Malware Analysis Report

2024-11-16 15:53

Sample ID 240215-ffwncsgh7w
Target 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b
SHA256 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b

Threat Level: Known bad

The file 4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 04:49

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 04:49

Reported

2024-02-15 04:54

Platform

win7-20231215-en

Max time kernel

72s

Max time network

273s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9803CF21-CBBD-11EE-A5DE-CE253106968E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0cc266eca5fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98063081-CBBD-11EE-A5DE-CE253106968E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98016DC1-CBBD-11EE-A5DE-CE253106968E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1668 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1668 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3056 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3056 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2572 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 1352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 340 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 340 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 340 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 376 wrote to memory of 624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 376 wrote to memory of 624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 376 wrote to memory of 624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1668 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1668 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1668 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1668 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 1040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.0.1532842946\521006113" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8d3ee1-916f-4399-bff6-1a1ab66e4a24} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1304 fff8558 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.1.1573496914\988284365" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a500423-ae55-481e-94c2-481bdb67ad8e} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1500 43ebe58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1300,i,9683012067316916020,10127430183356588153,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1300,i,9683012067316916020,10127430183356588153,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1248,i,17826273922616501162,3914919525176827866,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2068 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1248,i,17826273922616501162,3914919525176827866,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2540 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2552 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.2.1156207691\1790842690" -childID 1 -isForBrowser -prefsHandle 1064 -prefMapHandle 1060 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b947ca6-0eff-4b04-94f6-c77e45660e38} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1784 ff5bd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3572 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.3.119405448\1415570193" -childID 2 -isForBrowser -prefsHandle 652 -prefMapHandle 1968 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2951a097-738a-4ed7-bbc1-f7941f0b1380} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2564 1bfec858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.5.502136447\57143788" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd4c7744-d87f-45a8-adb2-efd0c2db3902} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3924 1f2d7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.4.865225973\1578555616" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29a52306-7e38-46b4-94cd-02519f9aeb4d} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3652 1f2d7258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.6.2041735752\521720653" -childID 5 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f98781-3374-4f06-b5eb-7e1984cf57f5} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4088 1f2d7858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.7.1201343600\1117946713" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a498dc-d14c-4dae-b274-973dc3eaabff} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3992 210f0e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2960 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.8.241415899\43705603" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4460 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b595ac16-224b-4b4a-ba14-6b642e357cec} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4392 2331ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.9.1907509722\1793987863" -childID 8 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63ba9e1-52fc-444d-8637-ad10fcc97e1d} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4580 2331cb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.10.576782655\776910703" -parentBuildID 20221007134813 -prefsHandle 824 -prefMapHandle 1824 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10fe2616-d3f4-445d-ba64-5d573bbb4342} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2732 12ed8e58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.11.1356674058\831242710" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cec4c4d-cfb7-4796-9856-8b833b5bb2ec} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4648 19cb5558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.12.1519535963\1880432120" -childID 9 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea63e0b3-6c87-4e69-a9a7-14c7ac721a02} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 5096 1e9c3858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1200,i,755144329097392664,3167105457849082493,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
N/A 127.0.0.1:50127 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-q4flrney.googlevideo.com udp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
US 172.217.131.40:443 rr3---sn-q4flrney.googlevideo.com tcp
N/A 127.0.0.1:50231 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 172.217.167.195:443 beacons2.gvt2.com tcp
IN 172.217.167.195:443 beacons2.gvt2.com tcp
IN 172.217.167.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp

Files

memory/1668-0-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98063081-CBBD-11EE-A5DE-CE253106968E}.dat

MD5 7138ccb945216d7197cdc61e4fd9f682
SHA1 a4cbcce8621c95f26909c7636155143169027af9
SHA256 001d09f5d1c3c2dc2f23f40fde94b5ec457f80e46584f4496d25d7c9090da20e
SHA512 89789de4264ea63c677390a2fd891c1529b323277628241228eaf24a3c3a8a24a2c6328762c75ce2ac21cc26f7454bf9c3c9dccbb0e3b45f45ca933fc05856cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98063081-CBBD-11EE-A5DE-CE253106968E}.dat

MD5 7d9395c63abd9875026c4494b752aa9c
SHA1 75dd86c8ed4c4417e8bebdadeb6730fabb181110
SHA256 0f841d84874016abd15d5e408d285225977c8b665fbe7f3c3130da7369272ced
SHA512 1ea74142edf57ebf9630b1429efdda05bf7eea8aeb40b2a62d557382b66106c9e947e6263d6cdd344823fb9fabe72384ee81d670cc635794d5b4e86258524e2e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98016DC1-CBBD-11EE-A5DE-CE253106968E}.dat

MD5 e24f4202d2a1e158b286e422cf490e62
SHA1 53b8ad4797175212141dc5cf17ac172f30afd2b1
SHA256 e0a2af156509e46508dfaafff2cbd4378d1ffcc74770ea86ec54b18137ea223c
SHA512 7b002ab1eb2f088a5e5998c411788cc40a0592fb135d16834a43de81be16a069ea91b37f7d72325b9dfaf58fa8be1ef5e73ea13acc883d4d3a93352858d0003e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9803CF21-CBBD-11EE-A5DE-CE253106968E}.dat

MD5 0692e71b3b6ded0604889e7a5e0a6613
SHA1 0c6331113473949dcd1da6517a0298da70622538
SHA256 13c3301eb2cb1a62f2176021fff7a3b1ec1d9c3bf3c0d040c710276753780528
SHA512 3db36023e3d59fa48372f9e0ac52090214d5dd1837e6aa643b31240699ef4dc8ab053c6d1d7f7fa470129dab8fa2d5e2c9a6e3b9f05167f12cac7d7e29768720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d1703a92904b648dd17c81c1ed77420
SHA1 8085e621d3f8b197fd39af88fcd2b339e61f7b17
SHA256 9025f888114d784bc81e78f4afa2765147a2f72491aee9b7b2185b1e8cba8c69
SHA512 dd3c76b1863ab11e0d2e89d33c49b89f169423354faa495a83c9416950cab77e78e597d77abddd4044ca13903f5a44ff8e5fa1587b2245b3025b831afe604cae

C:\Users\Admin\AppData\Local\Temp\Cab1036.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1049.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c16daff947d6e4347f55977eecb8c0
SHA1 6a52ee1c364589e5c4c67f14dfe2db05b24e4c25
SHA256 974ee293bd13a54dd6cd559223194e0c259f3d6fb54837679dc79f646c560af4
SHA512 dde01234c275948e73e411c31401c2f48b9fc00cbdeb458d641dc500923729a609d42f6bc3c61825051cd1699920cae860377a82ea23b3a8cf133a114b0e5b3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9338033dbba0329248872009d357eadb
SHA1 119a683d731e84da5dca0fd949b4b32d37772873
SHA256 be74485c57962916c0d99ffa678db015b24d25556e6633cdb0854f8438108279
SHA512 fe68df22b868f5e2db7751790bbea6b9428de87498e35d0cbc9a545aac583a6fd4d40d44c88e713e940eb38dd4ba2df2d12d1774fc28e7f638bc2cfccf8ce598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d4dd28e8215fab9f4fc9b1b24c45cb2c
SHA1 0fd41a7a32b5e7cb328084865dddc157a0d42538
SHA256 372dd7f66c9ccd7ef1381229d34cd3299c2b36495f7fa831df80fa944157b469
SHA512 c9cc25e89843fdda9ad2d076d50ce4e1584629620925489febbc5e56987a3c894306ad5bc5dab0b4973c764b1f8a17dbff43c90607464303a11049e2fc7c4e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe27f036b6996596eeaa33da90913d3
SHA1 15ac865152f66b69ca646477a97cecc10b6b58b2
SHA256 2fd1d6132aea78ef8b2baa5fd46007c7eefbe6b6b602d427d4370e3a3cdd60a9
SHA512 8ce5daf0edc0255862f93f5543cc06281ab6336acd02ddfa35f021337222df6cdef37516b0557571a3b9cdbee3480618075f8e4efd19313f6fef52632bbdcb0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d80aa833e919b37ffebaa3b688162d5f
SHA1 c0fee7c92459a1d1db16674749d65f38e7d6e4fd
SHA256 45aca80266dd66517ed0f78205a8fb320d28f1238c89b6c87ef3c1abe7839c14
SHA512 ae06a9ffd2a5bde1a0d0bb528bd0147ba539e2ce73ddd8e3968bf8b382e1d2151ff031d127430c2d91647472c562619c7879222d2de6d81ed7a6cb3ba29e6382

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 a9d106d10d84e554a19909606798f912
SHA1 4d78f76c3b8a1882a384bbd60d170e27e4488c5e
SHA256 19b65fa985d6a0ef63287be6d5214a26536f0f1cc883af442025378d0c22b0ff
SHA512 502b984359e341fce0a5d6744b8bb5f385c6d2815c4d91d088e328b0aa5793ce839cf95f22611013612e85044be3cfed58408500b1929c11edb4737d08307ea1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 882f571e8f111813d790b8e27e98e04a
SHA1 671b140444402bc59a2d7aa300aaf3a6d1a949f5
SHA256 b096095c0d32bdd25f899c07338e2c63518f2322e0866b70c5fee75a9fa82f2a
SHA512 a6ddad956a8283e77bf74f48a8e89f108b993c6d5b7d9b959c9bc65d3edd4d3ed0b75225b713211089cb405f375074813af4159f3784f4d4d48512210fd885b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 1248d4093bd2b70f8f84f56a310a2e88
SHA1 b7fc45cccbe14b3164062aa9862075aca15f8a8f
SHA256 968cc129dbee52ebe6d4e1fd9835b26b739fd69465c144a310619deab29106ac
SHA512 51cf1f4bc9345fc1b0e96102c8a30d20e81cf0ac60610db93fcf07d079a835c3fafdb1ef133972e9d9d9d460f38b28a36261fc42ab3a564d4d6d43afa1b681f4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WBTT7GW9\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YVG8QT2L.txt

MD5 46e0264f89d67255f05a4b041f9514ec
SHA1 bcef11ae72b6154a1eaf9a94c3eb3dd7bb6e5c6c
SHA256 9dfb55c1d13a2d5df97721d47a5a2bc90ac1dd0aaa128eafa3024a24e7746508
SHA512 5d4dd5f1094448d3de21c53e4067d7592bd9450a6395b040a4a5b4e3255ef7ca7c005ad13faff3d307152e823a668933c6294ee145ddaf18d3122729625999ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2544a56b5f1d9c7d60990ec04aed11b5
SHA1 02480500dd3c361dfe8431db9c3fb849d8055de6
SHA256 44fb643346f8ff77aac80582639ff8926f0926929e72b316dbae86ac8ee80681
SHA512 43f75815e28267378aae4de75646b10a9769039497244ac872addf9f84f7b9f9330cc1b16b52f61042b96623644a23391d8ed74799cf7fc6ef2f2e225192bbe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 29df995ed054dd1cf92313a158bc8154
SHA1 95b4e4c12b0f99c03bb8f3e62e59d1aedf4a55c3
SHA256 2975668ab0845d801f6adfcb068dd3b06469c071016bc59aac460f7566f3443b
SHA512 b004f6c3f2175172d5ca8930012e1c2129c1531d54bbf6efeb194a1ef8ed62cbcb84d9b1cb3a7fba3deeeba65c8d3f4f9f3ac9cdcb7f0fc8f2527169fb5cbaa5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 af1e72a3abecb39c46d36e1a93affb5e
SHA1 ae8aa38950095d00cd39f7295e9ec885574154d0
SHA256 d0243a918c7a2d8aa2d87ab1df7c02953e79aa8ab677138ad9c30607ab01d685
SHA512 68b01cacb6e73eb503eab3a65eeec719e1814612aadb95fe20965f7b81d0fdf555b0db3bf0f19668d18d092810b8c75b88ad004a45363f6600ca40c00ba63f17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a1b5fdac4a59eec3e9a63877732ad9
SHA1 51ae713ca1f556a7f729d85f439138a31c65b216
SHA256 37ecc6f603a93aa9919f2351952f837acd4e721520ffbec0f413dce7ea2a3cda
SHA512 7bc070435b2e71ced34755dbd85d78710d747921dcd0cdcb339f30fcce468b3166f001aa4129e364401f9d56b98e7a14d6b4eba4c0258ea9e73c115c13f1faff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1df2b514e506c1bcf73ad83fef9f50f
SHA1 6bda25e68dbde05a13a1a4d3e5362680485735cf
SHA256 4005e4dc57972c0dbd2085d0f7ec288d9fcbfac92fe15d51c3f8f66c9e66da37
SHA512 024d6d0f91491cf031e774b652793eba7a8f0bcddaf60738a80b93b3ec1b4b2c73c07d49f51cd1c6e3279cb2d5584d38f22a8e83f5ccb4b9b22681373e8cebcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 318efe87e9bbba4e261dece95284e906
SHA1 a25f78039b9e807b73d51406ad60f5e05bb8e89f
SHA256 6a49f15bed04acbef6c89c87a6f216f4d6ee7f678af668c4045c5733bf4b5370
SHA512 7634db358e6b4ba00013dff538d320b8a0ac2af7b1da896c1aeb1d56828e64d05e7df38f443e23d98ff1134e85d6df221be27a21ad628c8a15a58714bcdde743

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87df43dd093c4991fc54d02142999635
SHA1 2ecf29ce7f90e74c34112f54556c02e7b039388c
SHA256 e35358e32eb2caacfae3e4208b52e741da6a6f2ef9cdb9468a2cc30382af0254
SHA512 1eef12739c7b14f3af0159ee21b0fcaa79cc73c1ad865690869a05d7f400df7818effed9ec890fe9d54309154294314a946b8e404fbdbfc70195f56628423d92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d7fbda851c8aed0bd689de84baab57f
SHA1 ad3e6b767ac26588bb3e7ba2ccb68fe6b68e6d95
SHA256 4701ccaebac7ff1e8c8aca5cff8cef23e618e3d903adcf32b01a624dc37a138c
SHA512 1d8588d09b10adff09cbe4275b8f0cc675fe9f9e37dcea88840d5e542599591a598e03b0a9e59fbd0e2cf5e380a01258c4409ca8bff12b6ffa950b4cde3ff062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6a3121edf5d135f8124932f93d0e16a
SHA1 04aaba2cee07a84004fb5fce70738437d42b6f05
SHA256 47208311c5e4c3cf771e4b862358ac39f8292eda8dbf9eed0eeb282640825e02
SHA512 fd7a69b41ccf627285a6076e3c2c79f92645f26f7e42435c8189ed2d2d34945150c2315d69549f0bb6863b9f368e950ca192c896d53cd65f2b40f8295575012d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07cea91054bbb757c8384a1ca84b9337
SHA1 fee7b7b37c78f1c760ff9caf8ec4b2cbd9af852d
SHA256 2a6ecc7069060aa50e6b1f9dc5fa5eecb4983b9a09af38b2ce0e0e66b0c8ce6a
SHA512 a40a30228f95c602e6ae24c187cd125c65ad25196dc5f5751b70a4f5fb6925ce07deda8d582c12fe292dbf51d3ce6aee58178d4ea0cb2c09418f116e946710ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9c42cfc7ca431e809de76c07eb69224
SHA1 662431adca1164f5792b15d79533ff112d558590
SHA256 9c606561e65007cc9daca005874f10a518dcbaf6dc7f6c7ba397e99bf89515ee
SHA512 16d21c07cf4ab96bd1d27146a28d22fc84b76ec6140300acb595cf769d125f173a41c2d37f32b48c5bf7461f39945f7ef2d8e8e403e31a7048ec2075da74e6f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18c2f487a5f2840b3b71cd4401cb2f29
SHA1 0bf4646b9a9c5a3fc1da0233a3a3ef1244a5d2d7
SHA256 2b3c35b675557ae6b47ba3a98b3c7aff6faaa74fa08a5fb657e11ebfef8a5a22
SHA512 14a303158a1789fe42c544208e02bddc79a59f125f5ad31baa12aa41adf98c1365294f8f5356d9b576c9d855a9f24afc76aeff59b8104835716dc05ac0d3748e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e8691187fdaf577a187baf20e19de4f
SHA1 95928423a01de9e0a4952eb625f6fac20811b922
SHA256 231064e2c61de3bf9a3b794e53b9bc57df60fc50ecec61d4941bbe107f00e2f6
SHA512 66f1ad47d39ebc829a92022f8b48849e3a693b390145de1507461e4bc311534006d35783ede40a0a9c6869881c3a52e43d24c499b43f39cdaecef50f229fd929

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee178e68cf77db2c28f71885017de8f
SHA1 90f516e2e381db80a3d1fb38b51ff7645a278733
SHA256 ba2a32f4782afd0e77b42f557a5e8c895ed296427458292800fa47e33a236b83
SHA512 b4a31001f77464f2a431bbeb623c6fb9a8b0db33363e049a9cc07c2ca57ffe8a7d15644b584bd59c7be1f31bcd0dd178d7fcd84a397fe88a716bb587e2353320

memory/1668-825-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2124_GPDEQVQONONTECUM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\73921e4c-acb4-4ae1-8dbf-b0320d430a79.tmp

MD5 3b3f9ad279d7c6c97b4f367548c43595
SHA1 b181f28159b7da7bf0eef83ce7789462cd8af7da
SHA256 1cc3b046c12cb30b29f834bfcf8fc5be472b7e045f9d8933eb91d0a5bffe493a
SHA512 b2e28516830d6f172ea24808a38a607291339ffa15c0ecf445ec7a10df8cd5e0e16153287900359b2bd4af2a4c1fb174f63e472b332d3e8002e4a1db7b134b90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eff9429b-a39f-459e-a234-d4518e9006eb.tmp

MD5 d85d56fbe57fcf33ac8ca9a050912b84
SHA1 363c0e544ecffd1bd7879ba7828db265502d1fb3
SHA256 ddb8390b7ebe37042f6ada8aaef47610227c7d12bdd64347984e41fddcdf0b32
SHA512 1dced03e997d8cade9093c6113076fbcd8972cf853c6bdd6e0416b631b29153146f142c0b8ea59291ae3a4c86abd2ba9b41af5892648645a30a70978097658fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 55446767317d9ecea7c004b8557eee91
SHA1 221e938dcdf40405102919312233bc51b66b290d
SHA256 8b387c608ad933a7bd42b79a1ef55d42b823128fd9c5052013dccb1723855a64
SHA512 a2336c65ab778f985cd31bee461d782e8abac3badcf4750ce08e3efd8783b4134371685147a55526ab8cf5e907927373361bccd56163bc89dd0915b61a9298a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 19ebd8af624c3f7d992cedfab39ec430
SHA1 fa066d48ee2806d09178dc3f963ac5a4d1503dda
SHA256 43261fd5888191696e68c1a31ef24ec80fb670b56f6039e6aa43715acca6aafb
SHA512 3c962997bcdadd3eda815cd41af1e02c12d3387cee396dfe6e6335b83cf836b312c97cdcf77d2448091a2c83635813bac1c95f0685f06216efea6aa0bbff2167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a7c238dce25564a46cc7e6d012bf9c49
SHA1 d33b30edf99a1d81e586a5b4026bb5f80762e861
SHA256 f7da1f537687f8ec177eda0626e35a55a14efc8f6a2f2a61ab95c7b73587c61d
SHA512 3b188cb38e372443886e2b3df817ac0860f5653f014f1ff97fd530afad8b73e3a32d5db7df62823b3bf20ae087f3cf967112cfaf6bb1ccfeed995195ff80cfe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 454ab4dc40417c4df27d10b1affb851c
SHA1 6bbb82e2c1a55eb6b521a5c250492baafce9948b
SHA256 591343b51dd3fef108374ad3c7bbb2b9a03064d4c33aa438a0c089ea3418b519
SHA512 671f4dc72100814445d1b27c932770f7e03b979c05b501a7f3d3d70240b244c69e5a4ed997b012aad393b5fdd2360ad5700bb63c460a48d346ef1c1a541051b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6689910eeafe77784b48559cc078f995
SHA1 70fab9da18af0fe3f64a72469215aafb97fae7ae
SHA256 f50bf7ba4f89e79d31b6a3590defbffc68a4f49b337e127647c85b3a07f6f90c
SHA512 93652d2b864c9fc650b0605c4ffa791ba89e0bda5802f58e16b941bdb99e53a057ca8c8358f0e3277ba0ccdcd9ca2180216479907eeac9e9c8ffae3d92f4d456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 77b196158b847c341f1b71425a10b42c
SHA1 9d5b931279bbc7dce9140df06257740e37aafdee
SHA256 99973324e02099347cf2366134741ed017ee17fd5a0bab9bafecaa0b5561cb2b
SHA512 b63c9ccd5f6ca0d4e6beba1c0b3987b103c4cef7b840622b30cbde537ab2090476c98eb76f221413dc878cf377f695b42ef346d81be30d7b077bf18eb1d40908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 ee78cea1e376a1ca393a996533394cfb
SHA1 0de90513d8753bfbe951c9bb2bb0959b7e427de2
SHA256 7c6397f6cf3b27c242d4464e816f11011217404e687992ed11a77b72aa59eba3
SHA512 cc5dfe61dcfd4d77345c6ece069713a60dd1270d81dd576d31b56c6206dc2a5438158146b34bfaf1e2b6b8cd5af46e01ae29ba5e9b9d8cae00cf3fa1503a8773

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\a5291f2d-d874-44c6-946d-891210c8f7f2

MD5 1b1c2af3e0718a6273883145168658b0
SHA1 a5e52a1662201cef553165530581692b5de0ea3b
SHA256 34cee8c825d36245b68dbd26ff2b5a1481f0a38cc4ae5dd3a71794608d71180f
SHA512 dc27eab2828349b637afba96c781fa7e681c9b6be85e94befdc05b7f3218a90ba528f924fc130691754337714fd19ec39f0dad7090255df7009fc1304b36679a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 c02a421b2cd28f85c2b1de43f18fa2eb
SHA1 d8ff9ae3ec6362a9ccce007e1d3debce251a90d4
SHA256 b276d330d2a048e0ec43b359f41a94fa1c638a546abc83a75365fbf5f3dc270d
SHA512 01e3696b3397796a0818ca116dd026b6457d07df466391882f014300da7bd4442343842129366be0a1b574efc5fda214a1ba63141a5f7fde9db58b6935ab3caf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\b81d2f35-af61-4793-b063-883046e3370e

MD5 99e7392b0cc5bbd31125ebc9a004f440
SHA1 a1c78eae30084d1609e13aea08b81a36d618b685
SHA256 904f1294d82daaf5b3f11261545ac4ebe22b7cd5bc7415aa60a1f16f081d030d
SHA512 304f4d6b9a1d4718501454e307de55c4785a6cf51b4d92751936e0254251e0e3506f01339deec8be98e12583516b7950fcfb5dcc9bd9f97927109839c5e4e965

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 cda3dee25df42cb8096ee08db256eae0
SHA1 191955928e1e364586150ad5d84440253f8df8b3
SHA256 a8e56b84281129060eefae55b56a997be10d29c9c7105e9a3a0d97d25aa4fee7
SHA512 48a75e6aceed65266ba80689b01515fe2b9e8920160b8ed2d8e9b03328f083b7af999a91268215e4d43c62747a58a0d179628ce5b8082e0b242f0c79dd63b49f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0a464bdbac79207439f6e31aaa430911
SHA1 e08ee1efa8ab5aba1bfbddbe7bd6d06ed65acd21
SHA256 87808d02b6955a264a1c1eb834b00bae4aab09993d1556ca698f0e8822fa4182
SHA512 23561c3cf921cd1b8607975f97ddd11e0af02cea80c5b8813afb3e73994244bbc3f46c93a1634e54e61cb767f7804fbd3c18f911592b565a07dab02dc29796ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76a1ac.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 108c3a728cb45de57999e3a44072788c
SHA1 b146ee93d3ed7c33177c00b15b58d9ed798ed1ae
SHA256 dbbcf4ec32254ec8821af5f71c09f66667a928459b50504aa28cb33c8d4c62d4
SHA512 6473b00c44b1a4cb7ed99d25e363b58075f91ea7f95829fc21fadf84fce2240f5a542567049186ac6f4b4733292ae7b8353bb608336a8586de6705e9212e3e59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 c365979a72354c9be853f5fecd0c38e7
SHA1 0c92c2166249fc7fd31cf48aa7d8d574e1045c19
SHA256 13e0badb658c11c096692ada4a0791d7fee7420dacbc23b9c45e29dabe45e7a3
SHA512 47af6a7887178b84755aae97488b40eb1ea8b8832114d3243f74a527eb849ef9a66077d8fc20abe9b9dafed17828b519203a2242c0978d4e3bcc87eeef9c6095

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e2a389defc4a167f3fc187bd22c1e549
SHA1 4058a660174bbb8387f73ffd7b699e5a1d016904
SHA256 d3dbd08eb07ca5527e2a3f686011d0e914950ec8160640b11510bf1d50cd9641
SHA512 267048e3d92206e39bc7bda286dd65baacf50f801eb238c6e7459f242fc745797d58eb4e452ea7d5fc5a779cf4a2c026a9bc79ff76bb4d3c46be2b3c63b83836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fa5dadff11172403686698173f80fed2
SHA1 95b05a8588a338c62968d7c16d01e17be4371d7a
SHA256 678cccb39b5b16d8eee824c95df46c8d37fa5cc9caad3d696f7d7469b5f95bf9
SHA512 43cd0109170348ab10316620de8c2883cf03ec11bbe48e4de0f9fb953338cd41346d50a13183f4f3dd7854b82d89976619f9d7a4826ce5f368e7c9f33537f681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 42e11bb96c7052ff00d137dd6677e996
SHA1 f6f86171e922d8bb38bd8b68ba5f750e8ee7818e
SHA256 6732be9d2ac0bdfa50848dbc9511d64894c8598d0d993c9c95a7c7205c9bcbcc
SHA512 e4c4f4e03dc369ef71c6bcf52467cfee42ddad7342eac456ba384c1bf3bc812327ed2efe2e5e3564ceaa37bf2e6dc35c3440d96ffbe88f7f806d15af5fabdc26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{59692ce0-040d-47ae-a7c2-6e3c440fecf5}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\3345305960yCt7-%iCt7-%raefs2p3o.sqlite

MD5 32b59cf974e0a7ef1cf12bf22b2c083f
SHA1 fb2a1a75921729be596c96f6fa2c0fdc4b825f0c
SHA256 1250997bd48209cf495e1cffb48498957b1bab44b31f41e8f11de92f24c26765
SHA512 f586cebae4f0e1fcb7fb5493f964ec96086c21fe63777e60cbaac1d96e282d8d786e135ecb72b24ff0c382b4b642a9fc2657b2f28c9c88f8f88b87a3e1bd7052

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 70177880cfec028b5b83069d3223553a
SHA1 8590a48506d62ceb20cc562a5ea21091e51c5120
SHA256 90b03fb0b187bdbf955aab8c9794ad2919b3c8682b6d7e27aeb9012aa861d32e
SHA512 78c852cac8f39ae14b3f6d9491b6dd0b9365aac75205895494cbf52872a606e768d16bcac83dc4bb9649388f939333784beb44563442ab38d075e4e0ba498d92

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9edaa195-695c-43ed-b4c3-c13ce63d8707.tmp

MD5 0c90a858a9fd10464fbe806949cd3e59
SHA1 8b37fd1ef55b91689b7d275a8fcd4b28d9b2ab08
SHA256 304084cd5173e8442b16f2229fac0c555d0dd080022341eded8f241829eabdab
SHA512 306373629ebdd0224e0ef599691acfd277730f3e46d958bb68012d4496281acde05487f22ab0d0419ced8934ddbb41d2319e0c7b295eaaf654b7eca781de07fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68ebc0cc1cecb317b29e611747ceaa8
SHA1 1850c0c560c8b634de352efaee4f0c52d5a2cbe3
SHA256 a1154cb53b130220a9dca686235528ac82c74e80adb9f0b5f48a9c208fa0fab1
SHA512 4d7078832fc18c76d61b93492c90fdc89e84697cc2f85258fa68506abd6062f42646291c3f4fcce713d4892d5ae436a998ed7fd7ddcbfed019e1cfcd097078e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2537768c510a49e91c604192be0fa9b6
SHA1 b2fc7614674e5dbd7d284f43803bb000d5ca3420
SHA256 ef9a7e824e8f13a3160f43a9d5971b58bf9ae5094e17325f050191b170f874ac
SHA512 75523289072ee895910ac8940cd2c7c836b4e750ffcca24931075fa06fe8dfb675ee84eba5220cadd182383faf4ed859a23aa8715eb0b0cc8698346ab0e64f3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 86b82d2ac7c97e2085e1ae9636499315
SHA1 d4c54254bd987ace49d5cdc70555784cdd06a494
SHA256 5fe7dfe0703fc036423ace4868c42582f42e3b8b3c67103b370c9420e7bf0a4e
SHA512 8a4dbc29bb3bb5e65682befd4fe9221b126b6c2219f85ad0601961563c69559920b26e71839a683e8f8ebc813c95c0f7ce560ba9efd0a71b99a154b7afed3cbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 e7827e2ee73bef6967ad3fd2eda8b63e
SHA1 10dc06ff20a41d7a276bc4f89934f37f64076969
SHA256 4bfe276e4f496e3225e19c841869ad81b54e7c72a35c3b64e9e83c2a1b96272a
SHA512 dbc66e12b4526d5de1e9e4bc5264e8d3a39068b34d4036e092d23deeec1e47a7c97a51702872142d5a022a7631aa186866ed8761a65ac0b4eef69d06302cbf21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a00219c0b0db1fcf8ce1d1238e81031
SHA1 4a7f25c22a785dfb3af7e1392aacbb88cd890ca8
SHA256 bf3120f3ffd61464ab72042481d3f90c998197aa01ea29ea130461a33430c5ac
SHA512 306e4770db01e2b9a3724d7ac6c5bef7b2e36e5a196422c9de32b4b10b9158b7727b6fe8de1d501014406c8f9e04fd1fca1c27f6ff6db489cefef15ec7f60afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e861635b6ac6d5caa0dfb9193988f5b5
SHA1 a40c2812859592112caca51b5c148a928c019f5e
SHA256 27ffa966fef7eaad45a8096c2c8c39dafc12ee15bc1f1754e82757574512926b
SHA512 9c043202fb25a4cb8d0dc67b4df033f78fcb7b6194a3fd268c403cc34adbbfb033de200c972cf3e1038f292a827a6863f1a031b6fa79f4ff8055477e9203fdb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52e12e998845a63d4e7a24384ae8e9e
SHA1 ff4546da2f2595f0564fac5925e074483ae2cbc4
SHA256 49c960802b00c619bfdb42b4ba3ed6d880d61c3067126dbfbfae0060626ebabc
SHA512 3142a1811810971139544b0a7e241f9f2aa0e6c379898887e5491bf811710d976201d372812f5c9df697460ec6d3dbf63983ff5bf318b146755a2820ad982440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c3b9eaab4cf673e287cc1e4194f19e8
SHA1 a45ae80047c0999f8461b4347dd3fbda358ddd77
SHA256 b637fad65b0c4a186fddbe7de7bff384ba07f8f1e4085e0b1332f510732cd9a9
SHA512 ebf4ebb457b804326b7f6039591ab6b63c08237f7b9720116a065ea58f88b177bcb69d95d366b00bdc5408492d8800004e92a2f4049529d1fc656df2aed560ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8faef1ff24988f6f71103d385b8363b
SHA1 b0e5e03f2fd640709656375e153f88b7702ab6ea
SHA256 6f55da533d69b672842359d3a49a883ac2209cc25a51547567acf41e81c594f3
SHA512 1c98af9f877dda3f09c4a1e0501564c3852c1d4adf2cb3a1075dbd70ff4f5026e70c6ca3ccef10e6717c3a47b6e67d518e735a32ed2269f769483319d9aa35b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9fef2601c58382bae4a62ba337e10b71
SHA1 2c18cb0d0da905f9a03abafa027a2cc0a947f12b
SHA256 3b27a1e163123f84521422f38dc00c8a2cf14017be0580b0277c4ddf74c6b628
SHA512 34b845e9f5b31ad77b4850d71449e293f0d0e4e2342d503ee77db67cdd11f0bc6efcd982c1d539a9f988db32a35ad85b68df6511ebaa1dbf768209d14ec2e946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43773ab78c3f26b0cfc0b35d3dcce7cf
SHA1 0bc9476a5813750aeb6350ce41ba2a29078d63b4
SHA256 c816936bace5ec90ab50d9a325900ed366ae3cf9437cf9fc95e45657acf6441f
SHA512 b3abef23bd9540ffb56baa8d4d8cd2a79ddd6a3ab930631ea036d819d7d7d9a480b025dc6c9b709982334b314d9d259febdd5bd438c12f329b8cdd4ffe3e7ca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 feacaf8609fd04c35aabb8c5f31f4044
SHA1 262ee491ddd26c89c10a4f8bce9d512191b05ec5
SHA256 7d66f94ed815c0509a276739727a4f0cf731f429100db000a2fe033cadb8554f
SHA512 27de10072c10c73357d572a0fc43e87ec50a4001e483fd5474aff3ef0a8a7e35018b022934a1058018f9b8cda3e30f9a57f026357d4d6aea6fc14690235343a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09651494a420859810ec394e5f702230
SHA1 318c7a58d87609e5ab71f2b22d34dc72cb97a1e4
SHA256 54fa93a646430958e5d6ca6e9f1f29519e46a91adbdd73ccc8df51eff08eecaa
SHA512 baaaed1c9fe55eb238071ff6ea26333a4bc021c6e21f3d74a0d09201655f7ba70e341ca72709dc4d4842dd05679be33697e7b0e10df0bc3d5c1bf09d9ffec2c6

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\56\{16304591-d400-4a7f-9c68-a3cd4eb47238}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\153\{9419a31c-faab-4f97-acb6-accb5e4c1c99}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\253\{dc78ddee-9b84-45c2-a326-087fc808e5fd}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 beea69f435b52214c866cf3b4a2bd74b
SHA1 4dcf62d7538f87176400b1c80e623f6f50d6fe6f
SHA256 c71198af527a5ed44be383150116d3bb2dd4684c2b7b522d2a21f3aeac1502ee
SHA512 21cc3946bb33514dbf804fa87170bb284e0b3a983b34f5db807ba15e48eab81f03d9abec648dbeeb735bb62ea66067edcdf3a20e582829d0ca90a2c7189e5609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8680572941d50e392cb31e260231ba33
SHA1 cf0821bfa5593a410d3f97ce9c1ce64563db4b3f
SHA256 e2e4cd002024cda10c341d536b7e1546fcefec010020fa14ddd73e60198f0da4
SHA512 1cbbd65e4e287d22089744db2d841390c36d9ca600a5148270d8dda3a4c0bcb57b01bea73a0ae46bceb172f4b60a88293df80c18218c16dc032524c65d7171ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88d32da9e0e48b6d688d0f3d2802c012
SHA1 3fc66ac40a4b51e854cf34b1879b6674f9671550
SHA256 f3d47083816849db0bd16535541232dc3ba8b8cc67beceee907543545b016cde
SHA512 3711f8133b0424fc726b9846bb1e36a87d74e75562922388db0ed53b1408635dc02cc398029a3a04a694f5d9b5b1b5e7474bda0c44a44d6f2137fc4c83ca9ab2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e53f36ef86dfcb43c6e68da6cb638b8
SHA1 d8bea76f5cdad1d3f05718ded7d7e5455f6bec2e
SHA256 eb7d6028b3c8919ec6f85b2d872297631f77e8c79269e7dee030913ababc4894
SHA512 6e045342b59e58a7ae7186f0289cbf42abf2d2c54b5762c54b9bc4775e299e88cbce25e665a748db6b4c8b34c320ff86335e8d2a8eff3048592a0ec864bc1dfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8388c2a218a3f289b18f2a5e81e4f3da
SHA1 ffe24b0ca8ae77d64af3b905b856e8f30b04a52e
SHA256 0898e03759ae5d660a29bdf52da2ed5b6eeb228ced941e7ea6aa8821ef164c32
SHA512 9cf8144b3fba1310f6fa32c1aba14da29e6ddad2a61c006228faefcce21f2f60b222bbf7be05363f213602ab65f598636c085236f48a96b809a28c986c641fc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5997d0804662019aec9093ff90cb9c8
SHA1 779cb081efd5123185371812c3d145af0d80266b
SHA256 fb5a170ad410b2cf9c1df5daef5ceb016b7aa0ab244359588475fe624f2d261e
SHA512 e1fd2110b17a04d8831bacd21da1d86ef8fb2ab3c204804497362eea1a882f80bb512d22729c7101eaccba3897195fda5039bf143475ef600e7792f93414b2ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9195e8266a08b8ba02d37e83ca6f5fc7
SHA1 17908bc7afb6607dea2c827498a7d731abe6d6d9
SHA256 cd06d1db5f8c9f86afe945a8e5ee817c9c5e734fc0cba434ab1824934e37f3a7
SHA512 ef4179d6ccfda78dfcd3e1c7d039b307dc26356026fe5da9d4878c84856e00eab2390e88b1e119b90e864342891f69bcb80f0523ce4269dd564e159dd2711266

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 75daac6ec020435bbafe1e75e94244b8
SHA1 05c4444f1f5a139c3fc6b9911fad986a413cef87
SHA256 5c810309040bb08aa7e345b36fd7a73993db042a6459b5fe98bcbaadd37c0df7
SHA512 a95f59c3a809b0dfcc0d2be537e36a8e15a4da50c7bda2dca1228e296cb0546eb9a8e516d6e9fb31fe1e912f1b60c5ceb1e6fc7386f6fa749dc2ca384a1ecfd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8330c0a81cdef224440d281fcc36d653
SHA1 79c8f87294fa8644ab5fb3938bcc0c489c253f75
SHA256 aa25405e6557db2e048905990855db7b50ec76e326e813c0b5347a03d8a4970c
SHA512 fd64534a8ec85e9f17c730d450c878339a020e74310e538f8c5f08d2be8826b0fe38409997be2081f243006df7848de93bbdbce613b55a9e60f511239e7e24b3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 14b4e8d39d6d1a06415732ea1fc87275
SHA1 7ec899266ac6e466a75b5c4a8f4b9e020d8fc784
SHA256 3ddefeac8d3c52596c71d1bf91bbddc2ccc54f2df6317a48bd7ac1f45e81fcd4
SHA512 21764486d020c70a280936dc7f9104fb1d4462edf12d4a86d2e21947b185088f67e4b79ee046d545bc2e722c8f1c7124d0279a0e810b6d0dced4fb643702b607

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 952f9ec34453c750de1a7a16800c93fb
SHA1 fd7416fcd362d89213effc86a42e387b5946305e
SHA256 daacdd8250ee71bb8a85875b153674375e588c81b09427ce816dbded2628c49a
SHA512 80b0aada6f508fa4f4d36aedd07b0c94fa6a6b3b40a3f6330c4ab7f42bea7476c58e7a5846dd0261a6ab32b35406dddd1d094a9f077a88a87f74326d0f09bc22

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-15 04:49

Reported

2024-02-15 04:54

Platform

win10-20240214-en

Max time kernel

300s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b6678275ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{B6CFC820-C3E9-47D5-96FA-F218D6DE3404} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 505a79c6fc5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6817c461ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 9056b6b0dc85da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 29a85161ca5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 5028 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 4848 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 3252 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2052 wrote to memory of 3252 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4884 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 2300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 316 wrote to memory of 2300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3800 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3800 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4884 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4884 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4884 wrote to memory of 5160 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4884 wrote to memory of 5160 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2308 wrote to memory of 5168 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4884 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4884 wrote to memory of 5216 N/A C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5584 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5168 wrote to memory of 5772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe

"C:\Users\Admin\AppData\Local\Temp\4daa6563d0cab9eb6909317031b4a9cc8ec8ac53690301b61d3ba09bfbbb352b.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb20709758,0x7ffb20709768,0x7ffb20709778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb20709758,0x7ffb20709768,0x7ffb20709778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb20709758,0x7ffb20709768,0x7ffb20709778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.0.808357247\281024393" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1476 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb93ac96-3a8e-44e4-8c2d-e75e19476851} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 1668 11f776d6a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.1.133458091\476215609" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcef1061-5d96-487a-a103-eae8d4461ec3} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 2168 11f6d1de758 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.2.338837087\1448794189" -childID 1 -isForBrowser -prefsHandle 2604 -prefMapHandle 2704 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5d2232-bfac-4b43-a38b-ee1673e69d62} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 2988 11f78aba658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1868,i,2403155366602401295,6083939661388255690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1868,i,2403155366602401295,6083939661388255690,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3724 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1764,i,9971896531290960456,2780438685936707917,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4668 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.3.1632300572\958232753" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2b33c97-6fbb-4a96-b1b0-4e604c96f8d2} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 3672 11f6d15d658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4428 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,9971896531290960456,2780438685936707917,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4680 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.5.905718135\281613860" -childID 4 -isForBrowser -prefsHandle 4684 -prefMapHandle 4688 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63bf6c1a-7b7e-47ba-bbef-f10210175412} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 4764 11f7e2f9258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.4.775105160\737500743" -childID 3 -isForBrowser -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {344e6744-c35a-4055-b4d3-c5f94129ea8c} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 4548 11f7df30b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.7.189971868\1242902470" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f51dcdc6-3478-44cd-8ff6-92c4f87aed57} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 5304 11f7f84f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.8.313052952\851573895" -childID 7 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4b93e6b-74e0-4655-9a6f-2e46f3ab8eeb} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 5480 11f7f948858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.6.2131546981\1475600459" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5152 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d75f4f0-73be-4d27-8411-bab8bd29bf8d} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 5144 11f7f84e058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.9.1445429147\177400800" -parentBuildID 20221007134813 -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3c256a-09dc-4fa6-ab1e-da9a997c604b} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 5352 11f78a47458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.10.97393459\788372196" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd2ae46b-11d9-494a-b8d4-79da9f34ff38} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 5948 11f7cb2b958 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5168.11.1024552138\939372811" -childID 8 -isForBrowser -prefsHandle 6268 -prefMapHandle 6260 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcbc4a05-df2e-4f2d-93e0-677e1a2e4172} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" 6304 11f7959a858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5476 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4396 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1800,i,3125767420663153357,8318493634034656069,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
N/A 127.0.0.1:50940 tcp
N/A 127.0.0.1:50949 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c10.gcp.gvt2.com udp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.74.116.34.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4376-0-0x0000026C8A420000-0x0000026C8A430000-memory.dmp

memory/4376-16-0x0000026C8A800000-0x0000026C8A810000-memory.dmp

memory/4376-35-0x0000026C8A5F0000-0x0000026C8A5F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b43bbbf07ece272bdce09e53eb300c97
SHA1 df5691116b06e6b931a873686338e9a28159a4c9
SHA256 a67369175c02e4597e3835d3acfdad7cdaea81562d0fdd1ca0bd6cb3ef17bf1e
SHA512 0f8def114023c46833f3ab04f3f1545129c72b826dd31b05d0f20bb8039003a49040a30a03ebb1ca8c248bd4a98acf398a260542d90e90cb113eedd63f40b1e7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7c30d4b6f5aefe92bdf73d286a873b0b
SHA1 5fba1675b90f7027b7e9dc0a3c58853caca9e5ba
SHA256 57969e8733f548b52deaadc4097224f096f8a62b2d04dae8a3cc6e9bd8da20bb
SHA512 5538923ad75f72137c974b0fbefe820e68c9325289e0e9793c677cc5c7eb37b3f04f01cec34d5fb25c5063672431d486a5f023c3a83dfafcb6932a8d7ffb4802

memory/3868-121-0x000001C049590000-0x000001C0495B0000-memory.dmp

memory/3868-137-0x000001C049110000-0x000001C049130000-memory.dmp

memory/4284-158-0x0000021BEFE50000-0x0000021BEFE70000-memory.dmp

memory/4284-160-0x0000021BEFC90000-0x0000021BEFD90000-memory.dmp

memory/5028-186-0x0000028D27050000-0x0000028D27052000-memory.dmp

memory/5028-188-0x0000028D270C0000-0x0000028D270E0000-memory.dmp

memory/4284-195-0x0000021CF0DD0000-0x0000021CF0DD2000-memory.dmp

memory/5028-193-0x0000028D27860000-0x0000028D27862000-memory.dmp

memory/5028-203-0x0000028D278F0000-0x0000028D278F2000-memory.dmp

memory/4284-209-0x0000021CF0DF0000-0x0000021CF0DF2000-memory.dmp

memory/5028-221-0x0000028D281E0000-0x0000028D281E2000-memory.dmp

memory/5028-229-0x0000028D281F0000-0x0000028D281F2000-memory.dmp

memory/4376-227-0x0000026C910B0000-0x0000026C910B1000-memory.dmp

memory/5028-236-0x0000028D28210000-0x0000028D28212000-memory.dmp

memory/4376-223-0x0000026C910A0000-0x0000026C910A1000-memory.dmp

memory/4284-246-0x0000021CF1420000-0x0000021CF1422000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BJB3XXSD\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/5028-240-0x0000028D28230000-0x0000028D28232000-memory.dmp

memory/5028-254-0x0000028D28250000-0x0000028D28252000-memory.dmp

memory/4284-256-0x0000021CF1440000-0x0000021CF1442000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a4854cc53e9a61a520d37fe2b1a55d63
SHA1 9f3c13508bee9c0790851d5e0ad2ced028f486ec
SHA256 008308f2fac8314ad71b9421ce70e8ed5ed1997667b65e18f9d2faf7136da322
SHA512 38313bff656a9e4b25eac786ea74b959fc448d0b4ef886bc75c075ef7579069ad7f25870f46c070bdda29e979b4d7418a13513c319c710ecccd7c73973851791

memory/4284-259-0x0000021CF1450000-0x0000021CF1452000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 3e4915e7367a7d292175a9819e498029
SHA1 8d603da50f62c711c100e00dcba1c93e124bf5e7
SHA256 3f8396364684ece1720308b38196b036a7632e3fcb6d363cae8f9da64f0a57dc
SHA512 38bb8bb772c7c85a01ab920951c16852e14b1b5f16119f756f6162f2415bfc7bc8464179f08505c07a7b07b1777f440fff6606feceb7e6a58236cd2e8ff43f24

memory/5028-316-0x0000028D2CC40000-0x0000028D2CC60000-memory.dmp

memory/5028-322-0x0000028D2CC40000-0x0000028D2CC60000-memory.dmp

memory/4848-357-0x000001FFAC140000-0x000001FFAC160000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\LRY6HZQA\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4848-502-0x000001FFAC440000-0x000001FFAC460000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2617be31bbb99f395844201786a8cb16
SHA1 55b133994087c587f0eab0cacb16481fa779be39
SHA256 fc91095de47a8ac128535c4b59e0da6f1238e2dacf330f3081e0303c32c814fc
SHA512 2380f9f69520303bf3af7af34cedd0cf9bf094ce612a5c057dec56a6f83777be5c92ac1e82114d6fb032e030262348b8c0c04261063339ea3f0f695adfe5aa3c

memory/5028-585-0x0000028D2E100000-0x0000028D2E200000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\63l3kmp\imagestore.dat

MD5 d5a0062f6b4a8b953e7701e1204f0fd3
SHA1 e8c2166bab7c0636e44b00eaeacd592298ea5222
SHA256 effc84ab4e606c0c172e4b7493ef432952ff726575c4eb73ce288e02e36d0447
SHA512 c805153dada30c2f5adc3866603d2d09d56c5f6edb2d3b14e44032d23cbdddd0c22774e03ffbe6a65f8549a675cbaf410395879c3295536cd6cc2e20649bcc07

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KJY7AFRS\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/4848-636-0x000001FFADA00000-0x000001FFADB00000-memory.dmp

memory/4848-685-0x000001FFAB900000-0x000001FFAB902000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4JI24OUO\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3N7RHHL\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y67IFJ6K\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y67IFJ6K\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NWHE9DKY\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3N7RHHL\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3N7RHHL\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3N7RHHL\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3N7RHHL\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DMPJI86O\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DMPJI86O\desktop_polymer[1].js

MD5 b21a4c7669d700566169e6dd45aa2b3f
SHA1 d35cbf4d030c764def6feb43146e78ba89650db4
SHA256 99740b06590b1a0c54430898a5acd490903bca359dcd84271b1361a319b16201
SHA512 9fdce56da5d9b2d143d9b2a90861a7312c589705990722758fa904d5ee63e58753104285e9b6b373ebff047a42c81dcf44d31b9c86666655d2a8f0361156b698

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NWHE9DKY\rs=AGKMywFTtniNACXuAWHb4uuD8tqS7DsB1A[1].css

MD5 11047f3901344d0ffc9f2db45b067338
SHA1 e31be90da2023dd445924bc9b0e762b0d7d555e1
SHA256 95032e1559d77bbc652344e81adf18870e25b2d9c57255d505b1de1cfd956f48
SHA512 b7c49f2f413671f624af83377cffabfcdbcafb10462485d699bb22a36718ac8817f9a17f6057d480e92d25b3564fbe254be3075e3cca027c839dd613b64d1302

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NWHE9DKY\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NWHE9DKY\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y67IFJ6K\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 fe1a88fbbe5ab9a099e108ab16f0ad5b
SHA1 5146fbb8f53185079036482b360a38a882cab323
SHA256 6fbe354315a859b104a49ece794f29b51b630c29fa16acfa82c217afb04f22dd
SHA512 9762995332513a7e436184b2dc64a23c2baaa9da92ca24bfa74e6f902443c18c39d2d6f399cc1c7595b98743a69e2e783f544f7576ec3c8bd5e3f5278834ba18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 c11c354896738fe01a64b3bf5cc578d0
SHA1 7f98d46e09295bd4f0b7ec6191511c716882ec08
SHA256 c805c818c05e4ba3209c612eb41678de80323135ae8eca21d6268d7372d81dec
SHA512 949ae923c8407eaede46980acd2e45d24b9afc03abfbe2e6e9c80d207a0525403e98b65e7f7687e514c84545d8c315d67e5fabf9c9fe4c950e191441c526e11c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ca65cdb2a03fa4ff134ecdda6fa5acf4
SHA1 5b12dcdc6bb954a12c80991dd22ff676e2fc80c3
SHA256 77edcec9f93c27596fdce017ec5c4cea903f1d35b78f1db4d9f8dd38bc9f4cd4
SHA512 9f1c0544ec1183be027dcc974d3956ceaf7855718534521d2df4aff79e0eaca74cb4e3acf39d06e6fbf7efd1739dbfbd8aec5e7c25459a8e8d62633295037808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2752_RJLCZOVCWOROCRTC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1f82cf02-1c48-4937-a69f-88dff3220e98.tmp

MD5 f6ea7987460e838f05756672c9cf57f5
SHA1 08d80dbf157682bd3d3c4edeefad527f71269e2f
SHA256 0a3485a53742960ca51fb2ed1ebc9a597e977ff95b7f706153095f0094a82fbf
SHA512 654bb0cbb24027081111d1f986ee28323c8b0336c5d93763f01e7cf5d720d92484953e7706935f6f45730215081a2388a5b741450d8ef7b34cb0f96cc0214944

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c1547f24570b261abbbcb67e101c0c5b
SHA1 eb3624f03df233f93381e4088321b976d2b17d7a
SHA256 2e624bd4cf45d7213567b54ad224a95a1ca99b0583dbfab987cb895ee6111c4a
SHA512 ab9538c6c989a4e82fa34c741b71c764f572514406d0acdcb1194150fb309208031438cdfc02ef04cd52375a8e56f1d936034650d92dad36e27a5942d5dc021e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\datareporting\glean\db\data.safe.bin

MD5 5e65300182d8d920a693428181402863
SHA1 a0357b26fc26e03dc3b78cb9c6e5b645e3219f4d
SHA256 d7d400b9bdfe5f5bc1b369593f40bb696df61f9570bd4f68ed5e0365be608984
SHA512 556ec3ae998ba9677e7ef9666a47031ec273f0564da54220164776e4346f17125eead644623077743f23bda1827f6865c6ea0722fa703a079b3c42a938334d7e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\datareporting\glean\pending_pings\bc0fa39c-7b20-44c7-8623-0e4e0397a88d

MD5 e6a6c83f3daf21e80784ffba0b8bb41d
SHA1 2e7f7a937e2e5722ef09cb394d7e937f173ee3d6
SHA256 8476bbc50c3112eea597f8a070be4a0d685acafa2b180cca72127e2296fe61c1
SHA512 e59b563a467f967e5ef7b0c5304861143bfb22b51aaaed0a7cac8487ea6f51e1a491dec2fc366e08c84194a2be10e2fa60a42b96e7cac0ddd0d96edd143dcb84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\datareporting\glean\pending_pings\8c396f94-b73d-4b88-ab18-a5c893524da0

MD5 f19d7a8be146463473aad254431ec3ff
SHA1 01a16b79c584f4c327f19bfb2d9ab7051de3e192
SHA256 af9baf153111dbb1563b6cbf25719ad189d276e5a6aae038fecb2500facfde07
SHA512 b6a507868ab674d19070bee1b88c66ae676cfef2c9c7d528d1dbdf8b33176b10cd58ca02feda755abfdb0d8acfb229ebb9f8d2d1f6a444b5b258a11c39f55beb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs.js

MD5 25a297d3d478b34e701047a9eb06c849
SHA1 22bae4c84e3f88659d4435d22e7eb93cef2fe2d3
SHA256 c99eb56bed427e6d506c68196518f16adeb55e15575a8ef2bcbe0fcb77c31200
SHA512 f2e6099bcbb1fad141c2ff50784a74c7c79189c5111b767c008aff7402657d3e64cd9f88a9b838f81cb0f5fd7f540d94dc5fd424c1f6e866fac11da2afd1a6cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs.js

MD5 9195789c4e6a2f6cd0323f243b671b94
SHA1 5c8566f5f3c96e8cbdffcaea7bc452fa451ea0e5
SHA256 e1f85ec03d378270223e53c5c08e428a22374fc12ed5ac1e65dfb2b020666be1
SHA512 9eeacb76f571486fc1a49671187787beb7f0e332064ef098af9e078dc6d36bda7a6a0d2fc156f7c93306c40f2710d771033e54956f6f013d062bfdfe143b156e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\sessionstore-backups\recovery.jsonlz4

MD5 303b87cada90ae48490a71c527abe962
SHA1 34c48d2082fa73ee79f610cb9654380d4f57104a
SHA256 99b45b7a23239cfd8324d4ac161ece6143f19218f2296d3f4efc7b87b2ee12f9
SHA512 5ea32200eee1670dbe806ab5f565b6bd51c940726e8ae2c6886edc59d0e1e48ea7a6c3db943e3448ed22c3cdb4425a2a9cc968a31b0db0ca25b8953b98d0c21c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs.js

MD5 584761d6ee605414e8ceb5bed4345252
SHA1 221427360840cbb7114a7e297fcec81683ffd88a
SHA256 eb7ddb407b011ddc31593a0cc635da85e7d41b00e95d0fe963a5fbe6d4340bfc
SHA512 63b6788f41dce017b8e30e58c8eb5b5647db53f745dcf9c3942b32411c4148246c6f9b7178b36750ea87e60ce17620594d9c9b6971072fbb5146bcbf4f88f7cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c42d06d58ee35b376b7575b2553dff7b
SHA1 5ae3b997687ffac66a744df5e665b17b2519a201
SHA256 427000678bf03a8b1ae196918d5380f800aeb37ab07ebd226d5ca2a88b07c5ab
SHA512 9e7eb54ac8865a71fbf84ad2e80ba1425cb4914bb10385806049a3076d3241ceef88190d3def62c7589f539433b5ffbcf460805bd6c438a91842194da1e84cb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78e53e2c21dd4752f44c591e23c7f5e2
SHA1 f99cb3e09c81c64788418e5a3d1802b5f226f25c
SHA256 0978d8a2751f05422ac6fa884f24a9c7f0f4ad2dcb4c67eec50d3869f3a18b11
SHA512 188e8ae64a61d0b36ab426228101c4971c78b86f487d026e9194361081ce8c8358e08c916016961f81ea0798546b1b043ecfeef189670ea124cffc2df1d1ed73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0aff8162f23cdb4106dd185fd64b5e91
SHA1 11b200bc8a9d4374506c95b957b7b4291c3d3ece
SHA256 b30c17d69cd7a6cedf785b3db703b1ab829c2a705838c1384b9dca1a2a331235
SHA512 b984c3b6a886c9fdf361ab7cdde9ec1433bd0d406399e2f55dba21bbb00d34d08ee6a1ee569a746500de016ee0aa06cfc8f4969f6640e9831f01488034877064

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\storage\default\https+++www.youtube.com\cache\morgue\127\{45f50f02-2515-47bd-a721-e8409d1d367f}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33R0BFZD\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\storage\default\https+++www.youtube.com\idb\1137274957yCt7-%iCt7-%rae1s1p9o.sqlite

MD5 3d844f544fd876dd4e49c2c5a08b870d
SHA1 d5d632da4e1842484c4f46dc124fb5bb7e2bc06a
SHA256 cd18b2e6c388564b7265ed0c46361f5a53a4550d96a35d1c971b252bcf05f103
SHA512 be2311d1b33f4172aa3d94aee209b7609ac6a3739761435b9e1a5e6bada27b70ef568ead895f47158e69138c6cace136d7aaf50e14eb72f13db7bf4702473f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2752_1435407832\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 733611a7ed0c32c35f1735239f2b85e9
SHA1 f395e7e3e927833b6983aa065161464d1fd5f728
SHA256 0606cd3f099bb0a902fdcd021549298f7f581a975dabd1010f1695ed84861f4d
SHA512 abf66a1fc89fb43ce436b0baf22b167e4ffea435e791459a4801501fc299e7f85ab530a816b0a8ffac33ab913ede49031f10bff118a942b4f0af810cd60d5feb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583a83.TMP

MD5 51119b9e511007e52166528f6d616d6f
SHA1 6cef228377db18ff3df20dcf44d6b3b5ee56e9f0
SHA256 609e38f82bc843d1e181a891d07e6a3feab3267e47b581e8d1acfcba077eea5e
SHA512 4c585f727a4f4bdcb5f0cab68d2b670908a4a1e3d5d2da586f5881e0f1fdc16639ec31c39027db8927c5c98896ac6a3826392b2aedaee19ea6bf262cdf029537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7c7994116f6f72267b32399e7c33917e
SHA1 dd9e89340da4942b520f198cc0949c44168cde72
SHA256 b106784f2f3865ea325b841dc558dde64e18296df88e121332ff3fb85fd2c15f
SHA512 ecfe14386e41a40cfa65b2973e1e47fe133835b23da745153a406acce110e044cb62df7fd57948a5c79f497d48289a4d6e29d09af6abb1afbc131e768d6f1d95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bbb4c0a5e6360ab715b74632c9af7701
SHA1 9c8cedf0940338bd3d13e36aff984f99435a2b57
SHA256 dff08d61fa5011176c945c142fd96731821d08119be2662b3f8b6ecddf22fded
SHA512 97db9f04be2e29c91cf774fac4233f8f0b6ad679005f37e3bcf0df33380ff809cee0bb30a1b28927fc41fac7d41d50a3dd4bd1756f5df24c4c49dc757ab2d4ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1663bcb81e1668d2f292bd5cf551d9f1
SHA1 a6aece5b2200d45be048f9ba2140d0d9d1b2b86a
SHA256 bbba6300943309fbeaa9ada34c1d0b823b138512e914327419fcbe79c076648c
SHA512 68c350ce2118fc58013d491fe7578c410762aafcea822a2a41fcfaf8042a1bcf58e67cb63af4f309bc9dc1f275104d780d88f22e30603153f8ed9bb90904425b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\storage\default\https+++www.youtube.com\cache\morgue\198\{c632a8af-dc5a-4133-83bf-9559ec18c8c6}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\storage\default\https+++www.youtube.com\cache\morgue\115\{6e774a45-f26e-46bf-8cf8-55790be65473}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{166570dd-54f6-4c9b-8a3b-377fac0fb9c7}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs-1.js

MD5 dbcd6fd1e5f434c91ade97270c1d56c2
SHA1 345e7101667e6859afddc02185db5b2c1798e7b3
SHA256 ebe45053a18039a1a560a8f4eccf513f2149db7285823e6fb811ee78a3584f23
SHA512 88a15c41e356a45a0c2bc0744142381241c28cb3e894db42570b9553cca4dcd54e5e08003baeb09339c134862c900d172d5ea803c618e7edb1f738e0fb6c57a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f394d68d0fcdad6f845309040fcd2bd
SHA1 c700b724fe2c0f2c4cd2a9db16398ef1d4895b4a
SHA256 b2b6a7224be36144135bc98b07152221dfadbe17c96619c6c0117cb4e0e463dc
SHA512 380bee2f0a296c711874cd60ca731be574a73a5f370514ee4c79b319ff46abc65d0d781e8102dc26324b57093acc9aa915abd5566bfeb28e90b349447ff23a13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 50601234d6553f12a3953c43f9e80475
SHA1 e9dec13bcddd47b3210fe4a4f7d6e91e30728620
SHA256 d057db82b97e4f6954270898ea38fa84627cbf5f74f2e0c3b079cb18a93bbc6d
SHA512 5cf8443fb6598efd64dfd14a54149e2ba8d3e70c639a5e3d72a4df8b49fb1b81f82a375b0781fb14dd350e1f661bf1959a4e14f8989a8e0b4f682d950251cd24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589093.TMP

MD5 ce9f69f5ad4b622abb350d4b32647447
SHA1 c60ad294896d0efb22ab3b72ea01f78eb84bd13a
SHA256 50ef45ed01ce4237d5612d8fc78f4f7233f5bc9e30dcafc08010695419f7b17f
SHA512 9396a10e70dec68fb532222661474af70219d65010a62122ebaf6eef9c6f46be8f7315da4e11d2bb7e5c7fa65cc1f54b41a4b0981aef74ee65eb6dd41256846e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs-1.js

MD5 42aa56aec6f1bc4f29090a585481074e
SHA1 1869249bd521ae0a1192a8cd2aed62ddd749a97e
SHA256 ef65d01c42f7e0fe84e8ee25a672809735c25a7045082e5dd8b94a65a5fbe19f
SHA512 e3c0f7963755673355b47c4e1f6a264167c7e2b2f7c941cf6e763291472d05f5d631329d13a46d418956a315e1d64b6d928849af20b37ed5d18cc8cd5ba8fa5f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LFGF3QJZ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce143f28f592fb0269700447625c5fb7
SHA1 2ee2378afbcac0fba0baf4077712481a20d33a35
SHA256 9314bdf2464b33ce6958e6e42ebee2b95e7adbcdbb9dcbe46aaf6c5985ac6e66
SHA512 65e4b46b75fe589b8b85df6feb362698bbb57dd4d823ed2827da38360a88b8d6bd9ab45c0cca5d32ebb65ada8a0313427f309121a358a64e19208822b0acf4eb

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 bef05f9301223c18dbaacbe480c0ecec
SHA1 e978014131e752d4033b43012f862aeaa74813d3
SHA256 97b09d50f284b3d1afc7b2ee75c5ae6789934ef98f0e911012f5d3a69e449357
SHA512 b28c204e3daff60194d671e0e57424be48ff8ff7f6605677cc0213eca66e13e31ba96116d503d37da20fc3b1cd73b5ec567e7211977f648f0da8a1a456791165

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 3e31c99791b1881a8d77b6ccf69874f1
SHA1 980993ad0376f940d0b937e7685971ef2088e634
SHA256 9485cf50c9d20aee320c65e3e5c1162a95ea12e4067c30ceab416e07174fac0c
SHA512 b542645f900a3ff8b02729cc43b19cdbed16df7fdea41d9494ce99845189055cc528b77487e16a6611b2a750d85cb71ecaae75d7d5f31fb395ab6a28514c8221

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 38e888508318e0940b23ec366cf4b04b
SHA1 6066797a783ee8a9af586a941755a6cb6b707192
SHA256 78ff77e0c20b6aa78fd96449466fae0d4a31607769c572df232e503d0d2a9216
SHA512 48b4a82350a5c5d415b53aa44641788bd26cc3312e121c01dbe6f56108ff59c5e713c5def39f09fd9b5dc480632e70fe37a446692b246b2fd56d4c368fd3ec60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1e9d1748980ea4bd341d374f454ed091
SHA1 29049f469750b4159eacad8b7645b8df56bb9ebd
SHA256 4163225f746e85327ef61eae1766a7ca68316cd89d42d5625af95c21d8f741be
SHA512 8475553010ff37809fc51fa207b919b0b9c811ef940c25d392dfdb3c3d932fc3a7ff23d7979931e2361a5c4e4a066721dc0d1422f08b4a40baf9377c5352817c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 157e60082f003d53b7e4b8d114d279f5
SHA1 2a1010322ff1608c28ca996d29b2cb7cf56dbb99
SHA256 ea557e6b742baceaa641d560f41a1529ca99db285ef66cb723a86a9c673d6067
SHA512 8c9cf617e12a858fde059959d6cdcffdc42e8926370eeca07f904ba4eca16480a9cb8514704685dbdcba589a63b44aca7c95401dc7dfb396d8dc793106e7aec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a93964684bbdec2f474f67d4820777a
SHA1 662cc0756ca8d5521106019684f8332da82282ff
SHA256 2a44c120a55d250d1701e092c4a186dd831750d3272b602e7d4002266e62035c
SHA512 6d1641712c7a518505088a55218a88298648cfa7e254c0a42fffebb7a722475b6a1d594a6e5e92e33dfea445d450ac133cf56cffa2a502143933ae967442d4fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 038bcefd7f3d38ff1bd3aae0bcef52c7
SHA1 311a9bf6d7658c4164a0967be5509285464e9657
SHA256 391d3e70379bf21fc56dac490df07a0d29ad44e798853e422971a62cfb5cfa18
SHA512 a915f38fa9d6f2b43f1f58afb29f53d473046930a52ebf89119e493960ee22297beedad23ab10db1cc4832b0360a831fdc955654982df96220dd531c9d0e68fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a31a95e045f9ed212baac0a7d8400677
SHA1 e9924dd2b461b8443e5f3a1cb16758f1c01e9e71
SHA256 2a1acdd24a37ee047345ee8c6a3025894c34d4511ced4ffc7d8edeb6a946824c
SHA512 dc6a284efb60e3f7d11bee2b7ee78bee3c29832f9ae49aa3e2f68319ad8e99dc98a019d4f15f7b79b5cae4663d8dad7cc97dbb037d526ef8bab49749cc9fe1e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8f9a95c2aed77c8ff157f779612e7696
SHA1 7cecc2020c7614f975015b8caa2a4929e6bfbe64
SHA256 3bbf32d24e98bfac9c104559c4787e453b2203791c93748656324b41c8fc3cf4
SHA512 36d82807d692ffd533c32dfa8a61703f3f6a03bd54c9af889609f4c768c85902f2aed4c68a79ea600878be1cf823b58ba35e484afebd328d565a0a7d458dfc33

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a92b4c1c79a6f4f93e9d337f8a303559
SHA1 0cd5977d1d649c03c22dad31cb58f36ee4923042
SHA256 5e534e778b67bc043be29e43cfa5b921b276a132e05387faf3934beed20792ad
SHA512 699dc3cab2092b0c015f444682a50d2894233fc0578b2b903f0b7b26d4194ab3d3c0969dca3fac1aea1d100d45b032cb22c1e40ca43b02dffc7bc91799901fc0