Malware Analysis Report

2024-11-16 15:55

Sample ID 240215-fenw5agh4s
Target 197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb
SHA256 197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb

Threat Level: Known bad

The file 197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 04:47

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 04:47

Reported

2024-02-15 04:52

Platform

win7-20231215-en

Max time kernel

97s

Max time network

288s

Command Line

"C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E9A1BA1-CBBD-11EE-A031-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2152 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2152 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2208 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2680 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2680 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2680 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2680 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2992 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2992 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2992 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2992 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2152 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2556 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2152 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2152 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2152 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2152 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1676 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe

"C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6319758,0x7fef6319768,0x7fef6319778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6319758,0x7fef6319768,0x7fef6319778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6319758,0x7fef6319768,0x7fef6319778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.0.1474569239\1049781577" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a07f39-912c-4e0b-a2be-0b69ba4cd968} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1348 109f9a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.1.620003382\1726204034" -parentBuildID 20221007134813 -prefsHandle 1576 -prefMapHandle 1572 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca49d827-fdc9-44b9-b02b-2468ba112dbd} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1588 f6f1b58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1304,i,18240055484415207217,14943857526926889553,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1324,i,18226900998245820617,18167112101035142356,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.2.113704446\1023262951" -childID 1 -isForBrowser -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d454eb3-4638-47fe-b914-6951216388b6} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2388 10966658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1304,i,18240055484415207217,14943857526926889553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1324,i,18226900998245820617,18167112101035142356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2692 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2656 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.3.794831478\1474450735" -childID 2 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed5937c5-06f8-4d43-bad1-c9eaee37e0f7} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2820 1cbb6c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3516 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3560 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=832 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.4.797789564\1262714437" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1018b03e-6100-4aad-a284-edc639b418c5} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3748 192d1258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.5.1073987057\1647016180" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3952 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0edb6cba-9f8a-46a6-8335-059cff84e570} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3860 200f5858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.6.871346991\596848487" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3944 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc82d24-2ce2-46f3-b41e-b40ddb3dddf9} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4120 200f8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.9.609426709\1246444837" -childID 8 -isForBrowser -prefsHandle 4424 -prefMapHandle 4428 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3473e2ad-5deb-43d0-9d97-87b5e424fcc9} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4524 21461258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.8.1351248684\889150718" -childID 7 -isForBrowser -prefsHandle 4436 -prefMapHandle 4440 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e37873dd-bf85-4d44-875e-8baa0d14e209} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4408 2102a158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.7.1337940471\427324518" -childID 6 -isForBrowser -prefsHandle 4308 -prefMapHandle 4120 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a3121b4-acc5-4946-9c62-fdf3345e3312} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4320 2102cb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2920 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.10.1030081260\1869526707" -parentBuildID 20221007134813 -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfcda705-4498-4507-bb7e-40aad85043c1} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4880 13566f58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.11.1501233884\844021449" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4888 -prefMapHandle 4992 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d793e36-30be-4b05-bbc2-55a791128ded} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5004 10965d58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.12.1550051455\2104119018" -childID 9 -isForBrowser -prefsHandle 3448 -prefMapHandle 3468 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 760 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c048e2f-4141-4e68-8cc4-6662c984c0d4} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5156 20003e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1376,i,16850477986462171051,1747675917879163218,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:50187 tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.39:443 rr2---sn-q4fl6nz6.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 rr4---sn-q4fl6nz6.googlevideo.com udp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
US 173.194.57.41:443 rr4---sn-q4fl6nz6.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50199 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 play.google.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.78:443 google.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/2152-0-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E9C55F1-CBBD-11EE-A031-F6BE0C79E4FA}.dat

MD5 4d883e1cc092df9485318590620aa49f
SHA1 4a1a8b081272ca94c5b46852b24f1ebde22a19d7
SHA256 6eaf10fbc599090e53456e90c08dfda48a2d5f12e32ebaea558d7c91f59661f4
SHA512 f42818869a33c4993a888308e782eccd9ca1a4e73ceb1d3abb5c0aed3f4203f78f065faa319ab783128f97341169efa1d64cdf25b51034c279bbb8da28344b82

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E9A1BA1-CBBD-11EE-A031-F6BE0C79E4FA}.dat

MD5 4d3fdc5a2e857c19bc85787a4f0ce1a5
SHA1 691de874d730bddbcb681e2f2c676b9b3706dd89
SHA256 174f1aff58d64d44b9ec26a53bb8f7724686142c5486c0647e46f2dfe855c28b
SHA512 763148967956518446ceffc7ec340ad8030a3ba85978368284cbbce1590fb127b5450d011ac397d3c59dbf44ac204c593fe560bdded24a0ef450c9aa5a30957f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E9531D1-CBBD-11EE-A031-F6BE0C79E4FA}.dat

MD5 efa1aea3b1f046b703bb065f23778db4
SHA1 5b6dff86b39a887f1ba3f99340e57541f9d657d1
SHA256 40fa29bdaf903b0346ddde67a9af6a82a26a920f5b689c10a7dc709a22538c06
SHA512 5e6e5e9f49ab3f7cc73191656f2f9351edc876bd0176941047a266f63d44b1a66084f1b37185e726e105d115a209f134981ef902350115bfa8468e0ea71ac588

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E99F491-CBBD-11EE-A031-F6BE0C79E4FA}.dat

MD5 e8b2ea4aa9ef8ffdad073b05ab36c526
SHA1 366731436e6d0546946388ad99986475a601e97a
SHA256 34faed5f1b75ff68630406a1065557f21e1e2a3663fdf3318fdae7e956a8a0cf
SHA512 d67fcc286ee2186dc35b6e8bc12abb34e9d98c99f24bb289a86232f479fe5b6fda6c238129d5f1426d1603d5909d00e2ee8563aeda682d9dcb9aafda106a4360

C:\Users\Admin\AppData\Local\Temp\Cab3535.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar363E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8410addb22190c066eceab36b21e7eba
SHA1 36ee78dad1a0d4afea8a6875586ce06f443bb67d
SHA256 94a17cf70871816b6ebd6c7aba0cb4462cf32677fc90adb8f23da4075894d623
SHA512 fed85450d57156ab2815ceea481d0786e9fb0926fd143fb6d48fbafa2d231b59bac479c8e2dd22daae7479ca2554352d96bdd288e993e08effe4284b4378a1ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f35f0f62cb093996f4380070b126f6a
SHA1 cf2ec448784fc25c707230d8fc82013c7e62eb42
SHA256 917f8ca7fbaeed1882ad26c940adda16fe95e9a0e460a6963da8eebb958f1280
SHA512 74b795381cf73d64fe20f56fcde008efae581a6d3e988bd013cf762d506767175f3f7a0a16a3269f5264962fb6b896dbabf6587227bdde6c446ebd74145de972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fa7f47355e14458254e96abc179106a5
SHA1 d7a0fd810152cf23e2ec5450743aef8535713267
SHA256 0a204af809ce8a476a75868f9027af838741c08382721877c438438032c8c26f
SHA512 73ec24122ed6df46edda687438e01267910ca6ebc820d6ace907d2edac74324b1cfbd3ba5b2720ffb85cef3b9d406473c1a087542d3fbb6a83cc5d84e6dd6311

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5b2f5a053efa69d303f61073d9217134
SHA1 eb9b1d76e45dd372ce0f6e3cda29737860a8032c
SHA256 f5e93fcdf68b493190e54bbb7560b3f07ca989513c95d6a974cbaa85cc4c1080
SHA512 8abdf4213ae9fb7b5d50ae049cc893b28bd5bee8c1c43572b634d1f26b3392c180c6c64c34a5ef3ef50ffe07fe0e603e36b7412fd64d37fa2b39e64f8df4696b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f002f565d086778ae523192f298cc258
SHA1 303c20a0292105842a24b961cd8c4023df556817
SHA256 cc394eecc8a0a9ad908833a1f6bbd3f02f116cbb766cac38abd77624ce18c15d
SHA512 0bb8e77beb8085e0cb2ee6e068ea0dca8d544579351b6060c66975e1c5b13b6eee149167c595ff078513ce067a12bed9db56da222382d7baf4d2c732a691d48d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d7527e2786603625aa0841736d8bf6a
SHA1 390d241277d771989e1e0e5a8059f85d7c5151d6
SHA256 95da5fc31838bc50314e3753f9a357933ef0245cb653061b01a41e60d973d765
SHA512 fae014f25a30520e00c4dbe4c2eba2de283b701751f0b8d8293ed70720c8a728d329090d7cb08871cecf8468ef67d1c689f8ecc36b68551c2f4e2e35e4425d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 888a693558271b6150f0aa61908e451b
SHA1 79488c1d050955542cd8c0b7dcaf137f0713a080
SHA256 3fa736c3b93fe8a093dc783287f4ed7983768211d742b147f4296f0230458918
SHA512 fbc5da5dda88e95665304afb820961a508266169f2d291da74d1528c62e6db2d98bab5a676e094e9dde802f578bae0097309e2564c3a8b5a95453ce366844d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5a20a1ed376377fc25c3ff8515903fd
SHA1 0ec2c3472c7e6641f80b54d5a344ceb665c8fd91
SHA256 9e6820abcd4e1bdfe37a69aa4f6fce7aa820483fe48981ff663ae054cef9e231
SHA512 792e4c3f5973613bfa6143bec93604615bfc0cacdb62b237a514f0397d1ac23dcff988c0482da2d4c71100b73046ccffb01b1ca199c5873323906ad7d1a3cf13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7a2e0866c7f6629f80aa0584a8266596
SHA1 c3d1341dc7d12b13dc88232d6bc55cf62e1d1609
SHA256 06a450f1b17d404856c86e2548dd707124ad8233298238204b425f9ec3013d92
SHA512 007a87016e4ab9a0978fc616181f833daf4e2d5c2ee9de203d55be65bff5c400a84d232cad539403f11d8e76c03126084282a488ffa44a59341633b2caa8c38a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d01585b3bab7df5e8ab9f6244572d2e0
SHA1 b600cbb6afe78b30597558ca993caeacfd0db96b
SHA256 eb4afd19a6780598292e0189b89942e82c752cd2430a83d682125a32c6a50480
SHA512 d2dc4632f41229a394055ded0cd171709880a2b20628fce43f346198f5749982d401c2782fc673547881038023a669e7c962bf793cbe95faf1dfd769a364018a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ad383afc65d2a128f155636ce299ae58
SHA1 c23c8b36e0adb2c734476ea604342d1aa4bc731a
SHA256 7559abb4fe269fa2e0f43483e1c02d034c5d72c74ddd665ef6ec5232284ffe4a
SHA512 fcd3cb4fb215688baba69b217d62af01f9ab6a7c7a07c92288148298332dbfe87c441307296cac714f1ac4d188e97736fbd90e5de6736c90d6299d90664b1549

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 51130d9f1d2902b87143e1f305df1208
SHA1 f676d96c84fa47a753ba0c5c01c6917f91985ced
SHA256 284562ff942320adef607fbfffcd4e4ba4eea5b173e921c71ded892a8ac46173
SHA512 2c0826bcf2c636c203589d28882ff60bf41e0e25a5996bfa148145858e285c7d989b09ff6591ad9586b563e6ff592c68a4eedc6a435b5aca47e73b3185a53f60

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3O78GPT1\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZHLNR0VP.txt

MD5 be2e68390a7206ed748cf57d8fea0924
SHA1 12d30b771c0eddbf8d71d03262a32ec53ed74859
SHA256 d5fe994b144a19d8de7e4f0ce7aab126e5e592ca7140d4d6adc0500e90a08cb8
SHA512 211f696c2f9e626d2e950aade9ab610e71b2cf477cfd3f54f7f7a7fe8c8682cdb2aa2bc47f684e5aa9c60e5ac23af0de69adf952190f8034bf6d80b320b51626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 a49efc00b0c2133392333d5b9fdb6eb2
SHA1 3eedc6fc572423a52030f205e39324c16f86f468
SHA256 1849c9926b6f556b1c45b114b05f88663c800ad28fb0848032e634f1ce9a4a3c
SHA512 1653e3c591143bd8457297f2f05e1a598f02cccccc728a926ce1440ef11ec2e8fe9ab40125d4dfba68feb70168cb4dd77750d06a73ebf750d80338ff4a0f79ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 b038c38c33d95cff2b22bb97ddd703e4
SHA1 73af1001744b7a5a98e91b3306d4bd905b2da073
SHA256 40627bb43a8f710cd1607adf89de1298ace84d2f80febe67329b9795a6c79846
SHA512 2795740dd93dcf8ba8ed1fa60c4ba792989688cc3d5503bb1ecfb3bd3bc4e31740e12919d37fc3ba92a9cd2076c4098044b5bee4313b459752b01535e42f4a78

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 6383603a50510650fb156d3ccd50dda7
SHA1 d99ce4071b6bebba53941ded6eaf01a4c4257cda
SHA256 62dc4ed54457ed37d5782e35f0b651b106a014a72ec43a0d9fb4b95d360d16c8
SHA512 e5ef360844817a245ae18deb9336298966824d0b430677e673923362296331bcfb78298293102c59e4915a9b61176d550acbfd6cdc19477aed693b97afab9601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b637b542990ef7d06c50356fceee7e7
SHA1 b01aeebb6633ec841295890b5ffde938862db71e
SHA256 ec18cb33bdd277b61b238d87f667983873f1793eeeb9d38828e1ab121e95f1ef
SHA512 44989e6d535f460cc61b520563590a84b0fd7b7edb0fc48edc95490ed9c4988e1c3b0da19e51d300c12e663a3f16b4f96dc3ca675a9bcd989f50e387ad63c922

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1b40b452a8e1db50469fc4189fbcd6a
SHA1 5c98308f9877dd9c47ed2cae5b8e696782a1388c
SHA256 cc0cf369f2d640c893e7e90a080f9c5e26f48185ddf19da1375931b16c75df65
SHA512 17a14ed7794824823d4a0679a6422276cb746909cc68055103fdbbbd46ce43dfb7b93dc3a3eac65a9d4fa2ab3589e7c37257d1b57f603ea1ca9c58f42fa2e167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 817fdad58dee937d8d33479e6b3f2ce8
SHA1 f8b9c54fdad7ed2f4f77db2725e699d8317ac489
SHA256 6daa45684bd6e662e8c88a69ab74c477fd2a13cda2a7da34237ed92a7c790139
SHA512 5e996aa3e21ef30a046180a50c93dcf7f52d4f7a126c5af5794e95650b5b30631167c9b52a877a920365e0a830657c8cdaf0f84b858925f7b5d64b5174d43a34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d1bb6efcaada686873d7a9c025eacda
SHA1 42e46d89374fe23211df0bfdbb1a1b56bab52cf1
SHA256 b53cfb20a163f4612591f5651555abbefdd97be1fea547208a3d3cc2aafff3f5
SHA512 8f642c2ebb71dc6cdf436c2e0c8a841c7d400f7efff8b42a77fbf4c15e5b1758bcfb1c62f33d4af262047e9fec4b0a37ed3e81a7bd483e49f4e91f7c83722c17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ca37b2d462812041bf66bf02cfc4a74
SHA1 982d11d4cfd74719118c8e7de221866a6a6cdb1a
SHA256 69661335ad2885a6aaf224b2a3b4540027ea5f38d9061501e01ec692e7333276
SHA512 9fd3ea1e5e36f5824af2c3bba0de90fbb5cccfe2ee5c1aa036251ec0ffb250f910a701bd93e06995061f1d6e0a55480acc45724141bb06d959bb5e8a6e36410e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ba5720ffc6048191fa57dc5a338a5a0
SHA1 352d23ae2a2cf0d9505ab9e3ec1dce5fdfc668b3
SHA256 c0256cf87ddceba055acacc40afc9c9a7ef612dad4303120c692dc91ffdba1cf
SHA512 269c4d387a8172e83d55ad3d1e7c9c9269c4f09d40a06b04b202b425cef40739702216c812b3599ce0610e5cddcd1c630e9ef6f01223aeb3e68afe65eac7b22e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 becbe1ff6b19fdf44357c0ddbae51ef1
SHA1 902feba86157b0761a206f88917481ff7182b7e4
SHA256 5094abf60b79f73161828154c547c79495bb7ba6403b37eaabfdd96d6614c63e
SHA512 c33605d561e1b99a5a4e0c4e6afa50b01dfd085615ef7a8778eb8fd09e5b3a9e97e27726e5e74e1368b2ff3723a109abfab2834c9a14ba5233f8a1a6753d27b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8895d82b3773f8be566430723ddcecba
SHA1 8615858cb9bd5816801c466fb06ddc851918ee29
SHA256 f261e69540353d42c32f0e316121934d41b723f8dafd004c5788aa468d5f9008
SHA512 4de52300d45cb8cb8e5cc16fa93f83a9fd9bcf08eefc71ae1ab8086d16a02807e18d852324adc004005d5b90ec62f99cd6e82f2832a3eb6ecd1e3814624e93e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6040e44ff88f2c4de74e7d10bf876bd6
SHA1 66017126939884fc1031315230990865b6343113
SHA256 c86ab3efb7f9f3fdd067c7d82bfce8669e0decd5f8621a729b9018cf39708326
SHA512 b57046b1a0c82e7c55e772bac8ba62da058b21377152c67aadbf0490f4b85d6ebff8594522099f951932bd2ed546c617b98d9e4dc0661c7c394c6183791efc6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f700ac085b775ceb26d9bda31065989
SHA1 d75d94b4a678d76739b8e8045ac7fb8869ab590f
SHA256 a7ef4bc46e299b7aea8efa21d0ee2a5490f3dbebc367ded83f529d2cecaaa5e5
SHA512 7e0521c2ca0abc29d473fc3b4ee6085ed8c6db86f7da674bc837c9f15112c6f92967373b2e696615b77a1aca29c358f0548ccc2cb27b2ec23c4e3d9512612a8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1aa521d7d5a2bf2828c4afbc8764bb
SHA1 5b780fb31f4f25ec70d5b1adbf2d43d706122e80
SHA256 661d459d6d60f1652aa6a462afaf9761e30e7141505db61ed6561c95c525d564
SHA512 e48255b8cd74aaa93280cae9e02f2ef62683c3ef5a98683dff9c21619c7296a652c0331372ec4e2bf50eccd54b6f7cf15846b1726415163584b2fc2462255ff1

memory/2152-914-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c6969b129900fb90d31dab364862d870
SHA1 456ceafc86e70382b2070382ef2e42263cbbd927
SHA256 0871a5dcfaa91de843fe3ba6daa4b926de5f84d9072219846df043221439d2d8
SHA512 8ebf456bf06ccf59ea3cb6e508429a7b34e522009a04876288c83985a0046c738fa23786ff6e506d7a8b82ed8a4b61cd741ffd635f793cf4761d789aef57359f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1564_SWMSNBLVMIYZHPJW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9d66542f-7696-40ef-ae5b-8e25343b6457.tmp

MD5 d388a9bf4765b9a43f5bf6357867fcc5
SHA1 92a4b9cce79ce4d0e1b63c4012f7772e378fcb13
SHA256 666501e78b8b75a4fa15e3a97064b357afe48eddcf5bc1566cf4a7672c92d4b9
SHA512 ae2f0d95ac11f99c9f4f7d6831bf49f06b3f5087abc479c08fba13df83aaf346e05c522733102131f56f1e5a5b912207c692cba6e3cab8042f9c5bd8c2e34b59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9395abb1-1204-48a8-8048-bc61a13b5100.tmp

MD5 8a650ad57f8c3162179835bb8a634765
SHA1 b9aef63980f661a9c974af965e3b24524d75b072
SHA256 aa1a9d750adce5b02d9cd8b6c276b4d59ab8472df952fa7625c5fe1868ebe93e
SHA512 e1642ca63742b93e506772a7c7c03eaa7c24ccd7ff312825df27c41d3c2e35419505fd9ff86ba42e9a5c4b99df769bf913e0289127822e5d9620d82c3a45638c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 2ebcdd2bc9d83081ca17915492ca6505
SHA1 3e68c501ae94b73e7251c16be944ee89d7b5dae4
SHA256 d3945ab21fedfa8fd90a48ef442b59756fe1d85a3cb2401d9b074d2245e1dd47
SHA512 a8ab2e08156112a194427f92af77be1db9a2eab7c47b661e5faf32abe6c0cda5134d8bf0f2bc0b36462b96245c47c417754688bd78e4d45c1803045e607307fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6689910eeafe77784b48559cc078f995
SHA1 70fab9da18af0fe3f64a72469215aafb97fae7ae
SHA256 f50bf7ba4f89e79d31b6a3590defbffc68a4f49b337e127647c85b3a07f6f90c
SHA512 93652d2b864c9fc650b0605c4ffa791ba89e0bda5802f58e16b941bdb99e53a057ca8c8358f0e3277ba0ccdcd9ca2180216479907eeac9e9c8ffae3d92f4d456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 1a315ef868f202a2a67af9a66de60649
SHA1 cb867568f0d7f6804e90eb950e02b50a729326f2
SHA256 0820120df4a673a2a595230aacc8982df287b95fc5b92d349d91ab04def8acb5
SHA512 8d3e1ebac71bf49d17ea887fc8deca1383a4ae9817c113e697ceb2174b612600f81aa3716ff2e0b91cd2da8ff38f7a7b3934c73a0d3a587b9a2d7943b516049f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 757c0262f27420d8cd8f6e6dec01bfd7
SHA1 8d267bd8f39a0f4ebcdef54ee52ce304918e863f
SHA256 1546e1f2088ff877b77ea45e15248318ae911a1b016b0ae5607e69a1b0c2b7b1
SHA512 c0b63d16c25a41e6e60c9ff7312408ffcd8d96edd040d7aee84d0affd6cdef6b4742a7fe3183dd89220fe753eeeeff33e2db3a06bad669e3b7922c47ca2564a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 55446767317d9ecea7c004b8557eee91
SHA1 221e938dcdf40405102919312233bc51b66b290d
SHA256 8b387c608ad933a7bd42b79a1ef55d42b823128fd9c5052013dccb1723855a64
SHA512 a2336c65ab778f985cd31bee461d782e8abac3badcf4750ce08e3efd8783b4134371685147a55526ab8cf5e907927373361bccd56163bc89dd0915b61a9298a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 2843a1899cf51414aa6480a3e688e132
SHA1 2f4a2496a3d068c451e1d35c6dbc6c160a99e96c
SHA256 b4af9ab458843ffd18eff92cb96ab08c9906eadb1e60ff67d5dc5b8f3ff1c3e7
SHA512 33aa7e575876e286f5b220d8851c340845f7216707bc909052ab55aa75547ea06d785813712ccf891b60353ac200032eb026a961737b868975a8b7f2968a2df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a7c238dce25564a46cc7e6d012bf9c49
SHA1 d33b30edf99a1d81e586a5b4026bb5f80762e861
SHA256 f7da1f537687f8ec177eda0626e35a55a14efc8f6a2f2a61ab95c7b73587c61d
SHA512 3b188cb38e372443886e2b3df817ac0860f5653f014f1ff97fd530afad8b73e3a32d5db7df62823b3bf20ae087f3cf967112cfaf6bb1ccfeed995195ff80cfe3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\9a23c97c-e958-411d-9e41-edb75c2a51d7

MD5 652b4f63d6821c90eee07a98cd73dd1c
SHA1 de07f54fdbb56a3e7031b419e32d5d0172975b89
SHA256 f1143f07cff450af053b6fb2de413402ab3e9cfb249500585e7e14e452847dc8
SHA512 97d7f36264c79751437166d58cb780682230703c5d9ac124c70332c0fa12d056ddfbede3c03a7662a9215be813abd6738b1c981b9f151e9b177106d47f44ddd8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\fa91fd1a-57e5-4008-b831-8f257f1564f9

MD5 c933ba19cff54b7c3d82f06d02f1ae5f
SHA1 6048cbcb3081b3baa836a2fea079a3664431f310
SHA256 156423e97e8476cee604ca1d4ca543a30d583c9e5b0898c7b5727f665cc9a3a4
SHA512 338d3bd00ef62529670d98324fbf095ef5646e5c70aacb347132f006507859b5829f85c443fc0f6239f959db7dcd70b083074dcadb639855244461aea2aa426b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

MD5 f9f57d85819cf1c8e7ad6ab32f6ca79c
SHA1 9acf8b9352110b79e85c0770b692e2724aab8f2e
SHA256 ded303609ece984ac905331b59d4c6207db01eec0e6c3271e3b7b2fd98e1effe
SHA512 53136c20b8faa7af4b460e85d05b7b55eb7e846cb03bfdcb9579306870991265fa45da27f5cbe925b58fcf0ec167a990f057f293a5cf56cc00f9f96434e7c6ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 be1aadf6c82748bad5d680c324e56135
SHA1 0f1189804221d7a26cfab86d023fe7d75ff78e3b
SHA256 250457a4be807a6d8536e57f4a05449a6219bfef351cd07ab85250097090e884
SHA512 27b10aa37046a7220476a36585a37276d6451c94b8e73a98f2cbd75b1c3c3a2fbc1f5a70a414c60e9f2a19f255e7eb82cb23c7a056f5ff869399024b99418977

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 76ea20d2e77dcd7ea5acadb386348c9c
SHA1 ce6c5bd289c781d3c9d2a099cac80aab09b8086d
SHA256 36da2a3a2e55be7c42dfcc3e2bedaa4ddca13129f9d038b81386adea0fd4e246
SHA512 22d4fabe50470470e4d342ddbb3f89b6bac7505e925e920f579324c5cd33619dc34aa1600175dca242f65ba284b81781085e0b117ef32e6b5a91e3d578fdea68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 7e0de202c165b827e8d3881c3e25efe9
SHA1 e7534dd25e2f189de5683c7c90e6a05fa366d5c0
SHA256 6c28dd1d686d1b91cdc48f4f93b454f8fce5c66fb8542a1b1745093e901a4668
SHA512 26ba52a6a66a778917aef472f4bea9edcc523425c33b97881368c886f2d39684e1fc935e45b85fe71f21d751221319483ee2743ca3109ebce5ccc9852bc52d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 21270dd70506e5ebda35f1e4de355090
SHA1 282dc6f21f3ad5a3d539acb850489ddf96ddf765
SHA256 096478e0849bc82544609a66a6729d9aeb598a88356a8473e4ef9e0a3b1a1ce2
SHA512 ea2340a1838713198c89b11e26636f1b8b2b70ef28bcc6500244402d79df50de4795f8e5dd2b3d826d925ef5e120e4f77b495455d031582df08a4fc70f5a669c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76bf78.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\43\{a5674f1c-d676-41ef-a3c0-5aecfa965d2b}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f2e7790866ec46bae7fa5d890600977b
SHA1 ad90d65b48cb64b1ed4ba8e3e3c4fd2166e49ce6
SHA256 fe3b89c4314f63f5d1e925f696c16a1d2f9b3bb06933e422d724130a621371e4
SHA512 1e2c330b6f7c1bd29ffd07152e5856e65107e2fff4d11d932cb051c57c14487ecd8a1650db49c64f95817817d7391359d62c53ff2de58533bb0dd96dc36f7fa9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\idb\2575875803yCt7-%iCt7-%rdees6peo.sqlite

MD5 eb8aedda5d5025f0e812d6ba2266c104
SHA1 3d6cf4d627370613b82161268347438d10fc2e74
SHA256 3f7cd4b728f20a0946d7118ff3c30e0ecf62bc0a29406b8e0d16090d6e705363
SHA512 49150514d6d57b53ce0e78f33003f8da374d7cbd2ee2df62c03d7103c3d24db179225f68c3acddbe94e3d96f0f17fef793c163da10108172e081190afba9671a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 04003a8b5bb317dc1c520628d4265e2b
SHA1 5fcaa0b0b1ba7488bddc122cb6b4fbc8966c5842
SHA256 6021446cde7cfe27b3efb7fdc1e3ab15e5a710d40751fccae03f545397dac438
SHA512 25092b91496ff90d36a13396dab0f06a93296b8c4b66ea635e32980b4fb2cf8e44327828849ba74b689f676e5f456f989153f514416019c71a72ed38fc215e30

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 16f612700cff3e66f6673f89e234dc12
SHA1 7bbe54a1834eecf2aecb4e36633c26e4b4790cf7
SHA256 18acac6ebfc4e19c5e46fcb5cba7f6a8e2c3df703e7095951a7d23c31ddcb360
SHA512 860966fbf5792239fc5f348a9eee4f9f63d2fc095cb51b657745f41ec4f12952c68b8736b64065345131d9bb7691f313cac750ea6e04bf7b8033d6fe2e41461e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 f1cb8704cb5333ad0ccc6574a3f4d6df
SHA1 3f3f538601a610f5b52bed07d2d54e6309aef49f
SHA256 f8628d6035221fbf49ad8e4c722d92dacd9cf87496ed62859e17b5d4405bda91
SHA512 921a9502d9a4b22613d5c26bd9e4fd30e36edbc38cc8d33902f8f2aab8a05c44aa174ac1746f1ee90a46381c67604ad8546b3d1afbce0814b6d4035c2f152d29

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 8b4c75109483a0309dae150d3506e3a9
SHA1 c3e8942bcb8e2438b5dccc284e831f451a9a40b6
SHA256 ca519f991d5dc6c6e81b5d50617a13f42c17a2e799c2833b03aa8cf78fcb8b16
SHA512 8a09d043cb9b6342da73a6086cc00a2c3af9fc76cd9d3fe239dedc495827c206eb15c2ece5d87132c570b4cf6990fbd285b8fb54dc1dae3838c2e7ff726ca5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 08233d9fab8d56bdf24410a9f83525be
SHA1 352f0cefa82e1043c148aae0f027b7140e2ff334
SHA256 6fbd36ff044fd71f1dd5cd1921ba99fa82207b71418e05c4f35cc885af2af161
SHA512 da0047249b6cabfb2b881aca2d608eb562eb322592bd0d6e3839fae2352e8285d806f26c9aaa7146a78564a452eaf443ef6c35c6d9e80fe3660a6bfa20ab301f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8b2e58e21222438ca2706fbd0836120
SHA1 306262435aff2392ee59e01a431bb950d29bb28f
SHA256 eeeca954b0a3203bed95081c40a19c16eeabfc0f57c0ffbe7b74af50fe469bd6
SHA512 b9ac1ec316f7d5ad9ecec2b571f90867797ed85efc6f4d351475d74469c5791ba453707dbb4cab20e4c256987d8ada4c5fb5efa6c4d0cd3fcbcfcb22081fc6b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 aa2c2619101e286867048780ae2f03d3
SHA1 6dbcc5cfeda225c136bcff74df457fc09a8785b0
SHA256 f8caf0f4ac59f2b7768133ae329be5152bb273c208545c5a9b68c72170f88acc
SHA512 4bc7192a96f214b78499c0f4604d3d39f5ffeee0001d6f2d8ebb318acffbc4c6782095e2c1493bd8b51b30a3099d84662aa367cee1427d01f7be7f8f1986bdc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a22fb889-9d29-4e10-9b55-3051c28ed84c.tmp

MD5 ea456828ada60c934bfa1bead6f069f8
SHA1 96be73cb4a5fd6321bf89f09006160a2270be0c4
SHA256 11aaf6d8bccd5a55615df3f2b02c69bdcc1025016edf7e529131ba7986ee83ae
SHA512 c325ce992523a73f35ce96d807520366859554ff91b4a1c9db2f82ca11943865820061ef2eca527d41fe30a7dc29e5bc78dbba93ad654e2e73410165d49f9f7c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 dd07c9e28111ba582dd17e5a569e9a6c
SHA1 ded62c6ca325f1b04ec59015e36c76b9d6cd9c5b
SHA256 4616da3f76220a6503e3e3f0185aed94757831f136b20caaad1e44ddc3fde346
SHA512 380d1bc5ee62ebdb6004e999eab9b308284d79f79207db103458a78d85df1fd13f48ece8cbceae7107da0c40ce46c0bf9779bb1768b5651555ca89c108ffef54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55d1433b01550e78ec9c5398b35932fb
SHA1 f4ad70b76fb878900a86fa50d728ffaf478979b7
SHA256 afc644924137bf26396d9f21dac446575264c357938446b49fd95e7dee8298ff
SHA512 b1dee2bcb624440cdece59bb4b2da87ed0e67204ab3864530c3e45e429573806108cdc47faee74b94324129e44d14f9519a327b4d42824f5ee0d4a2483ce99d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fe907a8328b3a6a3d44907d814523c8e
SHA1 47446016e07a0460046253a61f5ef861b34c0bb8
SHA256 dd7cc62e4791ca324e6fc71813bcee784b57810580e63ccd0481fee6ca249f93
SHA512 290a7fbe8bc1c0d3961cfb5c6977ea74db84ebfcebda6ec100226d3bc4368a9d6494679219ad13c815f0b1e2b2f46aee71b9627bdcee3e2b63c56d979452268a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51c032b87d30b62f9dfb23facd68d645
SHA1 3902d2b48affdbde04ef12168aefa049bdc57741
SHA256 425d2b29e54c4a8f829d205d1674d596adf78468154a378707b6005f171b62d9
SHA512 0ef118b8b8746c69540121b5163e7034c55cf4d583ec3400a26e34dbeed1bc40e4f8c18683a3d91741798bced8affddf51e5311dbf14c7bee7d88e549a0e3497

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93b95daf36404a6e64590292bd89e243
SHA1 24bc6ea4fd4c80aa8d57551eb08a6f975d0e0c28
SHA256 6148e68962b826e4a43a9bd070851eb8e340ff59e1126fa979aa3f3a041ab261
SHA512 504174266c7a41c5147d34357e1c54893712ed4e219c0bbe06050d37c2f38fdd43881d3a8e894f87bef8b604cc6c282c4a2e63bcea0038b4491c14f3b4dc0922

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bf8475897dca131974905292d5c640c
SHA1 fc8e00768255b68a9c0a39284bbc562cd76d31b0
SHA256 d25b328d212311f60a0691f59bcf4aecd99578b2d53607a8754c55a82694a340
SHA512 ac7c8a8dab8315cf6302bb4d2f5305135970ec299dc1c9807c24a320644e3cbde9a6465bd07e581c482042330bf04ed6506569a89c245809b54afb68f19c29fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02221976f01728722e6d2366afc1fd44
SHA1 7e77f49f37df9d37c22b462a233456d197403a85
SHA256 12691a24057e2236e6d83e5ec33ae780cf807b6301f4d2cfc6dd5c97b4267865
SHA512 d619a1dd953ee19ddcf88ca5ff16cd3a1556248b3d9b3e3618ae1a79d04823451e0012c71a2081d5a4299c00eec8c7e1f715fabffa9ed7e8e1e25a6b35bf4e75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cf7d8ab651c895840422b1df25b22a0
SHA1 8189904956532a8b53005651edab788f7c7d8fcc
SHA256 e95d2fc6a63fd6cfa9b6035c7ce2f4ca73469b5be65962a10e44eed5683f9573
SHA512 f27c56b2ba3dd4dd4cbd5361d229f763cf49f7c778c34b6a71f6286d524548fdd2c2b986679b86458013e7176d1647794e1bd4e22dac5785680266254d5f5dab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 030cf4e7780380bdb8ead544fd8be31d
SHA1 fe578b90f31e87a77cd8373bf3b57b568e4c1b60
SHA256 ad772a9d1bfded9ecd51b497c879f3bfa5f63e598b7413933a1ef4b9d16871b2
SHA512 e0a2a7963e93576773d3a435a41e2f6321916c21a2bd7332e3ab54da13adfadd011862bbbdfd3e8b05030be4c6db97c778861f9f11f1e3e07990ab7a102d8e15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0ae41c1892da00bcdc1097f80f7a76f
SHA1 fa193aee4f79b501c0cefa44de3c45e0684b8cd5
SHA256 1da589af35aa39a8e7a99dd261e9deb6c16c4a3b3bfa8ad6efba842b7650cdc2
SHA512 b5b6266480bbb3c96e9bb7d8bdb250c17441ca84793da5c95b395f3795ec3fa19e151d640dd69a01f8593335ac5a06c433985c73e5476fa17a3bae965c7559ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b80eaf70cb3d9be3d15f1baad3008dc
SHA1 9f60f779d42618161c4f11fcaf53a70d343647ef
SHA256 bcd8a75de3c973254f2e19d6a21add599b867fac2ea9bdcfdbb4d98ab23529fa
SHA512 84fc545b1ae75548d79a858a110285b98ae31b81529a0533181d214fe4d936ec1d2c671375a9ea6e94426e077c32c7966cd26159284bcb52158d11f480bab5e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6f770c921eaaa49fcaf486299f4c8d80
SHA1 999630a58e5b45b690d8403a605ca20e94f99e51
SHA256 7dedb5335719bbaca969fb4bf8f40536d09a9ff394d7ed3f4917dc79e01c5748
SHA512 3dbf293c88bfd922bb52122b738fd01c6e0c1856e106233bce1b464d9503bdc950b7c5185e06db768e38b08e0659c0b566a13bd2e34f11b3bb4a0ff8f5b237f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d760e2ed07b9c0475f1b82e670c1e8b
SHA1 3433536a17a0fdc482e607306443aee43989a375
SHA256 fec232c6853ec265257a59660f1a742b18243a4c774352b1f9da858854f433cb
SHA512 4010032a3d2d64c2e264a6791f921f0fccc3f4fd5489457d60254f37135031107f4c3553dc14f194e3c4f5350331bf2ac8eeb7eb944c6ec5b9234b67ccbbc0d3

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d4fc78f150df91744cb799629114dd56
SHA1 e9a67a68fad856a61c838ac5a00884a7a32e0d6c
SHA256 ab40a61ed31b6aff9af5454e7379ffda89de61f834dc5e0b9800400a727499c0
SHA512 59e46872a0e5ce264e16b8d9085f9250ea50c01d3c99ada204f83a81f134db857c5ccf14e92e4e55633e8602371989878b3a00c2fa5e317ef85b10007c0f1cde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cfcc23dec69cfdc8eb2f2d0f15410283
SHA1 dc26a0250c346cf1aa74e2e2796d1146b9c21a24
SHA256 d8fc3d4ce8a588d390969c88c7c791fb43e9c970f4ced066eef5ef35194c0dea
SHA512 81673a09d7c50452b50620cbfe6d246ac1b99b4eb2633fde1ef0a6ac1dff2fd77f192bca81b52cd9ba1d0acdd7dd80c8f35f736ba46b2030fcd575f9522cfcfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 91a32a09e5bbd29ac4fc9cb6a3c46747
SHA1 cdf06812fa1ef1e5c100e00c52328e474e32918f
SHA256 05a1321ade3e8037899cbea1d1cedb4866be658fe1e30b4744980e8505c0d5b3
SHA512 3a15b558b0c8fd82f3720b3ca0417337fa83717f05a72bde462b8557455c0cde124af2180c94780e90aa4e6177aab5943234cb4576c8dd3612201553752c4356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa69d86891d52a277e9cef9276af8de6
SHA1 0355728991950347e948a5d541fd9bd2075e4285
SHA256 170da1de0ff16fe60c8667047f7750f6af4424920ae562c5a0d1e5a09ce20c81
SHA512 4832a4e341fc8aa9287df82a38b9f7d9b6fb6e6a382b6b6fa381a03144d10664db458ac9043a583a9f03b66bceb1046f717e3015f7beab45bc47e1bba1d07017

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41293fa3954497fa2f6316bc9c29c9ad
SHA1 308791de6ac3fb8bd589d53c9e4c2d5552078d91
SHA256 9d4b274137eddca7f0bd0a0875b14602f62621eef7d0b64df6ec04ecb9b4fab4
SHA512 188536d3dd979cecb89103ed484b5d950ddceacff58ff375c6a2271a6638362eb152a07bcd3d447c3e7addf679fd1da43d64281efd95484a9a6e0edaf56379c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eeb40d6eda47dc55791586b189c645c6
SHA1 0a9550e2edc062fc72b7b91c44c25a0a018d47f2
SHA256 f42b0cb49447e54d86bf312984879eefac043ff8c37d0345fc0ae4bcdda51c7e
SHA512 87a6b1c4e66bdc8f7f053492b04063331e333c8538d074f8ce8015c8df3fecc020c652d77cee1daa47250f9376f740531ab3403626e7e975f16670fd36e7f173

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91f2cf1c50c4bdd1dd2f70c447c1c4f1
SHA1 3f16971e7a1a4d5a4083c6f28c370e5b7fb4a417
SHA256 bec18a3cc35dfbac92e9645dcc9a440f838924db8adb514f81cc08025fa4da2c
SHA512 69c0cb0204adf8de43932b4ac339e61ffeaecbcd2cdb112890009c3f02876ef0892206a10ef18561ea9decf40421c0eec0c699c996ef70ad3a34f6f046122309

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7acd7d3971e377f81dcc4e6a8831f5c4
SHA1 3d1041b7dce7551752a5b61710552685889508d7
SHA256 ecbd68a76f9263b3828cc680c0becede4a3b10a9060f0bcc8fb741344695710b
SHA512 d9c330244212cdd3ae6e5762e8c9e68998ed4c0f29a6eacf65d7a3f65df105bbc89ba9a8d3c46f8c19d346798552d58f246f1c492d06d26d5f97bb0fd61491b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2034aae4a3d716ad3c617615b030703f
SHA1 e4e6de54059aa4ca44b835d4667f92a680773e0b
SHA256 8cf6d2812aaca18dbcb6536fcbe02e0f5cd75f5075bee7a58d706df66cecc1a5
SHA512 1f8cb114ffe6b7e0edb8194e846444af19235f2f5da707c5d870126f99725208edfc42afc1cce5c23ad804cdae63b353a7d40e42441297fa35afdd42a2a656c8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 51ff74dfd72d37f10fc434f78781c425
SHA1 a03cb0177d364b22c7bd60bf619ab44d0adf6e24
SHA256 40a5c7053e0731e07605febf3f0ae895576feb3c896769da08045b39ba8e7bc8
SHA512 e6ab5c62d2f91b1ea5ab2e93a55243c7dc62c4cfab42271cc1846ca9284f9106797f7f0f52ad92b9b70c24312b8c795343a426f37912f689ddd69e23a0cc6572

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c60324dd6ba9826f9176fc111f239b09
SHA1 23002e19be16186a9d1269d137230aafaf76da34
SHA256 99f3e859b1aeae9f9b17bfe92f1937cdc4756163b3e5dbe4757037a7470540b2
SHA512 296501bdb0b7f5316fc1cfceb7c7ffa42cfa5f02bd17c918a86f405ac4c65f71eca66074924ea24961f06a0a0266f9d66b60579ad63802b26698ed96a85dbd34

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-15 04:47

Reported

2024-02-15 04:52

Platform

win10-20240214-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = a0ccfa36bb83da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e1b1cc28ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9b1dbb29ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 910ac429ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4264 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 4612 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4448 wrote to memory of 696 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4856 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2072 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2072 wrote to memory of 2900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4728 wrote to memory of 4692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4728 wrote to memory of 4692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 1788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 1788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4856 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4856 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4856 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4856 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe

"C:\Users\Admin\AppData\Local\Temp\197bce4c05ed951d60ea24acfe8c6546c84b4f50991dc215b96eb0031916affb.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbb2359758,0x7ffbb2359768,0x7ffbb2359778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffbb2359758,0x7ffbb2359768,0x7ffbb2359778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbb2359758,0x7ffbb2359768,0x7ffbb2359778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.0.172503386\122397486" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba6d9cc7-8f1d-4077-9083-2010074f91ae} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 1788 27a9afd5b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.1.379551630\1671002696" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba1a028-30bc-434d-a4aa-f2f2b2485687} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 2200 27a9aee5258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.2.1342292809\2068560809" -childID 1 -isForBrowser -prefsHandle 2708 -prefMapHandle 2836 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70da2756-940f-4aa9-b29b-8dfc785d39ff} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 2812 27a9f1d5158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.3.488864372\103995596" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14713be5-fc70-44de-bb78-8c0001de8710} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 3672 27a9d4f2558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4016 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,2226719597783992736,5363638438148165752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1852,i,2226719597783992736,5363638438148165752,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1840,i,13796096300914385006,4277857151610136689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4828 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1840,i,13796096300914385006,4277857151610136689,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3860 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.5.629767013\1001662406" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f27c70-531b-4ec3-ac87-f23ef7c90f7d} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 4756 27aa1310258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.4.1736666414\554487690" -childID 3 -isForBrowser -prefsHandle 4580 -prefMapHandle 4560 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {820d98e2-c1c0-45a2-8413-ce5d6c01fbfb} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 4576 27a8ff2ea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.8.377689513\379199834" -childID 7 -isForBrowser -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10328ca5-66c1-4cc9-94b7-fad90d20f85e} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 5644 27aa17af958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.7.1444706516\1612010838" -childID 6 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b14213a2-a65c-4ac3-8938-67004e344eab} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 5412 27aa17af658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.6.428542502\125274905" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5204 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45cad2b6-519e-4645-a7dc-c8dac635e9d0} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 5304 27a9c8e3458 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.9.221538276\1530601268" -parentBuildID 20221007134813 -prefsHandle 2584 -prefMapHandle 5988 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {260924f3-74db-40a3-86af-acb1e7be0581} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 2600 27aa0565258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.10.784990565\1999209005" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6008 -prefMapHandle 3000 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e68b2d91-f8ee-4463-955d-45fd4974ad23} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 2960 27aa0566758 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3808.11.1747791393\231084091" -childID 8 -isForBrowser -prefsHandle 4156 -prefMapHandle 6368 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6374347-0512-4364-aa7a-86ea728bb96e} 3808 "\\.\pipe\gecko-crash-server-pipe.3808" 6364 27aa1e7eb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1968,i,901069854349897698,2689841302649832860,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 www.facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-aigl6nl7.googlevideo.com udp
GB 173.194.183.200:443 rr3---sn-aigl6nl7.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nl7.googlevideo.com udp
GB 173.194.183.200:443 rr3.sn-aigl6nl7.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nl7.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-aigl6nl7.googlevideo.com udp
GB 173.194.183.200:443 rr3---sn-aigl6nl7.googlevideo.com tcp
GB 173.194.183.200:443 rr3---sn-aigl6nl7.googlevideo.com tcp
GB 173.194.183.200:443 rr3---sn-aigl6nl7.googlevideo.com tcp
GB 173.194.183.200:443 rr3---sn-aigl6nl7.googlevideo.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 200.183.194.173.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:51105 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
N/A 127.0.0.1:51122 tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.187.238:443 youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4636-0-0x00000202F0920000-0x00000202F0930000-memory.dmp

memory/4636-16-0x00000202F0F00000-0x00000202F0F10000-memory.dmp

memory/4636-35-0x00000202F1000000-0x00000202F1002000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3060bddb6bbe1cbdc965434a050fdaef
SHA1 1e2c223ca7bfdf8cceb71c385b7f1276dd97a331
SHA256 41c33e4fad7da297ab4bbbb36816b4079176cba05ece2b1b1fb2a464ab384d10
SHA512 ce8aaf72db5ad6becad6844122527814e586fdb76a8fca9452a7a92a6ad05cc235a75f870f151cdf34245d78bd5dd8abd8ba7b7104b6436db9a70cf576cd3ef5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d7ecfc1f9dc30259f6e8fdc0709fa212
SHA1 26f31db581bf16a972f97811de246a27a6b7f72b
SHA256 4760b4fe77bd1084c908469d32b0fc3f4b15d4318b9104e3e7598d65d01a1425
SHA512 c16c0075cb874eae0e896d12abbf9f335bdf7d8c8b8104fdba8ed25927072ada214bec026598c65b896a6ba4b083c244aa270ab828fa4940a3dda860917ad317

memory/4264-117-0x000001BB7BEB0000-0x000001BB7BED0000-memory.dmp

memory/4264-119-0x000001BB7C330000-0x000001BB7C430000-memory.dmp

memory/2284-161-0x000002B1F7DE0000-0x000002B1F7E00000-memory.dmp

memory/2284-172-0x000002B1F6DB0000-0x000002B1F6DD0000-memory.dmp

memory/4264-195-0x000001BC7CFF0000-0x000001BC7CFF2000-memory.dmp

memory/4264-197-0x000001BC7D010000-0x000001BC7D012000-memory.dmp

memory/4264-203-0x000001BC7D190000-0x000001BC7D192000-memory.dmp

memory/4264-208-0x000001BC7D1A0000-0x000001BC7D1A2000-memory.dmp

memory/4264-213-0x000001BC7D1C0000-0x000001BC7D1C2000-memory.dmp

memory/4612-216-0x000001FC98850000-0x000001FC98852000-memory.dmp

memory/4264-220-0x000001BB7BFA0000-0x000001BB7BFA2000-memory.dmp

memory/4612-224-0x000001FC98870000-0x000001FC98872000-memory.dmp

memory/4612-226-0x000001FC98930000-0x000001FC98932000-memory.dmp

memory/4636-241-0x00000202F7580000-0x00000202F7581000-memory.dmp

memory/4636-242-0x00000202F7590000-0x00000202F7591000-memory.dmp

memory/4612-247-0x000001FC986C0000-0x000001FC986E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3GU0IU8A\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e5637de186dd98ae6ba604c22556fca4
SHA1 7ea50a71650705b0d9211490a934668532c7d6cf
SHA256 fce06b9f46e7cd1ad577326dedbbcdc42d6163ef4d7e1127b9843221f5180e12
SHA512 c555e87169e6238107197e3bf109c77ab4089eb527215500e6b02d4530e3fb87573ab37d9a44bd7a79ff03dbf225fb6ee738171ab9f075611be4339e7ad4bcb0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

memory/4612-292-0x000001FC989F0000-0x000001FC989F2000-memory.dmp

memory/4612-296-0x000001FC98EF0000-0x000001FC98EF2000-memory.dmp

memory/4612-298-0x000001FC99350000-0x000001FC99352000-memory.dmp

memory/4612-307-0x000001FC99370000-0x000001FC99372000-memory.dmp

memory/4612-422-0x000001FC9DAE0000-0x000001FC9DB00000-memory.dmp

memory/4612-424-0x000001FC9DB00000-0x000001FC9DB20000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 779f0be8d39ddf30cac8674416c6b8de
SHA1 c969a557f1c8e4f7e2be87a220c0825999ec0762
SHA256 d4ff2a9f1db4637657a57846ae34890562bbcce884602efdb8dadcead789650e
SHA512 c8cad9d8bfa59e48b662a17e86b6de135d47e9d670e106431644ad02666b2ba3681ea23bb720443ae7d6e5ddda887a63ae61d7a8ba12e14ad399d9dac4d6b883

memory/4612-553-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-555-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-557-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-563-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-561-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-565-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

memory/4612-567-0x000001FC876B0000-0x000001FC876C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PASPCLHI\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 97e99c7071e78aa9829531a1d0badcb9
SHA1 9aa14b6caed28d191b9d2baf88e96ba6e9d05c10
SHA256 8a9ac467b18bf6c04534cb9b9c1b41ca6cbc636d720389dee60b3fe1285713e2
SHA512 07cc684acc98d3b6d0c7c4150f138742e83605a183419647222e4224a1319ff324c9d9141a1211fd77c7406c353634809c66613617e2d893b9112f603131c84b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\mpe22zx\imagestore.dat

MD5 0e79671943e0be20160fbe2c1de7d74a
SHA1 7738aa28903ea272210d339aafd9337ad66686b7
SHA256 f98c968e61a1f5219e1a8fda0b823123dc9b0afdd34143205dd696d52e88ae4c
SHA512 a5bc77c5457883d9da471730bc620bf69c1ce5f02af4486867d3c31b253351ff2c99ac1411618f3cb33bfcee8124de728fa2a6d7864dacf209f221305a10f144

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\J78RU0C5\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H3ZHSFAK\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ec7e8af369a128b0420805425f5cd9
SHA1 9f179adb5bbf97bd5b8a0744a6b84c3aa135bea0
SHA256 b5a5b8d1cb32f22fe90d7b73fafaf237f34933491ef43e7091257ee585a1fda3
SHA512 f1c86c171524d210450d3de8aad45cc335b6fd1077cd4b73ed8429cd5f04a20350dc83842717e1b3560811df5516968e0d849160e16e04f9137e01ec85036bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YDVOAIYW\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z3Y15JYD\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

\??\pipe\crashpad_556_QUWSXAYEUONPXFQB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z3Y15JYD\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 42ecdf484b0056f3266fc6a296ecc933
SHA1 b3379daf0f1a8e1dd45ff61139ffc1e970013dfc
SHA256 8891347125a0507351e05f7f6835136f17d2564f7ce6ab618681b5bb2611edb8
SHA512 baed21029b7673a17ab692484f94c2eed321098802487336cbd3533e1437b6bfb960f9325b031bacc7ba16b930bf7295314ee180087d62392fd6fbab16e149bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7da3eb4c33ce6bc48af66e1f0ab3b98d
SHA1 c6ed2186a7bae946b1ccf5223761eb8f9cdbb370
SHA256 6846da8ff9f742f1dcf3d01f81f1c5043b74ed6b8127d6d7cf85d1ae5684e575
SHA512 b173b6759df622ee7a20f8fa1f36d47f3f3b74cb27ffaa878f10ee0c9d97804951447e5a266a052969d50f0a293ade5574655db9fc2b4b6db804cf6ceb1b7243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K94W0RFF\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

MD5 da332bf5dab28e492494b8eac7201785
SHA1 6b0f6a4f5013015538a815416ac8298c34198449
SHA256 1c1ea36a32cf59d93693c27328f123f13377daf236a131690eb997f3bee55ac0
SHA512 6feb073a8570d394c3de415f5ce0b1a545ba9d5cbff212ceb406da1c066571a006e7a682287d343f278abec2eefbb02f236d5053a495f2fcf33ac54fdce21525

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\43b7d8a9-efd9-4d6d-a914-c7980a82d875

MD5 c974a25c9a3858a5f134c571edea7a12
SHA1 5bb1612f70e69f23637382726a0eaa76339e8186
SHA256 f1c4e583b388970d7f1606e482680c1e30728059e859e63091481119f03de408
SHA512 c52bb2e9d14a7d8166aab3fbb40ed088d8691b772a3f05adf182809c8f20bc75a6e7b5dc54429386545068baf8e1e8c97a44b07b899f199c320651e38989cc07

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\06d09e2b-1276-4601-8e53-b80b114c844a

MD5 cb77767a8f9c502989c91f21dbece710
SHA1 b2894a937d411de3cbba67224a7c6a044b9d72c8
SHA256 063ccdafa1110e84b0eb5b8b89cb8f0fa462745ae09ebb153d80fd00bbe7454c
SHA512 79ba9e50db662258260d2f9000768c2b7b75c3d7222045ca479d3f1c6fd3775c0b7735930edb83f7ef7c616d50113f9bd6b8e2f18fa543a8b2c564b99c195a9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YDVOAIYW\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\db\data.safe.bin

MD5 a0d3b8625969da50d5da2373d13e6584
SHA1 8352631f8c3146a9828436ac72c23ecbdfc21044
SHA256 da5f9af56bc4d40181eb892ed3cad894fba504c01e90581d11b8103ddc1d3630
SHA512 b9130e495ec5f440d689288f551f3161438344a4434010ec00f4917502243ff8acdb718752be70ccc8d201d340a0ba88c078340fc43fe67a54502d5c8ea7d2d7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5UE1W85\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 124cf6c3cccb543bd21c8ebcf88ef569
SHA1 bda11296e7e7ce9ecb4b07e57efa4b42c5cffab8
SHA256 40eb8fa321896f69a94f3622d8da7db75220f71a81a01e3e2c4eb00c7ab2e3ad
SHA512 f7121bc0318a3118da954d0e705ad012de451b912f51377134534a15fb7b649cc5969fb583ea58c457b04d3abddf80ee59ae3c5ed1cde553b84cf2a4b2e22f1b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5UE1W85\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YDVOAIYW\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YDVOAIYW\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K94W0RFF\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K94W0RFF\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K94W0RFF\rs=AGKMywFTtniNACXuAWHb4uuD8tqS7DsB1A[1].css

MD5 9b88ab640436808a329e30cf8e15829e
SHA1 e109c83350ebaae2378861a495c6adb22e3962e1
SHA256 f96c381bed75afb94c2f9c026291b0276f799da91563b69ad15159bba002188b
SHA512 727391e26d231cc1b6e8f3b13af6fbe349b83a89b4397a535d6d768bc74caaab236370359099ef24ffb269cb6f5efcbdb0479f279aece12b9795aa96c8e9ca77

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z3Y15JYD\desktop_polymer[1].js

MD5 ab1d3ded18d94f239ca05039323888b0
SHA1 310659dfd8cd93998e8d1211c9afad95e56b7103
SHA256 fce6f38cfccf36cf308868fafec5313fe61b43f700afcdaa57eb778c1703e4e6
SHA512 85ebb8e8685f1e795e703577bbdf4b61066dc5281fd81384de421e7ee0a5a4329e8da0c9000f61aa188e11fdd92cf962068123d2f0befbb6c82cabfdb0c19f97

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R5UE1W85\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 fe1a88fbbe5ab9a099e108ab16f0ad5b
SHA1 5146fbb8f53185079036482b360a38a882cab323
SHA256 6fbe354315a859b104a49ece794f29b51b630c29fa16acfa82c217afb04f22dd
SHA512 9762995332513a7e436184b2dc64a23c2baaa9da92ca24bfa74e6f902443c18c39d2d6f399cc1c7595b98743a69e2e783f544f7576ec3c8bd5e3f5278834ba18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 83d6ff177a66fa0ef701cee0d2707c1c
SHA1 31d7efc42be23113e369efa08fdb4774771f4742
SHA256 7a10754bf99c446163f6ff07211d9cbb61a02fbc4b06357b8ac960736a44c926
SHA512 bf3c7d1e17c2e5d41b0f7160f96b47a9cc2060499dd9f424dae1988e45fe8663eb7fa51ee073dd3c7393e16cdfb5a216f56e44ab6bc575af9af9178b5b9b435d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7a93655ec276355fcca9c657e1598dc3
SHA1 8f0588d266722db7f988711976cb13318b061572
SHA256 27f14920b2f8bcb90015959e30bd728928ecb9667e099cd622e46e2861cddf05
SHA512 20ce3f27a4f5bd985f8d3fe3af6b874de62b773a72ef35055f6f4dfe3a257cb4fbe72af73b8d5a881f64485528ee5cf0fa456c65f5e536737c238b8ebb316cd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b0afb129bacf0a1784b5d3830596bad
SHA1 078d5d627d41e376949930700dfa0d66df8fca5e
SHA256 b1be451d6d38cf9575d81564a63d80d14c4dc162f8a68af4624dd9b57d8ac838
SHA512 cc2a650ed1b504252a64311160b18eb78405a0a56cc4ef23818be39f2e2fd6163f028954869c53da6d6f302b3d915400a5833ef6eea71a8cbbce75e1ef371020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 407dab4d174b2f8e3176d44004112faf
SHA1 de8621284e15cb2366e0843d842d388ff12c9e10
SHA256 c461b8c72c60410ef81107c881af7530cf50747ffc98cea983823e197a5db067
SHA512 a0a9a1cc5a0aec0a4ce9d5519c5eb6321e5cc9e55c194ffade5be6d08852a2f4ac8e43fa7a7c23663bbb33c754cc951f4bf76e48a3d231e72dcdcb7eaa254a0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

MD5 8b9f4ffe494f05f868e910bccc22ac04
SHA1 7c9019aa05af1db5051a1e9647a04b26acbbde43
SHA256 7bb54bfb0b7e99f9a3cff5135683d0d07ed25e6d0fd3d77be62ea6953fd3f972
SHA512 08175b77c02ec019c82be0aabdcdf3dcabf993fce29d54ae6f58719b569f5cc18774daad932cdc52ee704029c1028b7084c5a02b952cea70f6f21f4a6d2a1b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b8a1fbcff153004221444d522a71404
SHA1 0a4e0acdc0833479919ec1b960e477655cdb2098
SHA256 521702c6c3de695e7b0b542ddd916dc3d54b3f7e92d1dc832c2ddace1772acb6
SHA512 d038ca824d927acdda6c4444a4f7829c882cfb1c10cc365c31e0b4021982304a288efe8aad34c7cb1d489ea33303c14e6bdc69711d38ee89a047ca3ef30391e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b5e35fc59579341785b57dbd2c3e074b
SHA1 f81a74022c6ecb19147e670e8886357cddc7f28f
SHA256 393e33568c0925dbba6a93d1aa2247bcbd8febba227e6ed0212dd816f30ebd7f
SHA512 2f497c053f0a37be9259f03b7912cb072b7edd8736506e818cf14c8ee905bdf10b5d163408f9e67d9b20058459ca118cb7a857731f452e9808bb91f59b00101f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1TLUKOBH\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\243\{7b73f90d-8876-407f-bf4c-29a0576bd6f3}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\idb\1788940124yCt7-%iCt7-%r6e3s3pfo.sqlite

MD5 bb92a6b16d469a9f1f46ffd83e4ea369
SHA1 3c9e9be2da38cbf38c5c3a7127681d5e7b1e9fa7
SHA256 7462c287d29f29451987d603203e8b66b0c0e7de7582281d1822fc26e1df40df
SHA512 005fd34e891576d2eb697aa1397b160672b9253d55e9b4c7e06f65cfee47bf496795fed29e5035a2715f2eaa8b255b1672cb408a8c22b7100f5db3b4757f98af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c00cff46ffae020677390619a702c14e
SHA1 0fe9dc805ade2079c1d5fd80a8cd0f828af639cf
SHA256 4895bca1423f3eacda6588acd19347913b671581df745b82b607e9e2ff64968b
SHA512 c5243bc86451661db0cada7a19455b7f7062d432f0c605fbc131c1ec6d68e623c86758fb54fc3e179023763f75f1d1cd103c94909944e94341dd49ee8de0f4b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7adc4317eff3679b6e74531f612aba16
SHA1 d07d70af9f0982533e6e470406e983d728de4f92
SHA256 34c7e1a2d4b114603614f7f41208151a039c4cf55a8fbffa9f9b7a028596ad95
SHA512 31759d0e677d0980df92bcecb8c939466367de4ade6266ff21027bcbfb8b95ecd52bd95d0cadefa62b777f707bb2e6b93d7126e94d92af85f0fc6bb26cbc9f97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

MD5 f243dc8d385616cb20f1de901e360907
SHA1 d7fb0399f474a97df09c26f9cd8bb9d8a65c8c04
SHA256 9b718e3d63e63523d39d55ab655f9a7613d8449e8dc0b5d7229106116208a3e0
SHA512 12ae9a8e26c531154062065db28e952132985113b47dd35db0f405e21392968b6186fcadc56e55fbc89b27bde7bad0f4a0ededbceecad88ca8857072e8abff10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 43012369bbbd5febf783818d646ddc61
SHA1 c9f97904f39e7437eaafb42fdf27867c85063c8a
SHA256 4c2da6113fb59d03b86cf4af2e4261a12c3389d82d1b735805beb83b20622325
SHA512 340628eeb457428b3361ed3bc9802237c7a86ea2695f215d20927bb1352431e2fd8a7c6648a6e5c04dad9c506dbd3d05762fc09d74291a746a1033e07410afec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b36d.TMP

MD5 cbe1dce80701e979ed39bd7f6fa4528b
SHA1 f80d46d9664bfdcf71176503db43a8f08dc7c597
SHA256 75ba0296206100df2e4c2bcd29d950fee514089e608db6ef060f8f5ed2873c76
SHA512 41d12c5504d79ba24f58f259b466a066a43aae528347af628ef29ede0c91edd3cb9d27bcdc82f2ad20b5a17ee7bc32ecda4727e391586d57d9c2989f369ece08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a1c9e4a729139de31a67536ed0ca10b4
SHA1 c0d96e3be05d2831b47c430abe85a6acd79c740c
SHA256 84ca0f75f8640d94a5fd1300d00e894a2c00284de43c26997aa44803fca0f529
SHA512 c647e44067284869d6008dda933d8409968d1d834752606b5954081983da4a5c77d0b71d2f3b092f8bce08982097c29129be142be020c74690581581650985d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e929ba65a606ebf93979dab485c7a09d
SHA1 a883ffff3f7b98dbf28cf1b1dbd5525e057f0592
SHA256 1a03755569388d912c9fb801f593af960a2cc19820fbd85b9c630ecad2a21b51
SHA512 c63806335714f110c9c57f80c9d73bf4167f606c57acd10104452f873c43f56e44a44542c954757085baff72ff463c42245efc05ad6419aa11c84a9adc505c23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 7e6f87aa8c6979042209f2d32bfb0b2b
SHA1 5ee3ca8af4484e3828b51bd8d7030a6657fb4670
SHA256 f1ac9b0c4195a62917fb7900d3731284dc612a8ff07c357f14bd568a25ec03c5
SHA512 693ec8426dc2314ddfec8513f14c8c7385a8e40cc0e138e0ebeea3b3d87c27f13886efccce4dd02cfce5984430285919d394f9671db26974a49079e93cef8606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 77935887f42de53541b51f6a55c61e77
SHA1 4e82818b3c6bfae6851d4416d4687a692a1a60ad
SHA256 299b14ec7957cd12ac48afa2f28c5a757f26e1effffcd136d45bfd80b7e1d1c6
SHA512 57f4b1cd82dec0a64954522b3209252aedd0aee09d939e990ca19a72809632ea4095083a2fa503dc329011e70da1dfc8e4a62db068589277b89be0dfb629e3f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 df45f3cb6b023d5b06918edb2e5e11cb
SHA1 cfbdb1bfc096a82a5c86b82934537c50340c39c7
SHA256 2b84cba59de83da2e21fd6ed7e70b0d5ee930cff077dd273bc6c619b69a21348
SHA512 50a6f6f5aa5389291954198c2643bf4203383b8acbc506ce8815d85b8976e0f18a3013a5bfe7202d0ba14c8702248d40e48454714c39c52f9f3afa99d5e5917c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 3eeb71cf03bddcb51e5cd275aee972af
SHA1 81cca089ab26661e10884c0167d98d484ad12e96
SHA256 84162401f18977ebb2e7e755be4766d7dcd79c6360549ea2540c7e7dc1b66b4d
SHA512 e7c6ea479ec55c673bd042a1a738b164c4ab80daa9e23c21b3d74ab24d2ed7dbce089d3b31107a16116a571bedb1712e0fb1ef6460024772fa89291d0a6b5f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 6b5d374a4ce1d663d279ccf754bb6f7c
SHA1 af707c4e733d124252436c04d31d2595e5c91fad
SHA256 2e098e5e7af64c4d684d15f8ec636a9aab784f9e63756f0c5076c48b4c7e2205
SHA512 0c06e635ba61b7ad74f8185f94f9fc6ebf0e3d2b8e0138d2ddd2a6bdffa5afbaf4aae7a34aa2fc4807bc520a1837bb2bbef6471d07c40028844e9703e2c40eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44eb57237afa886ffd6cf7384d19428a
SHA1 4447e5028b9ad11aaf2bb47dcc0b5bc9c3fd1110
SHA256 75ad02b35265c6ae64aefaa0f9629e9651d37943ce0063612dc998e908e77d95
SHA512 ee5859216e271f1b7f6ca9003da552f125c2f0bb941d8072b15e22271bdcd9c34ed0ebfc77a482fbb1925c264d0bad052759c029cb82e79656c32d5789fa6834

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\24\{11441d17-2693-4367-9ad2-818238622d18}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{7fd81823-6a0a-4260-9333-db80582ee4d2}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{3f3adc04-1248-4d9e-a81b-56e166609791}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 c2f230abe01ee62ceff1f17f38651aa3
SHA1 4bce717d05a10997ea238ca6d804061b018e73c0
SHA256 77d19c266ca24db3890703ed1c41e84778b8a01cf93d28a6da27c9f4c2715266
SHA512 4895f11821e3f4914296140e4313ef09b58ffa0ff5792f67f0817f2a5f4727a62390718c354847d213911f84a79025275135df8f59b2e9ad5313be9c5d16c011

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 03ceb96bbca41e49874d5adddbd8f9fc
SHA1 d7692bd2efd14ad693393354b628b62046802861
SHA256 59d0fbf655789e309468e04e0ca53a2365cd434c0d6e8e558a1cf8cb911ad39e
SHA512 4f556ee9716181a2ceca3b88afdb9365f1181cd1bfcc46e066b1d3d38f7de20634b26acd00d0ea42dc6d5775b6fb7820cf306d24b72da5e31d38edae663a31e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 c9c586697c4ba65c71e5973c9b78f3da
SHA1 8ea4448510d127e8e4d48f6c58d9ca597d7c7c47
SHA256 22b23a827dd53ef6956e4cfc0d9243ece631ebfb442fff5751d2e2ebc72bf87f
SHA512 fc1518286ba720d692243f164737233d4b4f23aa3332fc3a6ddbae4c8d3489d19973f24c99609e77ddd1092ef6bd3910bfb2a6bcbd1ff6d37a186bf2703be4b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 dcc76dc5d9d01699cdb4d796f04041ec
SHA1 3444f18d0a93e9b74cbf981e7ed1dc9456a1b0c3
SHA256 ca25960923b452ac866c65be5b0dfba2e0ba62f1662818aa3dc7183479a1e8b4
SHA512 346407db58abccdb989934965cf057a538fd1b893c220780315bf73b3f5194c78cd93bb60d7dcdf3e7f72d77423d0420f305f530e1d7b9f3d72d665418853b92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

MD5 ca897073931c5385b6f3d0c2d7593bdf
SHA1 187aec8e27ba00a50206f419376b76a72de6ddf8
SHA256 833d51a1b25c5779758fc24db22d88ffaa85ee9b6b2f33162fd09bca50e485ee
SHA512 c5109fe58c549f002bf3fcafb4d65c93827ebccc60e78df3da66f302a074f0aa3aef712c12b5b731c09f3766a123d636b3ba2bef522836260f9d464ef9604deb

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\V5OLN1Y4\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 39162c43b324724a30bf34b9a567398a
SHA1 e8799fccaa84ef4eb6730567234aec5016cff9f7
SHA256 6e1d4b9fc85e4d1ec61fb975d84d4e4cd964d719c3db33bb68edbe4006243f8f
SHA512 be676d9361c31446bb1123151030ff6cf119dfb977a478b53059d7547785e8e789a86b6040ed293c6fee8415f32070bf555337daea57c6c9c695d8cf77491524

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 7d1446daed4b6b057dbddde7949524e2
SHA1 a161b37402f32341328ff3521f328a843f215ace
SHA256 58e22e67832895b3dafebf81ffcfae99485f1946c2ffd66f80fe8aa8c41f89a9
SHA512 b50e6a94a85112a9dff82de766698729361e11330d4e9879011c77192b655d2f306d2ac88c2f455c6100fb3caef436e78c243ef1320a99be7ed0b63b22e8b056

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c25c715f4ae50da7a208c34028debea1
SHA1 efcb71598ecb72bf418cea7a7c58b9ce55a7d2ef
SHA256 85aad5a29c60147d95f62bd3f13fa9e67ba9867b854831e8968daa1db585e6ca
SHA512 b565814936158006952b11276e52d45fe6ea614c7801ba08ab6d90c6f2eef4cba4835d0a3dad91889fe2d10a8447e04f9c94f9528afe10e6702cc93b19f79da8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2485fc4ea1c80b4cb2ba627d7866b759
SHA1 35e500b493c257f4285047847026845e9a2006ca
SHA256 44ccc29a215ef38f0fce90a713d306ef741382e4fb1a00c305dee89bcc27066e
SHA512 67138bc112fc0923bf7988fd87b87a22699ff307c2a7b325e03e80b1c785826cca586a1eeb2f78b029287e2ccc8fdb32fef09a1c17716feda86626f6d353189c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f833144d82e5bf07ec41bea0d97d2ae8
SHA1 a3e3503e04a5a97173424afb12d6802b10c65866
SHA256 1f2f550e59b2e9afa184baf6b2b58e2d80ed218e00239b5b7d54a10304c786cc
SHA512 6d9a5d9a799e5aa6e2fba29b1823d4e5432b32ac6c9c08c5645c2a4433117b8530413656efff962b8d214890433b984128d11715da47a9dc02c7a08a90d1b940

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590258.TMP

MD5 b7584e01c723d869d12685281f67f2b9
SHA1 ac03b520511445beb2fca62aadee9abc2736da41
SHA256 ad7370d99d62e1cd9e20a0bf819db9b70431848f90e7a05165caee3ba26b7624
SHA512 af8472cfcebd36c43083fdf83aa80559d8224dd51b47d42ac2e193ffdc84643efd41c84f41b8c772c5208adfa34c567d7acfa2ff7d102f0819cc1a1200502daa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4ce89682c862b6ea83bb2d9366ed20f
SHA1 46dbe6b44ee1d403ed1fbd575edf3dcfd5e14b84
SHA256 d7570f2f521a891b28e77a07e6a80bee968befe64587fa5951ca01d4914ba944
SHA512 8aee950d696f0e3b5064aa283ff2f8c44259bfc48bb3c061762c7721e28b3255525a1fb47ffd2017df11109ec06b2cab294230435e91c2cc70bb0fec113a7e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40f1852609c3c9342a6ab54603020a66
SHA1 575d0e8115e77ec2e0892f563a8e07c6d17dd654
SHA256 b1dc09228993be1b8f95330cc2cc6f57e4873e0030bdf24cefde687f7b6f356f
SHA512 283916b70d711105d848f89bd8a520e194e65d91066da4bda7ed9856e65d2be8721068012d7281671e9bc3c6402f0ecee9875244a289451d053fc204643438ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e505bcb2b83e8690322963f53de166a
SHA1 ee7fabf3687dc0ec453775f60fb667bd4eae4781
SHA256 2f4efcde9b3b65a3e7fc3deef2f14a4fd8627a8aaf1bbef764a9611fb62059df
SHA512 cc7a34cd23c4d7161f7c601cfdc9a14f26e70595719fc34fc12d4d18d0e907811886d5beb58c7639738595be9e0adced240ed04b338900259471a6aaddc9ccbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 69b554f79f334187031f23f345631ad7
SHA1 c19e933f8d8a6635392e2d069f265c2067847a6a
SHA256 193a0adbc8b9119d007054b41beca829e3dd58f6215c42ae2a8c001b45556e74
SHA512 6c390d4341db18f9ea622ecfd3b99fd989594b87825c398fee02f80300e206c6ca67eb1000c0932489d990c84f08790460e08200691bed568af098c1a13b856b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f3247f205ec011c31adb60882a650d09
SHA1 bd24d2d5bf14759558c38fe29d3d72d068c20a39
SHA256 b353d6967ae92cb26fb7bf3ff4bd28cc206ae120cf7db2e69ce927e5e061127c
SHA512 ea9b675c1e34c435003755bac76b3fa212dbf28e5c36e9a79b16111bdc80ac29cdb60e18b410d23790e0f73c1fb114e73e23ef351fb3440e7730884a90ce65d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5dc983068ec8c766a6798b7f41ad195
SHA1 890fdda75c10b48948544e92f1775a2447393edf
SHA256 ba58544096d26d9c52a82bd9f33820d4ee75c12b280237465804b4ab79e7880f
SHA512 7aad11079eaac195b0b98f916d51c0b68f3b160b601937cfec56f7b6e1da1654ef00c8139aaf3220bfbe72b8b635422cf7a906b03715bd107b8dfdc836fa5371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c43c67c447b3a5796cf10e671c33063d
SHA1 523897df936b63c96baed693e4af5d00253c47ad
SHA256 0277e58004057be7db8b543b1c7183e15f2844bff6307ee28334f5916ca6fe8d
SHA512 7f92bbcae025e2b85f2c8a3f2e30ce9e99df66aee91660803d394672a9217c15340beda41953ef498ea92d045185a2774572686cb6cfe16d23b7717cba3be0ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a90914b63d7e15db346f816471155a7
SHA1 d96c649fb2cff9a76a573a47ce66b574ece41869
SHA256 4249952d20cafa809b9913aaae8ee255cadd92f8e60bc364c4967d566f513687
SHA512 2590ca6041e1fbc6c57bc58f2e53fcc6e210a49b0e460b171d4e2e94e5e7ccefb7d59c4733ac535740b02c114e9787d78bdbc98729cd4e5b356186d06c2e0e7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\51b70721-2aec-46db-a8ad-a50a8678095a.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 69204da23cae742373ed8d94c36625c5
SHA1 21a6e53658a4b1751e55c9f352c7b74cea19eabb
SHA256 eb51e7648a54602676a6c121c19da559eff16e8a21f82eb3f1ccf139f5b635f9
SHA512 1f980ca843cc0572ec18cf76be66f73fa2772d3c87e79eeed8faa69d8198a63e75f6aaeaa5e6e450fab11063f173c39973cd17c73fe56e2ad3fb4914fb262465

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2015a106ad9a1a75e18bc835218c3efa
SHA1 269fa8d53870b762801e709c185c2ec529d9af63
SHA256 be24bd2b569ef0ae7bc9130e4eb989ae827aa19ed55ed2d95edf1422692a3b40
SHA512 e40bec392e04b23392c152c642b178236079d431818fa4570058ae50a1d50e914cce623b3a9533ddfa53a88a9abc785acddc76a5ae8294f8d19025050330291b