36ed7a8281842ccf5dab444a0cfd74ec4b7bfec3ae7be0d840440bfde020
SHA512 b33991bb7e7d288bcfe238ccc3e05796d5cb85d96c0fa3ebaa77043f57dd4197f1d9b0225f0e363c5eaf92b9ef127d5e0654be32a26ce720ad5a7874460713d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dce7f32edfeb77b25213bef74c60a3a6
SHA1 b185e0cb98732cf27de47330cfebd8aec5de19e2
SHA256 326066c5dc60daefc57d22f5aa496143deb7630223418cfdf250f2a0728e3c1b
SHA512 707a29e76e5b3ae073b4e842e11c80014ef036d870afe5c450fe4cfd38064a259eab4a8080e11350fa942b13137f705ab699f7acb3857f34bce1f070bbfef088

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d694eafeb7cab27f006e40e6958eace
SHA1 37c93216651adba01636c53a55795f429e9ec615
SHA256 1e435c5a58c8126f0cf35052ad4440d885ba22c03edc1da976bdfe3fc486575b
SHA512 9a0adc2633d6eb736394788ceb5c366fa20cbd1d7da6591f677856257344d32af1f2097c726829d7fbebdc39a0448e1dae58ab59c9c23ce86fbbffc45004e0b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 298d7ce7a278be65c026674446b39c2a
SHA1 017235dec5b7557d69fc859e11dc770b3be81b46
SHA256 961e04ce39fcd5a4dc1c93240f40271bb5cacb0594cc6e91ead1547be0e44813
SHA512 69d976b0a95fe1b18473a9c2a5fa0cf0c985007beba4fe65f29c29519b5aaa55b5d22f3169cf476aa8cf10aa2b416f8f1151ffd4e9373a66a3cf0a7ba1350959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62494c4c34534ac31c94b5ce5cbf9045
SHA1 3a2a2d5e87954e5af9ebb05d744ae381095047da
SHA256 d191c89fa99b75f7718c0cc57c2d1ab352d03679a5ccbd7c02a73d8ceb6adade
SHA512 58acb5fd198adff4c8f46ae6d447ba2a8e33993243f694056ba060289351343a4492bf3feb556b1669f596f9877b4cca6b1d3995e18862adad693bd00f15e0c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e05e1716375114f32285abf24e765939
SHA1 8f134aa74f0d05bb7e228ebb1eccad0a5924bab1
SHA256 626306415ea55c1c5c6d528bc90e2573c247d8be589d6ecb708b7ac9eba73ffa
SHA512 11b6b408f95b49e85995d47b059f8d5384a7ae9c14d4aea5055810878331fe5e7efa5f8ec18406d493ee057c116df341d6f11919069ae5dd5247c29385d8ff8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 97b3ae736751a11f7577f68dc55ecabf
SHA1 0a27bc6f76e3f3d3394f3bcd3c624a802b851e40
SHA256 3e730dc0e0890767b66e9a00e0c9cbaead9e70350f6d8e02c9bb798409622a5a
SHA512 47988c17f1e7b2fbdc873f01a7ca00318e43ab47c5678df34140917bf82303c74ac650678ce4783aec1003ca18e08b90d0dbc4b954879b4fd06dbcae92b04ca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98a079cf8f584e8e38818cf1ec57c92c
SHA1 a4e53ff6fa42f227a6249de583432dd3b2583cda
SHA256 d9d7bf0e3340d8b6bc538ff87201a24d353335921481b27632f5d8416e74e242
SHA512 0cab0378fea31d45b51e6ead8b880010bb9a9f789cf5dde6287edacb05c5583a7ee200afc1a8a6a35adb4cfc4932575d24df6cf1f2dfc71062f12e919cd01893

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 793d628611b3503a0d7363d08c367e83
SHA1 53459f4e9c38e9c025a61c45857774f3e1f613fe
SHA256 0cd614dbb1a0330abcc27dbc3bbf6d4202c986fcb7aa6d1ed0060e9095579f20
SHA512 e366aab9fa4a9f627d0a30dfae55be83e26059c0a6c5cef77cfe88ed5e0e949398506a03de3d97a6205c9f76f961d1ca1130f26c13960867849f704fc8b44f92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7397f14286dadfaceb8bc8c2f2ffc47
SHA1 86c326d3186a1904be31c37623ad00600843bca2
SHA256 7a7cba83379aae506af5f15791bd5210d63198d0698007c77a11ebd48e09d9ce
SHA512 2e48c2c6af5b58737ca87e3e3887ae23af45fa2d15cc83e96466db169d15fc63918db1e2f7e25d69e6c800d03190987d0b2a1e39025a6012e64e01bc542cccee

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/1720-1136-0x0000000000260000-0x0000000000261000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\87d06b53-5947-4847-98df-ddc2e3737447.tmp

MD5 41cfa4b86b01b8e22f958c665f993ab4
SHA1 a0deca7b5e32aa8be3168ae9e5e7d348659c8fba
SHA256 2499fee384272deceffa8b0ca852795542421795612af7bd3d5c8148c48550b3
SHA512 a45bd42bdd111cf075d5a0405141e9e56a9f5b3231432073723cdddb47a18b9fc18ab9287d0c1dd53e1cf1da2ff313ce128ef25da2cea4fd3f059f1c837f9823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\501dba17-9822-49b5-bf6a-63711c7199b4.tmp

MD5 bfb140b28d684949fb9298f4716a4788
SHA1 093efb6678059c7b8c4a99418d042d111ffdf0c9
SHA256 16e944ac54e542da021c52887d34de042bb4adfb43f041c65b107e4d044c5332
SHA512 8d4095538052022483735448a47f46f237e584b651fb19435abc731b9b9e7055e9f763ae47a88213bdaa1e0da4c22790612531954d6cfff93f00f4ac8eb1564d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 e64f8b47fc95e04c45eea575fbea74c2
SHA1 b08a235c7c35b4bd05f748cd344606a3c604f297
SHA256 999dee855082b7864230574cd2fba0fa4da77961603d656d2f7c5b09942feba7
SHA512 a1c94849bc11eb9b541b10e7a8bb6176e2510fef59f7ea5a88bdc28e9b970734c3b50d14a48b69a205056cd748f86478924e1fc7fe2dbdd846b5f4e8d2f3bf50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\366ee946-9d0a-469d-b7c3-84beda4fc593

MD5 888aaef8ee850af2c35e8ed1022dcb93
SHA1 8e25d89f97502b0664e84df682bcb26e9e214a27
SHA256 528865c7680f9fbbfd0736f6143e66519088bb2cf1466539e0db4b6ea475a0a1
SHA512 3410b4072e4a77331f72d3a4bef30ecc94a65417fb5ec66964f83cd8c3f379d30f77202d4c3d37c8debd85c477be042a39166b9f46a01c137ab293c06a87f384

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\3b079e4c-78db-4117-9748-671c19405bec

MD5 e574f5b3242b44d18cf8f94e5f6b6910
SHA1 4d52a027de2ad8199e3047c02e4713c662596f2f
SHA256 eb702164d7cc90b96fc4c05f2f888de8c1a09733fd35f0e938f14ddc1c5c773b
SHA512 b9bcf0ebb0ed6e53c9a3aff04ff2d66463970207ec0ba86b8f12d44418534d88b370f306e5821fd1b57728f21b2977844daf903779b949b7ee2688450713afcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 fd0c9ecb9116769563ba5bfc91b3f353
SHA1 e4a28f04da725d56be3b748087ac7791750947c2
SHA256 f548275603c13682ef90f6eda14210fb66a0b0bd58e04b6a0230b5953fc52832
SHA512 d693921216cfd0dabd6c1f7eb8455adc9e6e35b5ab27c648cc45e71baac370f33d0d51d0ae0fd7f807f9c6741f60b8a3669575933a57a59392191c433d8d1246

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a700881629d7d88a309df8bb3e0b04eb
SHA1 9d17d83e8f8ab1a2a17ffbb749a86b20c2204114
SHA256 21acea8cd0e5e6f776b10f6d75991eeea904717ffef8d20211d39082d0175db7
SHA512 300e040fdb823e4ad0e87ff4888f1165f3ae12c098048a0b1b311b64b54bd02de67af110d660e6a1daf4f756b4edbcc3e5d952af39a47064aa418aa031eb725a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 3d11a6dd59ffbb048bcd4eafb0648944
SHA1 70885f75a17088ec75a18c152301f4b08020c1cf
SHA256 97648facf8ba346e94ce7c3c843bf3ba5d9cbbb18a80b92a3a2e6a91a51c238d
SHA512 ce7b48c9c4a3ff38547a71949d3b3d648ffe057b3fb9a35add66994b7a20d46560928edf7b89c8f1419a23632519c9faa5cb612472cc1229b51ee89066e16084

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 b998831d44b46f2b5dd1b93b61e62be9
SHA1 496a9ce4f46fdbca86fbfd95e4b212db4cb80483
SHA256 cbb5cd4227a99b61d25dd4a807fa0cc2d2c5998a6c314c65a5d08cf831c90107
SHA512 53628801e07069e707cff83f20ee879ce3a4921209dffd7e188ee55a542fb54522b03c806a1865432b5c02af5907d5b8ec030fcd8f98df6749d2ac05de0f4747

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 76389aa54962bfc07e9371eb50bccf3c
SHA1 c625c781e387a460fa2a76477b9a2f689c519e58
SHA256 a68228083670d9a4cab3a1ad46709c62558c4d5ff306752e19a3701945eb0440
SHA512 b059904cc45b764cad4e9730b8d079878b590f90366c772bc1ba9413714899b9a3f72e9aab055bdb6e1924c7f60c3318f41319818f760e0965d9179916bcf96e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 280cc807b6c001b33a194bee45ca1b6f
SHA1 0e46f7dfcf4d3d7b0b0e3a91b2c88e9be9a8dbf2
SHA256 e7b8e2aa4479c07355a7bee831630913c7e3446c9944cf8fabeb2ada3cf8a1c0
SHA512 a18e9d5d8893febe278e10d6acdb16ef77c27ef7d9d7e07816f7826f8a65dc22af152756c516ce84276147f7b1cbd16910b45bc6ef0c3bb9b228d48f0b0e50d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 f134079c190fc347f5cd237b1a966600
SHA1 f23239845803d3b620f8f175ee3f304ce82b93b2
SHA256 e30ee743f3afa1c2307a14551c5b7fd6900f16c01c7dfbcdb7a428a7777d4bf8
SHA512 1d4c8cb11f2ae0d68e6cca3005d583fdddc03a70c812697f5ed3fdb1b53d8f6b446071265fe9ce0024a7e9130a01048fd245a641942f9822ddb86db920078150

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 b805c3984a771bf476abbc5b3274bf7a
SHA1 b1fb2aeadc304abf84004e9396b866077bb1d410
SHA256 59918550f9e43ad0a0a90e11b3248e0e289aaf5d8bffa29c0ecae8fa637c4f7d
SHA512 4903c65b471fd342467db1011b2610f475f9cd818f35f7d5bd731c30b8c483873601d2425481cb4d79a614b4e21fae196412d1ed4002b40ca7a5f06c9e1bac20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 7470ab5f22348d6dfe1e28cd94a023cc
SHA1 260211195f24849057966eb91539d647bb502664
SHA256 811c74e3ad2097bb1d92c378f1443125e3659baaff1b5d30a3666dfd51530d18
SHA512 57eec9f57636ef152a2dd7475f8bd57aa26d4a4c0e651e7f2b6a0ff715636d42f42c52846eca023a05312c218d810ce9a36e4ff348673c00e23ac545d01fac6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7694c1.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d3515ce3e46ce9e4427bda380a9ff6ed
SHA1 d05b521970698fd8ee9e94acfcf7d86236084536
SHA256 f6ba1f425df5b2e0e8cc3b862485bac8eb87c68e490ec4fc587544478be1e396
SHA512 1300f3faab7669a43340f15fa1b0c15d1a759cc4ffea278577aae739820762f88abe5b796f586e442e5d62f6cb907c67f4f263581a812e9f34cd7103cdfcd64d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\184\{a1d344e8-2a7a-4b0e-b7d3-07342e582eb8}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\idb\997163418yCt7-%iCt7-%rcefs3p3o.sqlite

MD5 f2d290293724bbd5a67626b3a281e2b9
SHA1 4e591f55db9479b663c26994c5e634a6b9901dcc
SHA256 d2ed07f7f27ac238610634b28e5b26ea2eb54b353d38a2f4eb3e07718d0c598e
SHA512 63ba07f6280c24063c220e656e1e5f1a863a4f297655959f724b65b8b9a4d8b0c8a35fa2d7bb3f007ea893493877f7cf526bc785f3911a1ed25bf5bd051124c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 efbfdd3bda17fc45de3c69d058b551e6
SHA1 28039bd9128bd0ef3e048a39358508de520ef14e
SHA256 acc149c7128a6f6d7897cf2e2d82e9962a3b95bc5fdc47e43e7ea2be983b974a
SHA512 d398d57bf2acd74b75a0a58d5f50505c82dd7d4fbbae6a2974d740e2df293b703ed180d32921e752bd43f732a44d2570682a4f191f1c5bf72a647b6511541cd2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{b54f1f31-4566-41cb-82ac-7a245c0a3380}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 1e90a9e77a655736b42b2354db75e717
SHA1 f1d5b8a54192e559abf63ab5a7b9587daf00812b
SHA256 0da1be9e17fc0c256314c4d2c2ff016e64cef38ea0f7a71ef5143356fba354bc
SHA512 03caa63ddae70dfea6268f8044fae9620f3f564f55a698fb827cb53c99d155d276ea91b3fc4e40d9bb5b373040c13d7a6a3212e44ab0bdf628d5e41166d7b798

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d4b887d90357caae004e61272e6ea8c
SHA1 b2072dbb22ebd27b6a8419f4dbe47effc2ab3fa9
SHA256 f73319b62a719d02637ccedefbc7963eadd984a4e6b42486a220c6a345da39a1
SHA512 0cd3add3105ddb0915f8687d57241c257c56c48fb247a8856dc14693464f8e7bae72ebfca0ad13d3ae57035d74240016312ae43b3fd2c4b08e367c89fbdfb299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c265edb7288d1ee8ad5493203732c83
SHA1 3413c6ca44a4196da3873785dcac718425567ba7
SHA256 b8a0d2cd972c9fff25cdf6ab2d996f4c34b72c3fb65d8ec0bc847bde61947755
SHA512 52810aeb82d1e529f3088553e4475406ddb4182488a4ec4771c6910bed511811ebfe101e121ecdb2734d6f357daf39d944ab5477850917a21b3f01bb12122e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6986cbe69914eb2d3ef063c725e717ec
SHA1 9b3582a5b93bae55a6e946f7197250ad7fc9cff1
SHA256 b0230e7ea84dce308bb4f4a4150c64d46f41aa2efd4f635fe9d555de6e79f6ee
SHA512 e6911380202bba7f15f75702e37bf9cc84d3182d7b84a68f041279d80695cf5bf5f1bee98fbe915291b865405198efc005f1bcf235522c159e2b08cd3ab59d1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e82cfb63f40a5ae6579e375d8b8e935b
SHA1 d285e71e4a8ea08eae56b8fc722caca9235b6c5c
SHA256 b22db443b532adca29953d8a9a1051d326b999122da52a4fe08333d3f9b6153b
SHA512 c5d39ddd5031db466975cbd41f077402b678e8c477ec3ed695e1dd407dfd5e26bf785ce86782a4423671ddab76512b8ea66c4dd8cfa1fc4839748397c211190e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 795bfae8ba55d76fd9ceaeb0f44378ab
SHA1 f3ba7db31a1ca2711c9a4c27201133ce05c519b5
SHA256 d584bb3a1d3f060801a0dd47ddfc152c35e4201cff6ac4033c732ff178adbde9
SHA512 b094ba45f8f4d77125b8b1603bd38ec07a08c19f32db6dde8c4dd66dadd01160cd89da4ef49c82cf9d27ebede8f115691544a662062a41f52e0cfe6dca3ca25b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e44995b08a323b37b6b9404a820d55d7
SHA1 ed5b8e3198c0fbf7f967ffcf57b3b40858ffe406
SHA256 b5e27795e6a73c1ad85be735459862b0c52f62b6759ad395492c74cc231af21b
SHA512 f42cba00e1ea69bca3d6558984436367b09eef59bade234934895b83f2aabaf0c47697a8078a9ff65cd2880d77a9e9fa2ef6831c7bd2b8c0bcaa3d7b263f19a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b75d02334f108a14d9ebd296d89561c9
SHA1 0e7233fa641637c48479619e8a9a9e17d58489f3
SHA256 f2ea9695d9778757a9b05bac9e44b1640702021d17a0ce814c9cbf1d44316b32
SHA512 15e51c8ed1098e8ae69094b2b45ffe8a2b027881b9d16514f5485ad353fc021d4921be1305b6bd8807e54b5dfa79ef2197c0ae8cd3cfa983103276534022567b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 f625655e922be3ee0af543ff45dbc84e
SHA1 4beb194673706ec6a752191ac05545ff72401dca
SHA256 af415a01592ab72f3afd2ecd75c01823a908c2179ddc4749e2c84b815a6de75e
SHA512 36d995c9a33e1887475e1ece226f686a5a3fe066d288366079128fc11079526b5c26246a37cc54ed8ea3baa2f095527b9e10ea149dfde3cfff48af393259a0b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dcd69e36689580089951b7bc7863ab9
SHA1 bd86013fd231445556884d6416bfa218d5948b25
SHA256 41a40d07554511bc08bd0bdd69ecf26a8bfc4c665085eb6990b3194c1771da3c
SHA512 e0136a0d95a86a6ff2a280f06e16a613153fb1e44fc714d550cc338c34f9ea37b4db325f5e4285f49456175b8e657aa2474b1e40fb346f0d82fd5fe62d4622f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b95df1a1-b70e-4e47-857d-f616c8d257d1.tmp

MD5 1cae757fbf3482a25d30930662d23be2
SHA1 138f2e27f2ef097fc731ef6e9adb6fb18f8113a5
SHA256 41a338ea038f438c197af1f525394b563eff23026c53c3fe3ecf80761ed0c17c
SHA512 c5874f7282457ce24527dcee0ed5257c1a43833b61d901df8b376edcbdb5dbfbd54e9a62892a9961f3bd65cacb5d4e1a953ae2ed2cc713914481676627234669

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 649c213a627a3fe363923d75c5057c51
SHA1 9512ca3959f4ccecde984f63f621fe79a7cddb45
SHA256 f86bc405f715bc2724dd4cfeb105e67967ae13f11b23b9f09ee5f6785513ea41
SHA512 40dfea7d4341aea73e1192fc18447d000a2e409268e659f2221caa83d8f3d5d0068c5eb3689590501dba358d068cae094621626c7e80f0a3ab6db5ff2bd461bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9818eb0588290976cf8afb94b25cb23
SHA1 d36987af7979e40ca0e44a22ac2ae421792cc36e
SHA256 1bae01acf5b349837c4906651aa50c7e06aa21efbe4e407d1a043f096dace374
SHA512 f3716bd7def800b9e0e1ee1c9b501da2c078ad39467e9a6d29b01f246725617b95c82f33b948b9e7dcc0f8bb64e205faa59a51863cae22b6c04e71fbf014a5fd

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 f75f3d0781b5772988bb30ddda5d37fa
SHA1 9e8c74b33eef19054a2b0ca3bd3e9ed64aabdfd2
SHA256 428f875b06afb331aa59f2d234a939c93f84e1224ee159a458242462b8d8a9e6
SHA512 3539cdad3a09e3f4bb1281700324f4a7eea6145333ebeb830b1bdd9cffe246e764e071eb71fa9f4c103bf597ca60bc4f4c9c50e4f4611f136526100e3d039f83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 3d70b4e7675f788f05bc9ccc174aade5
SHA1 f181c4768c754809f8bdbfdffab1c919a8b633f3
SHA256 be456ea99d30aa90a1e39f84a82447381ec07c133d588e9358d0955193a1787f
SHA512 9bcd3a01087b121fc74a1e78e662ccba77fb43e18a26bdb9eb78b29d9377beb568d71691c94483fb3414b3d13c426edcb9f9bf658a802668e997121e5964967f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 841f94cb1de9dcf25878673f4bbb9380
SHA1 ea022696349919f08bce3bb08acc24c35204d79b
SHA256 5a78b6818be100b647407c364950180207e2835be5d90981a4b0c10287a11a12
SHA512 adb0a08b8ab68cf23424322ae21e68619c5a8c1cf7432ba386e061c5e81b339ea4e08f9365dec5d296e171923076654ca06a0e948526ea9ebfbfba4bee401540

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f4072c3a9a2374a5b1f754be01f30eac
SHA1 49df756f99b42fce7b328521803d06c7b191d691
SHA256 ec841500b54dd992fd1879ff4364c74991a2d3f844c4e25fe64c07263b6fe1be
SHA512 939f043721fc3b2e73df0a6e463ce17525936e5da9f69753a58c705cf3b1d122d5d91e92cad8223afb38faeff91107dd0611621b6f208fd92d9715e82938ed79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 01a0c47cef66b2adb83979c83d3ca1ef
SHA1 a42a02fb440c9640b65b319251922327c93f80ff
SHA256 0e5c5b3ba0a6b9ef2160efd3441e84184bcbc843853e0a8d6c575b0f44552540
SHA512 53bbb8715f3699218bb75779fb9856df599cdd295cef8ef9ad1620351af460eb4d9dfaf28ae603b36762c5f1b2ffbfeab66b09604e9950815a2b6c8eeab16739

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 151213ed6c6f6e405535279bc0c06d0e
SHA1 edc2d946e405a2c621ee50213a83bff956de33b8
SHA256 0ba3dc4d51a173950c97917231d3c4f358e02bfa63347ba80f4d952128c58ba5
SHA512 53148d434b5453ef009b29b00b9b057e6c69e3c833d3e776deba599409ec012271a7231e23448d7dbf9aa9e4068532ac9decf735c46781331aeb411b2369b5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7cb142c10f704b3ccdb53ae1398413c5
SHA1 aac4734f1868d0903b7136094fa5d8f38c5c2b4d
SHA256 b004ae35601d15d9489188b956f1b28fff96cf7c9488865fcb04c99cf58ca05c
SHA512 f8ddea7642d4b7744896b6cd0ede3fcf7b103535d5de740c1240e9a31bf35b22bf9cb6b46b96fce5ca9ba7ed3726c9fd7c67661a0587fbbc09090252fa4f694e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eb28f2f353da4b12cfcb031b6a77e43d
SHA1 fe04b14a4a4157719a2fc388d81f8256b1662225
SHA256 51652afb792285690aa127e09bb429d167c52faed0d46fc9e38e0e1c577cb979
SHA512 e719322753a024a349413ad860fde3072148e9e1cd16a90b25579d03ffac6b3d10722e9243d351dbb72d26aaa3e09bfa8e3138fc4229ae7abd2ff056fa98941a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 702bcc6972475fcdcfeaa847386c90b9
SHA1 45957f7d4ef58987f602b194baf5b963c63f0fe4
SHA256 10eec9dbbcd3f950b7b46b10bad1860db56d372528006c90b8de8ccd69a3d5de
SHA512 0048e12ed77277cb3ef8540f13d2b6515f9b4829a2200db337c8da4711154e9f09801829165aec66657e3a9ba6f00fbe703482edf76182fa99452776e55a3c40

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-14 04:54

Reported

2024-02-14 05:00

Platform

win10-20231220-en

Max time kernel

14s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d8984fd015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c634b3f7015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 053775f7015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 90b113ff015fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 2084 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 1880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 3132 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 3132 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 3132 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5100 wrote to memory of 3132 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp

Files

memory/3348-0-0x0000022530D20000-0x0000022530D30000-memory.dmp

memory/3348-16-0x0000022531100000-0x0000022531110000-memory.dmp

memory/3348-35-0x0000022531200000-0x0000022531202000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 6136e1e7ad7a076c0448ef01ebc9a014
SHA1 15ea348e32747efe93043924f7dbb8cf36f1bba5
SHA256 e70289158d82635034e4967ee49cd8113a45fb3ddc17bad27bff5cde48faf684
SHA512 5d93e0d869a931502e5d946efd6fecc9c890c3170012307db28419fc8eda7fcfe8597329ac1e35601f58dd57abbc48c9053e12241724e890d7b6e5d52944c92a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f89cea03dbd7b002d8eaac61045e0605
SHA1 6ebd3e0af25f5fd005d3f7a93004b8676ba2c1b1
SHA256 e09c7276e049a2930c013bbef9a116bd4c894bd52ef91b675340454275d4001b
SHA512 74dd55a894388a74dfd1d248302cb6e999506cb79854e4af3074584c7230654471becfa7c5ef7ee2dcd1678373f64f98f599387c253bfd8d8d144a2d91ba8b7d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb8dcd8eff65987e4b4ed16cc38ed8dd
SHA1 2132149c91aaa6a8a90045c17f8ff46b3688fd0a
SHA256 5ccca3ae611bab192afa35d4e5ae53a1fb5d2751990c2c1138a38fbe128a03cd
SHA512 9b4317b3719e57b0154e224fe4983372f1361d4e8a4764550d09307ba1e6024c898a90c1f3992a87124741b97a4708548edbd4298a305bee0b6128ad1d349332

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 91a32ee351527f5652982174abce61f3
SHA1 a547db0fda6e8eb50dbddd6c5e909504f8bd8be4
SHA256 12df0f46da2c51ee4e161d8e21359dc8c777bdcaeb0b7a9ed18df1a5982dc011
SHA512 8e7ead90bd50a37e8108e27793d338497ad8480cf948d6bade3c5a1823ee8852a233f67edb8cc2dd78b557ecdc1b9ef0c05d9442725f4b8b3e4dd3a182826e2f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6ETN7JRT.cookie

MD5 ce76218ac22da9adb330e029a4833345
SHA1 33942f27a892af387fe14240e6dc3b56a498f621
SHA256 300162fecfa7406287a9d2cda3db775f9a5b850bea02c6fd0592831912033e32
SHA512 bf0cdca1fb36bc778c1d7c81b7b253d8b9437c04ad19392de1b86e4aea5a3a56a060c1bf27464aad9e19dfe862c4beca62494f788530a5fc9f7468b1b0889d3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5S4C2266.cookie

MD5 fffa476b030bd511179d17df1fe6618f
SHA1 cd5cd774089c675cddac5d7945a6b9e44cd35db9
SHA256 86122a94df0a164dbc08bedd8575723aba2ed2e9947993fe7c9946e0e11edaa3
SHA512 c048bb7a9d5803218059b5a97c3de9ebff83c668460fd80f44e1f5e6d619f02a110fb6d75c769d4f520ff006466c9e321fd01dfc6afca38a2b7c6b50d200df02

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1PYDVQYK.cookie

MD5 b392324439dc4dc10a70686df1a61dae
SHA1 8f41d29f50a2efe63ed03ce544c3143a87724bd0
SHA256 aed0eee005c73371a74a7988c0f277e58c11570583093f96e95d100bcd009dad
SHA512 accba72424b7fa92f383680be1813e9f6c111ad786710b14f12603670bb18da16ac3da1729ff3fd75b69651f8fedfffab348bc29d3012aaa38668cec48317f75

memory/1876-151-0x0000013D224E0000-0x0000013D22500000-memory.dmp

memory/1876-162-0x0000013D21D60000-0x0000013D21D80000-memory.dmp

memory/2084-186-0x000001A6633A0000-0x000001A6633A2000-memory.dmp

memory/2084-192-0x000001A6638A0000-0x000001A6638A2000-memory.dmp

memory/2084-189-0x000001A6633C0000-0x000001A6633C2000-memory.dmp

memory/2084-207-0x000001A663D20000-0x000001A663D40000-memory.dmp

memory/1880-322-0x000001B4D7320000-0x000001B4D7340000-memory.dmp

memory/1880-326-0x000001B4D7790000-0x000001B4D7890000-memory.dmp

memory/3132-351-0x00000200AF000000-0x00000200AF100000-memory.dmp

memory/2084-357-0x000001A665A00000-0x000001A665B00000-memory.dmp

memory/2084-362-0x000001A6647F0000-0x000001A6648F0000-memory.dmp

memory/2084-358-0x000001A665FF0000-0x000001A665FF2000-memory.dmp

memory/2084-374-0x000001A664A00000-0x000001A664A02000-memory.dmp

memory/2084-414-0x000001A664BA0000-0x000001A664BA2000-memory.dmp

memory/1880-422-0x000001B5D8480000-0x000001B5D8482000-memory.dmp

memory/2084-424-0x000001A664BE0000-0x000001A664BE2000-memory.dmp

memory/2084-433-0x000001A664C00000-0x000001A664C02000-memory.dmp

memory/2084-442-0x000001A664D80000-0x000001A664D82000-memory.dmp

memory/1880-440-0x000001B5D85F0000-0x000001B5D85F2000-memory.dmp

memory/1880-445-0x000001B5D8610000-0x000001B5D8612000-memory.dmp

memory/1880-452-0x000001B5D8620000-0x000001B5D8622000-memory.dmp

memory/2084-535-0x000001A668260000-0x000001A668280000-memory.dmp

memory/2084-541-0x000001A668600000-0x000001A668620000-memory.dmp

memory/2084-546-0x000001A668620000-0x000001A668640000-memory.dmp

memory/3348-571-0x0000022537860000-0x0000022537861000-memory.dmp

memory/3348-567-0x0000022537850000-0x0000022537851000-memory.dmp

memory/3132-586-0x00000200B0000000-0x00000200B0100000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AIBAJT4G\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WF014T1J.cookie

MD5 0e1bb420fac83627fe3cd8debe34b445
SHA1 6016d6baf397211b001c83ba6afa832597c48744
SHA256 19af229ae68bdf1f032ea14762399631a46cdf69514bdf41583f465629421035
SHA512 8d54d45b7d8b4c52f21707ed952b8b53f25692c3144d6c21da6d22b369cf1eb7f507eb90b803ff3b205deefbf450122e0c95308a2222b26469fd07bba7e9b519

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c5af5f34be66b2211c72cfe26b21dead
SHA1 ceaff0a8e17ede5949dd76e71458e1142fe59375
SHA256 d14b20b43331cd0493e3028cd9df26d3bac74cd576558fcdf5e2250686ddb56f
SHA512 bb3d0920e04c20a95558f9fb17c2f4e637ffa6ff165ddce1f6600ced61752ee9b16027b5a547ba7c996192834f130877f21c3bd879ebfcd778acf8283a9e1f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 45191f6c05d47148e4266d7b90c014d3
SHA1 0a84709f4b06ac1beb8513fe62e4966ae0d764b7
SHA256 0a340e44fafb55868a809d5785809ab05d5b55ac447d869da8814eb410f55170
SHA512 6d6832cdb5415af5594e9108b211030d36e71ce3d2b3cf5307c8077e30a0b803d4293a1a9d8e3944d76c3d9d35576868aaf058a6bf3534de8c91d3e06c65d02d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 0ee2cd5b83703390655a8e48008635a5
SHA1 fe175cffde7e9290167edfdfdc33a6e1cb25d19e
SHA256 2a2ac6d51312c5359c2e90562793f25feaef7455a0a51f66d612c29cf06074ec
SHA512 ac56c76ab1e6d40efd5b1d6582dab1f7b9bbd3d371e02261a2cc50d7bc6f8551e8fe1eb9d87f13bab210c0a17bff2b98259e87a2cc0388b80015a6cba5559aae

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M3OAW73B\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\cnv0xxu\imagestore.dat

MD5 208f9dbd015d9ee677d7bbb1eaf2728f
SHA1 9a1be5aa06569fec89b81d54c901701b2c7e8b14
SHA256 b51de12ef4315259d12a0e896cd0ba66445278eaba817c3a9a9651742fe61047
SHA512 3c425a7bd240bdb5379c4e2e286b431e061c131a4b880866546f3032819314f2ffe36694d26da27f81977b1454dd0e477b573b13ad0675eea0b0a2a2ed8e8719

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JMUCDLA2\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/2084-798-0x000001A652AF0000-0x000001A652B00000-memory.dmp

memory/2084-799-0x000001A652AF0000-0x000001A652B00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 80f7c82a8c19395593bf8fdfd77e6b3c
SHA1 5beb25c739b0238cda2b50d458c146e1b12a2f62
SHA256 ee1a961015777741ccb0fc22524937b7686df21f0d6e00796394b773c2034a1b
SHA512 b074e3a9dbdc464ca469525265780a059f0d583f6e489909c6daa980ab06d0fd2ae735aa06dfd2e8148e6c40cbb043a314426d25a191d582893d132daaa252c1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 45fcadeb675cb02c19ff1dc8b8c3a0c4
SHA1 748ed7ae82ac5e758948d64c02ce4c1d7fa7b011
SHA256 2e554c665ad9fd658c2a980956b1f5c533535aa22016c017432ca4b97204b7ba
SHA512 efff74402c22b3a95f9c244ccea0e35696cf156ebdd2f81a924eaaebdbf9e47d72ca8650afef20aae1c96ee07cd38ea455155c7f9d52c7effea2ead2bf385eef

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TKSAWYBO\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 8672f2b72b88e9cbd7a54c4be1f92c48
SHA1 592e831ade6a49038005017d885f63fad65b113d
SHA256 4e2b990487a8eadc49a9eb57106fa2661420d56cfb3a31f2405ac41274169736
SHA512 ddfba4cc4f8a8259010c306fdbddc57fbe58727c9c079c5692dcf5785303a1c3838fad402d55737d0243a02e5edd7e741ec6aac6e9895e2bd981802a8ad4843b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 f1084139ff6e5fc412506b98f1d498f9
SHA1 3c3a9578db3ae3e872e09de20159a4a244cca5fb
SHA256 2f4b9d100531b4781305daa532012b854f50b0fb370231b7f6573d084582f661
SHA512 1682f09017e8a7f735629d19c396129ba42b514cf3b02fdaf73efd5569cfa9f2d0a44b97addfc9406fc58b21166b32bc1de337ac04f1b5afcb764866d72a784a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WFZNQZ1J.cookie

MD5 28f40283cb34980e9a6a32a017758c34
SHA1 674a5608f40c7bd472364d8c5c2fbf369d86d5e8
SHA256 8c798853d954b8cfbda1976c5bd5d7f89f35caa1a173d39f139c600852a0ad3a
SHA512 10fb1d605fecc8710475bf4874f527306cf9fd3a3478cf178c7efda3dc0808a08107704320a15d4d63dc835ed3634352138da760a38c0dc64ee2afd2453e8e4f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89006CZF\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3AIMQMP4\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9X5HDWGQ\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A15NYOJT\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3AIMQMP4\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9X5HDWGQ\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89006CZF\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A15NYOJT\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3AIMQMP4\rs=AGKMywHTaWCUsKtm5JqwWC-A6Bzf1VZM2Q[1].css

MD5 40eaadd41ec9b6881783db669355f142
SHA1 478eb57c00351f8929f763c9ae75092478d1bd24
SHA256 0d0f867f9d727435861ecdb5bcd2152f42f72977af36bac32cb5baf7524e2400
SHA512 7f5e0c57cba7aa0558e07b527da3839932cfa32b5bae49f583881a4072906a90253bba5fa475bee6b1c1d5646d47075ff57b82280c01277cf0a631ba76fe8cff

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9X5HDWGQ\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9X5HDWGQ\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 92a43d1687610c476da12e7aaf93c219
SHA1 3a4dda66f5bd14b8e680aab8597d9252943ce93e
SHA256 d6cd22db98507c28469b80c7c0341a32500fe6bee4df36a334c09cac44a8f91a
SHA512 9b5bb7fc1c062fc9c723c8726a3ec0a5280c6bc61d866eaf08094ecfaa8d4a25c8e05790a10d6e9f5d5f233faffced86d765ab48183f8bc89448acf10a6897e5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 bb7a5514bc24c1d437bb0f0a03d8c5d3
SHA1 e308b962d71cdcfa49f68dd2e5df695eb50e665e
SHA256 a60a90ee8ce6bed3e2a532aef2c5e092d4511d5c89f1746e0cecb79f9720c448
SHA512 4f5a13f8eb0481d46c34b4ddc7a955e80e71b9ad00dc73c0665aae5b6acde5d00b886fa313245bcae0b7bdd9554adfe2d83fc4a521f17b2f8115495d6c4f9095

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A15NYOJT\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89006CZF\desktop_polymer[1].js

MD5 5a63715cf9a753c1262be4f883c9dce8
SHA1 7ed5a30fc39ad757e7ae2e4be85917965890c3f2
SHA256 2462ef877b510b24797947a1b922e973325db38f7fd3828c4a0131326a14bc2a
SHA512 9517b9c902ac9b46d4af6efa642f5a8433a498f72c411f0f3969e511986360a12c9abee2f407fb3cb640590a8048551cbb092a896aba982bc3795155ec330e9d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\89006CZF\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c