Malware Analysis Report

2024-11-16 15:57

Sample ID 240216-fez96ahf9t
Target 3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f
SHA256 3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f

Threat Level: Known bad

The file 3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-16 04:47

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-16 04:47

Reported

2024-02-16 04:52

Platform

win7-20231215-en

Max time kernel

67s

Max time network

283s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80de5f629360da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C30CB21-CC86-11EE-9FFF-CEEF1DCBEAFA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000003377c5d0e315aa0eaeef6c972a4270178fe2ea2a4c3c996a75508f83c20166db000000000e800000000200002000000097be6134eec3ca9add5a74d1f7c2b335b2a70728f5318588fbe50fd5ea7f81f7900000009cccb14d61224477005d25a8c9451c52dab82dff59fb85466792ec4e3c5155d3f67043249fddf26c09c3fa75678a87d9b825ced2efedfe2d9960397f26cb89ef41a54c2992e10037c32280a0a3cff3929a34afdddd0331b56638a31b1d4baa773b4b7716372a9ac01325da5ba41ecfb9d042512c13e22055e5d4acc4020bb71058b776807449ec9b76f4c5eb5bf8365d40000000e9f72c3da8c841042245394546faefaffa727247b05dfe71091f56c5274052434723a373eec076cf51681beba3dafdb1a1d7283674f2e75cfb22ce74b4be47d1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1700 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2524 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2620 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2504 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1700 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2848 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2848 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2848 wrote to memory of 2512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2104 wrote to memory of 352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1700 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 268 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe

"C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69c9758,0x7fef69c9768,0x7fef69c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69c9758,0x7fef69c9768,0x7fef69c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69c9758,0x7fef69c9768,0x7fef69c9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.0.753599411\60176753" -parentBuildID 20221007134813 -prefsHandle 1188 -prefMapHandle 1112 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45399f7b-5eee-4d0d-bfef-2438a88eea6f} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1300 107f8758 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1304,i,362395816905841940,2861897668508016423,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1308,i,18109868978235055292,15880983316851725915,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.1.81498872\2124506228" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea71620f-f59e-4c28-8aab-27cce9bb8dd6} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1540 f247a58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1308,i,18109868978235055292,15880983316851725915,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2276 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1304,i,362395816905841940,2861897668508016423,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2672 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.2.1000649673\1849758254" -childID 1 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51dcd409-e0a5-4c91-929f-79d10f44c0b3} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2268 1960eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.3.1440772077\1623943036" -childID 2 -isForBrowser -prefsHandle 2672 -prefMapHandle 2668 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eeb5811-886f-41f1-89aa-1b4dc481ab76} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2684 d61658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3440 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3380 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.4.1262043674\503515318" -childID 3 -isForBrowser -prefsHandle 3724 -prefMapHandle 3712 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d06b8e6-5345-4a58-8dfc-8dc7fd07524d} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3728 2065f658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.5.359465635\1436028795" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c95a4354-1894-4bd2-af2b-be85f5336723} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3944 20b6e158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.6.1835383360\1136721668" -childID 5 -isForBrowser -prefsHandle 2748 -prefMapHandle 3828 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76986cd9-172d-4221-912c-d93c48b38ebf} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4132 d6df58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2232 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.7.1565584152\2060239913" -parentBuildID 20221007134813 -prefsHandle 4352 -prefMapHandle 4360 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccb7b7a8-10ee-45a9-be21-cc1bcb2cf027} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4204 21db4858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.10.749740425\319079868" -childID 8 -isForBrowser -prefsHandle 4424 -prefMapHandle 4604 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3706a830-a57c-4991-9661-fe60c1600dd7} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4684 2059b158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.11.796648400\1760693845" -childID 9 -isForBrowser -prefsHandle 4672 -prefMapHandle 4596 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1023ec69-e39f-452e-a385-a0e9d03f25cd} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4856 21db1558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.9.137680344\1049823304" -childID 7 -isForBrowser -prefsHandle 4408 -prefMapHandle 4404 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63c50634-114d-4442-bee6-413894d2fc9a} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4516 20340758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.8.1970066197\438697420" -childID 6 -isForBrowser -prefsHandle 4396 -prefMapHandle 4392 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94176b91-7fec-40dc-b5a3-391766c97bb0} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4428 1f041c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.12.628718065\1782883326" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4836 -prefMapHandle 4396 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12266a4e-c0b8-4613-9f6e-99c1e0a4b2f5} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4824 d70d58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4080 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1284,i,10456616348090004611,14644737379847453602,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-hgn7rnls.googlevideo.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr4.sn-hgn7rnls.googlevideo.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:50165 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
N/A 127.0.0.1:50213 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.184.227:443 beacons.gvt2.com tcp
DE 142.250.184.227:443 beacons.gvt2.com udp

Files

memory/1700-0-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C2C0861-CC86-11EE-9FFF-CEEF1DCBEAFA}.dat

MD5 f1dde983344f17b2a4c5f552a57dfcdc
SHA1 72d06521137cdabdec5debd5cf5830438188e805
SHA256 22a6f75066d06a9367c0d7fbc1ac24869ebd35f5c0302070d1433535385c7f31
SHA512 44add7325298f42224f13714b8205a681df8ec09664be664d92b0d301361f5f22cad30889afcd11e76c3ee7764cb8d8b5f7c17427e9ab9e2554342c982655ab3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C30CB21-CC86-11EE-9FFF-CEEF1DCBEAFA}.dat

MD5 997f123e14687e972b4d6e25330443ad
SHA1 868ab55bc0959e473bd78d06d12d474680fbd940
SHA256 972365977214bf30532175d8a8abc944b9eba3799beeb0c9850a5a801176dd47
SHA512 c00771602d4cae2d0c073494d15c40bc5d6ac631e36c26ca2d93f0ae8a3cbbf724db83471e4ef43464459e67648b54317e1cec3e56a949d341527439a9a732e8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C2C0861-CC86-11EE-9FFF-CEEF1DCBEAFA}.dat

MD5 a2b8edac36d2f1535e2ebd8c54baced9
SHA1 0949b52e61a2811be99459abe3f151146b36af78
SHA256 432ad71831c66895ba57c1bbb1fdb9993045b793e5109597827aca667a0fa94f
SHA512 5f5461567afa7fa2b9cff8702dbb13c5a7d51720c26ba7a6cf68d4e26faa58770b5c6f67463ef21ebf4d989a679dd6464aacb439018cbadf7b7a8c80428f3448

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C30CB21-CC86-11EE-9FFF-CEEF1DCBEAFA}.dat

MD5 e1093af9057e5b05f0401fc3608ac94b
SHA1 12b37fc596d0847ffc61635a0aed4ca776fa6398
SHA256 14425fc063770185ffa7170da4aabac6af1071533bac0a675ae51466c5b923b6
SHA512 efc05827a2ebc60b605e49269d54f21951b07684ee24ad60027f0bdfe22a8e90c4cfd3139b4ddea11e1c9fd428a57f75128c0b29919e98fe77b25aa99d213954

C:\Users\Admin\AppData\Local\Temp\Cab1315.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar13D4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05ea411e45c87fb9b6e25ddb5f16d281
SHA1 b2a798906c9721a4ae10bf03a6848419929cc4f0
SHA256 e45bbe815038cf90d4c2b4d126f0be2e15dcce34afd7ced262237bf6c507145b
SHA512 d36729c0234b3b99f4e5083568b5790ad9aa3d2a737d52c17793645f8273fb5c5b2a0657daf2bb7abc03008074a26f689577361b96027decc85fd4cf15714c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0451878bb125b21970f6648826e368dd
SHA1 56c73d173e93f585cc13593ae33cecb0f7524e36
SHA256 bc192405d01467d5d5be8ffbc01496411964232a412765100fc2c1c654379e34
SHA512 52dcd4b11b4fdad46f8f3449d48ea43c7fd217db871cadd0818a951eb10bd80dba62304457541d31c17c1332868a879a50f945558ba2f3bd331188f2180946bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5c4f12010f17c5fcc38ce792032ae892
SHA1 ebb5fccb220f3d51d2449727bc06756cc32a73bc
SHA256 5bd4e0d3bbc443c17f171088906622161e0170403a468892df94b8830ed6304d
SHA512 19893834f2f1d5909bf3fc5e5cfaf63e1017407461d65116f3b365a7b70e1c6f75375adea272bdb634da0e2eb50919264101bc9c3b0af298561fba9bab336344

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d22000f40d86788b588fd657f1e2cb03
SHA1 94beb24d6a30c56566417348f99f7d010ff3925f
SHA256 a1b75ac935de29dcbc6e93b118962bfbb9c7bf2707f54c2f9c939bb0a247789b
SHA512 cb3caae02bc4a479a1cd5ae6cdba2c84bf240014a41168dfddfa170eef22c869733c901a1127551cd7be7bff57f250fcf9f5e00ae5b7979027d862242b414a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6ff87221e26c0481495f700c6b7e9b13
SHA1 e55d17903e32c78e7610b10a80f4b09455a43e14
SHA256 9adf0cc0f02ab4feebb8460ff7390a812fcd5246e59524e7c764203b1fab2647
SHA512 69bf3d1a76cc5a5f317718a8a89bc4a5f5edad48e3ceb24e2f6a12fe7629558ba9f5ee49e6ee7c3459ff491e4071c46097ad22f6a3416f5b24293c02edee1a46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 049e9291b49b44499d4834b957a3ca61
SHA1 7e8014a20f3e339808f636c9b5a79415c7600610
SHA256 6b9af81f23798a0437871f4b67ecd039ff5a04ef53ae1af208ce7c8ca5404863
SHA512 f97bc61c309efb7eb199a1d69cdc055cca9120735435cada6c74b248c3f5cba4985b7062650fae7bb2e8a130ec13e2c0047bf39c78da52ac34c1e767dbab29e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f65703458c5d9cd5ee9cdeadc688a3f
SHA1 db981f231d74cc36783826f7bfb1db19cf776b39
SHA256 821b46011e74442e0bc81bf834a3946040c9129284dc71795c1402946cb00916
SHA512 5c5fcffee429eeaf0ed95b12d9caf9dd63ede71d6359e41a90205897ed38c13c595007446b368c6b21f72f7866d5e612710f40e889e6117dfb101d09a7c716ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15009ccb2516bf7ab885879f255a7136
SHA1 000bb10b83df38d2e0544b3013b1526e9905a54c
SHA256 7c4176bdd7f51572b46633242365e8e3a90ba63113788353f4b3207f4035ab3f
SHA512 b2df14187e3ae937f323ec5f8d495f4e293769ff85a7acdf9125cfeca55c6213aeb0050856d7752dfc5eeea15a0cdf8422e425d51553a1379e577b8711e6ac1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25a0a0de6ec94dd3ac6b0b7e7a8789ed
SHA1 b65e84199928b6994f8a9857ebe56b369986f2d0
SHA256 6eadf87e4e346a65fafa291b8c2e20aa2f5fbef76c8f2024785ef3618be63ff3
SHA512 1bcfd562395530bef2c837212fa29b4c0b6a08d3b079e4b20b7ebff25c34bbabc327dca25e5050df02e6bba1d96a00a9accdeb09f39e5b13ce3b204d7dcb72f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 616caf73f8a3cd3c0a8d0c2966986b20
SHA1 e4d9b10ffaa9ce7e6f1981adb3b87425ec0574ef
SHA256 c3c88702612a1dbfdeedaba49f91d2bbe30a9542fe2d71525c260a5f6827a7cf
SHA512 e3c448965b9c48563dd999b7325648180d6710cc6276ea1b586727e798888879ceb1cf65bffb88333d37b928ec5fec159e69906580cbfab7f208dba901b262a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d0cd4fe90c9d4ac909a74381a53ce067
SHA1 dda7494080ee20a69274ae7f7b06c73026e606cc
SHA256 c412ea0d00a8ec4cd1ef2be9e1b480e4b6baba3acc8065ca390ccd1edb29f33a
SHA512 c61f06d84219b2918f72dc000ed0a2b68adae5dd989f4f27370a463eadd65c508843028f927e4f06a5a0da46ae26bab3fba1ae212ca42e3bcdee6991745aab94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 da605ec1b3b259f8c0b977e3bc27910e
SHA1 eba23691aee4be9d0d1fe9c151894fd23c5eb642
SHA256 b56deb10e89636cdde9eb9e6db89263d845fca6d39d798708e0869c2eb1b72c7
SHA512 8f2d1478dc4bc2a2abad8842bef05090e2956585ecd60c350f78462ef1aacc9d6de5f01f1be23186404340930082779d15290cb3096e567fb87bced00aa7c5bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7067a477d8d4c5eca4b64ac997e20a81
SHA1 f28601bb5a01218fe8f84f1371fda1fe995a874e
SHA256 0e5316c00d791d573fd9e28fc342e5b38e284dd67ca34bf7782cbc349911692e
SHA512 e9f433a63b795a3c9dac2b105a73ad9d23e94daf25b87cf86e18ecbf4b47433bb3b41008dc6ada97e23281974fa5a47689811bf67c94c52d505c64fcd22e96a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 dbf26f3768fb88ede54954480e09c5f3
SHA1 07d2f130f5b166ea845955e04bf05e4bec97b60c
SHA256 38c0364147d92630276c61ff7b78b3a5867a3ddf1c5e66b843b83dd95fe0252e
SHA512 474080e77959f0977e7a35e8a7d667d4e7b0875bbd4b43fdf7e260b0a4ac4e32484c297bacc2f202e26fc2f8254699036cf9448ece5bc254e7e0c7c74c9e976f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 e463794fb24112fd448a75b37824c626
SHA1 5c8a00d9a4406dce6813107e2d60c2be7e0d5c76
SHA256 2758146dadd05107b661f741dffdc06b7943f5a9f4eb8855b3f31aa3246ec780
SHA512 941fe4eaa4c91de3e6a477058c535cd0c95c40341aeb163039172c692df8fe786b3189de8d04681050b86108253dc94f9483bfc7cf61f79d565d331eec0fd3cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\06JX1XML\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\79BH98H6.txt

MD5 76f7eae73d3b7bb8e05fc5daf1655c8d
SHA1 e82cf296e31839c6b664e6c9f484c0ca9f7b3f13
SHA256 8847c95acc611d07ee4a89bbfd303e60942962d73bd381cb4652edbb9e3b96e9
SHA512 558ba3e3e72011a2137773acf6a399a0ba43efe4dcda026c36dfe43722ec9560e4cdaeac0c395ac01ad3dc6f76d9c4c6d9274fc152f8ce57ecd18bb57a89c5ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 19027a26990531b1915b9a1702208de0
SHA1 a1f7d0837daa108b97bfb321ae091827a51b2390
SHA256 a0ff3a6921e1627e936eecfd2ae3e827e6aee08a0fa19b523c7f202802826861
SHA512 009a8e5dd5444fe62f80fd33365c6eccb2715786081432ee8d7a5df81c180652ded0cabf303e893632797316cc05fc46cfb35df9d692ecf060f8badc7596a203

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9310d15fe3530482aaa41bb043c0c26c
SHA1 242cb6873c7a9df47a6c7e7226aa468687e26237
SHA256 18f69cf02450fcdcc0d56065a786dd1e67f374485755a47e476ccf5c1d04f250
SHA512 a6457edc971e724da57857194137dd3f24c5b716c82b8273c15ccc89cc25fd68d5d3f37d66d574a11461763003847bcb3dc8cfe9d92ba877b104b844df6acb59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 d2d579bb673849b704355dff2a63d0ac
SHA1 3e87d69c2372aeae5ed56b49cd79c2a9f2d48fa4
SHA256 27e188f5670ba4ba7f1422256b3b796cfea6fb6d1db39054925d47238f4aa644
SHA512 6875d2d38afa85101dd1011ce08a3b30ca0dae815c9f341acfdb2a302e2fffdc42e5027a428f270b8ad5075529dbdc42c2d914dff9be18959feb8fa94104e689

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 e5d3cc41fb6e5c24162e94b1850e5937
SHA1 9030a7403e8905be80b963ca922aa7f0e2570a23
SHA256 a7aa27bd23270774231b9e0d88d33701dc1d73a71ca28f7048d4ed2d3318c917
SHA512 95bca033391c592b8b1ebe204b55656067b53c8f0a7ed74bc4e59395889d14fa274955c72cc13f7b155c83cb1c3d54a4ce4db2fb5bc0e92d9be2c32325666ff5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 4e46fd3100263a683101ec707235dff2
SHA1 a77d70525a32126bd0e98ca236bd716f24e8dbee
SHA256 940c18bbf2e5b0902a4362482bd487092510ee8f307990fdb635fc0e2f6032d3
SHA512 857154be8f185d19416cc8c8d410f46674aebffdee310b5bce41412202f3d0313a661370a62a26b87f7148fff319c194b3658aa7be5ef3793b82abea1788d551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a3f1e06438d1e6e394a2d345abd50c5
SHA1 7aef35a858edbd6f3534428db5da57fe99d7d3e6
SHA256 e424a6603d6b9a29aed835db9b97867650fd21af9508a8767de7083590809618
SHA512 30e9f78284d6447b8c91558f7bca98bc93018076fafa4209fe24cd8c8eef0b172bb58f0db487d97d07abeb62feddb396d14a66089710e0fbff787743c60caafb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1022c796a4c68a66712d0561a7d3f3e
SHA1 529213bdf436fe9cbfca15b91d0e2bcfb90faf40
SHA256 5e6e5e338a1c90de175f7e9133241b5762d4c801f62642c908697b531bbde07a
SHA512 6741422d49931696f457cc716167ce7f317ea87ed0b021fed53cda006c29a393048b5000f7395694d88b5b7614afa98cdd25f19980d34e361955a75ed6971170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fce74472c06e8a8abb5806c03c374fb
SHA1 09c94ad618d56e65f01395ba02753278ef51bb80
SHA256 e2b13e0faf3e92c40502dc1751ec0c598c93f285db53d45c3c3c3b0830d59b3e
SHA512 832758a199ea740ad8c0ebb5f986d3fcb1cbfb50eff042e1e94e5da61c1a3b77a322b28a399c85ab14203e07aa03b352c5a6d564da1d835136587eb9c1c7ea8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 460ba5db691dafd75d67bd890206538d
SHA1 b111392316531d45501aa9666517541d5c442ff3
SHA256 15ecfeae7a179b3cafe54bc4d2f4238e13bab83c5ffcf62e3041a39798f74e9a
SHA512 c5221d7b90140c9bc64b75f26700ddd61fbef18c6ec7b72ed063df009aff544ead460c7ed343eade593ec4ef2eb5fb9c3eb89902a91ac9faf9e02e723acf794a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40f606f7b701f1c4ca5ff03971af1ed7
SHA1 7e808f7b065c4f57681948669dcbd268a7ba3783
SHA256 e4d3e99afd2f03b0fd05240fee26449dab5fcd4c107c2d358867cfccd039ed47
SHA512 520b73ed12f591bcf217575992002674659000859f7b83a537c0f7f8f693c6a7f2c4ea01540513494ff246870ef2421814008aabfd861451423bb8e72bd91523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56201082dc470b2a1cc7c1719a6776ba
SHA1 98067c07a69c599739c59e374a26c4fb6390dd57
SHA256 7c06b384a7e2eac487d8ae16c9e932b8229daa43ad4ea0dac564896acfc3f333
SHA512 0463f04fc594a3e1d446c508ec39de01835de945eba8c7ce6fa31c8977b2006812e5b5ca9670534ec56389eb4edda6622197611fa15c88fc4007f9ecc4cd1054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9b5d524ec8165c9ac7f198f3c0b3dd0
SHA1 9a65e65fc0e2a717d7ea6f6cff8aa15634501fa3
SHA256 3d1fba644a3dfe5243dae11915dbf0d08438b46fba71cfa2e95df8d05b9b7e54
SHA512 adba3ec9a151dd73ec4f2ccc7138132362a6814648e5728032db608dec14ee35cd38f72f04073c4014c128aa674d2c47acf3139e2eff732eaa2f39d1e41bd058

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0e399f3c8c707de507be63108a2d256
SHA1 446191617f23edf26127d19dffb718eae2050575
SHA256 8965f8093bd4f1333397c62a9b60a707b3586b3ae2ed1cdc912a5e43476449d6
SHA512 0d6984ec60291cfb95b852ab5ee66ff75a98ed5c84916c6b94f7b6bd93a01db744250bc269453b63852d1f6c139eb17e6900f4207a19beb8687ced5e9cb7219d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93be2228e5767cf339410ab377ed7d64
SHA1 7df0f8d08b1320f582e9bdafd500d059db6806d6
SHA256 feb26d4c48318cb2615e30c36efa41add4846b22f3f2d3ccbbc6b6959105ea94
SHA512 d7592ed1b1deea04dec230faacc87c0bceeeb02cd9b044dae92ca3ed41ae4dc2b3b62074df525a3887dc1afedac420b2deeeef79aa514571f882df8c6336777d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41cba747d500fe2761dded0269ce6662
SHA1 2a86edc741bff58970f248a44c682f828f4e999d
SHA256 98034de81c90db25b9a91ef7512282b920034acc4280a4af26e26544cb6e8690
SHA512 43123cb9332a2e0ec5c20c059bfc3f123d6b98cf88e518eca91f7fcef34a4c86872639d6b262ca8d6ba7ce43c3f3ec7896c9466d7e00dd89b9719a102447fa86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aba4bb2c8ede401ae08deee2836258d8
SHA1 9c9f058f831d993330ee3c42377ea5fa05427601
SHA256 7b67ebd3840761ad8b5b89fbca98144f7aee912f565395b37f9f1196f94ff5f4
SHA512 ddfadec034c9fff95f172aede896c3fd5ab1667d57a67bc85a588f7af0bd6c2aa4fae09ca7ff9a7b696bc86a9e66391e48f62f169d594ae3eb3fe3675298fba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbef3315b31083c7c4919db3e9cbce05
SHA1 fecfbc829d044e5ed04202b24fb0b7894815a570
SHA256 937c2046099feffea07aed3112bd5984d01f29ff794bc17ed9c1ec8e8d43da26
SHA512 a29c6ab526b80ad16672190e67565074b7bd5753dde68c869943135d99b45a25d8cd0c724267839789a11185dd86e0add254360f0ccf5a90b01b4db94c2214cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c12ef40c162f4dc55c2b11e025e69bb
SHA1 6a65522b59bca436baae498a76bb9cdd9c2b4774
SHA256 0ae7cbc7bcbca5ccf2c37fc49d2aa7778e898168761fa6aa411658067cf1bea4
SHA512 3d0d10f6266d51a557cc78b3e28458e2ab60298da3942ae9c2911f79256d9f36bd51efc24b33dc576accf9dfa9634631bb34774056970e54a217744412dd3d14

memory/1700-890-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2104_EPXAXVQTVNAYUITC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45f6446c020850fb9a62f0db8b650d04
SHA1 83b1e27903668e718ca962aa089f9cb6f9ecbc46
SHA256 bf8b884e2ec70b195ea1723742ab308bd63b75fcc113a593d1a852f28e92d110
SHA512 9d0c9afdad73e35ae5d664822910b16382de304c74a27814980b1141867e8418e864f2e8504fb4fee5696f582c0ee1e982a38b966a0aba298c96688fb55a216f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\67f57530-0373-4618-ae7f-2da1c1a063c3.tmp

MD5 b834587b245e9ba5759b3f8c921cf31d
SHA1 e010d822cb124be644fbe0a989d5a46ea900d8d2
SHA256 ef1c5ce79f6f8f028937857716140fdaffccf63591edb8403af17fb72da88a9e
SHA512 cdff3f8a7bf5aefe74657fdd069e690b77fe5288120af117cb4ddf8b6f97d5301ff3c88d0a4c4c8566bf366c4c4cbbc7cafc3ba7564ce7361b03477e372e9f05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 98404acaf82dff5c6ca10b86ce16e8e1
SHA1 4dc36e551c1efddc325c0a0b2278caa246952172
SHA256 87855337b1101b3f210ad234812b3d094349b28060217be5d227b925638b6fc8
SHA512 068a8d3f7e0abd1d6f401f085e214de3a8c9a8f6e0caad8e379e491924ae07fcb04ee5b4e4933a5db60484e07963c7ddcaa1a20e049a5c9e7d280e723456208d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 406e8d84b16d86a8e2b8961602ce662d
SHA1 ba5e8648e229853c21dd22de48875816c1024031
SHA256 db713a6fe7eafb68795256ce3331d2627d5b69e087f32a13902945ea7c4e487f
SHA512 9265f274c6ccdabde7abea6091e5957c4edbdeb883f153c9cfd6d21ea603ff160c1535a3cc5f3c7869a406715c788cb124167de6e8caa913d8209b8d621ba008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f869ba7d030ea1c8b878e97222ba52ba
SHA1 b48c42021dd7c51c57f2efdcbe1ad63874079af7
SHA256 4436f26ce184de6590b828a10de740fd7de9a9608897988681b2426ba859f3c9
SHA512 821c8e0fa0cb57afc67289726b38cbef134d45698c78b13050b674ae555a74ea33c8ca2817a1ef384b065a3826e5f19e97ce48ee71d7b6d0f19b3983eda35547

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\368a50a3-3cc8-44cc-a8ce-b9f03d8e4c2b

MD5 e268c9baf34ee7b5769354d0661164bd
SHA1 ed9d17b1eca6b8b261ac34f06f41d3ba12afc5c7
SHA256 189793539024050af65e405c4f73553d6f93bd9b0c290d9980190c18d45943b6
SHA512 d715b2fb32cf7057e5e09d6d35e6bd7ed30e4c7351ca40f67e101062c507bd1adda7fd0c73c357be5abc53802d9ca6e4f2b644bc0b40db0b1146d32bdba22451

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\019dd43d-e8f3-4794-9a25-9e8a255fe3b9

MD5 401aca8a61639b7d559cde09892dc363
SHA1 00fb53caef8e42b93ef6b3d43440648732bda367
SHA256 cec811d3164185bff0ea4c71d6f8fc3de750d6961331c7732e163b13fe04586a
SHA512 d8c3e1fe704357438e6514b50ddb47ab447d55d1acf82a5033ef677ed88d14f7d3893e95f4dbbd03655e49abb1219a37cc3a94b58e3d8e8f5b29b2e26110e8f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_AB52DA1DA93ECD4D37595A195AF2666C

MD5 0154ed306537dbcd7247944d2fdde907
SHA1 22f560546aff5814009fcc5ac479534bfa9347ba
SHA256 6e979c8af0bf53a030ed764743c2e9ff2f406f8dd3177b3b01fdc7a6efc811e7
SHA512 6878ccb773cfd435787680c688d4002c966c821c33493f6a3e953d7bb0a871d1240e02111124dd91ce6180221101d9abd0c8956a48b8ede43bba18162458d640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_AB52DA1DA93ECD4D37595A195AF2666C

MD5 c59e05adfcd3fb249fb1e1c1415844c7
SHA1 94cbff7df6e98bf2da594a5f8ce9f967150eb2e9
SHA256 b617dd919811acedbeeb069ddc45c6c2cf823de5e6ba7f6d574c21600cbdccaa
SHA512 a6d55ac1c9e7926c50faa79139305f54dcdfbc33b4c5838efcc493567668032eb9b2d651b1f4d7baef40ae1748d39a8e4f7275d01402c0fe1a70ee77c4719e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7858d5bb7a9d3102b638fdf0b913e632
SHA1 72982af3fbd7b1678fcb13f9f8e67620804a2c39
SHA256 07a9478f1244172ca7fa82a6947eb0bf0159c1da311090c803c4d8fa7b66eb5b
SHA512 21dcb2a3abb92e5cb85db1ae4ddf948b34ce120a8ee3e24e278bad798e8e92e5ba20e0b76e4b549a29f504e7825af56832e5f34d5e12660053b2c72cc3bb0c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 98548d91d22232ae401ffc32a82dea43
SHA1 db81a792915bab5629063c47346945e68a98e811
SHA256 bcfed5c04aff461aba5a3eec3290d95ef00fc864424eed86f28eecdeb721f74b
SHA512 393b5b3b07591a87afc92babe5f08015bc28ceacd5d1c50f253f6873394e00dfd6fb20f20049a697cc59871854874ff8a67b2a9173e42b9490e160846ebfc2dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 9d76228daed006a32c39144291410c7e
SHA1 c8b0972e4c7a3a52d38b6399a32b0ad2ccb6b9f6
SHA256 bd93d7ea8d720c40fcd448f509074690fa16b5c5407522e2a85020ac2dc13244
SHA512 7ddf6f464d6c623e3c27b76b383c51478bc6368a9580821e1baab224f643df8b4921c1d4183c1a7832ce50ef2bdce0af4bd549f6f79c20fbd0ca9ec997ed8bde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 bd5d52c676eb014323d3217eb757bc1f
SHA1 1e640dca3b3350d4fcb33d90ca0199e430ea6b78
SHA256 aa63bdeb6cd36833b6c25006d7ba06acdde0aee2cfb854f9b6067ee09285a93c
SHA512 1ae92f5319724153251a6f74367c7a0c2cbdafe0b54189bb2f4c22d663e0fc495634f8670f8f4241d33318484fc6d362e045956b3ae440953e7a62b3c9c151df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 74ed9cdb7e9fc878787b4ca8d98a4ae1
SHA1 16f5bb8d595ef7db9e9ac1ae66f18f83d8d114d3
SHA256 767712e3b0c32c60a84e3040d395e7cf4d4bd66fc531e09e5701d5e3b470cf47
SHA512 4f741b3f75be5c15a6686f1111955d3d23e23bd7b17483f6f178a577706439b1fa810d19ffb0be4f91934787443040df94849a7f672509a3a7ac31fad436fa45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 3660ac93ec2b87ebbd7f62466228304a
SHA1 c6591c7f025429a1dd66d20ce8efcf57d0b580e2
SHA256 5e451640f88f1c4cba0caf079a3ce8e21f0fbea86ff1e8e0a22d13a5ce2fb9d7
SHA512 6b654dad60ce0ed5d167a52d935bc3e37d349e97e991218d60763accefed73718958a37559a9f03b0983ea50963d783f0ff677b48d35ab683fb2b54ade53a380

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 0a144485e547adfd164f8c825277c54c
SHA1 0af4944c1a8b52802ec932d2722d5f4c8ce1a0c6
SHA256 9b471881fb6a165f9bcb5f03b830994eaae3962f6e03b1784067937061497046
SHA512 63461e7e8edd3ea83a04e3d708ca8da2dc113bb88875303603b9245d88f2f3cbcfeb76f1ab86933b5f02db98e25e9a6e55375f3c4093b9c9ce0482705cb5b051

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 003c639ccebca141cd4b357ac19a6e3f
SHA1 be31b0e0e47d648a08c1a5c8c0ea81b476d23dd1
SHA256 61246453950668a94d4259fdf65d765326f62ac17b8911c3fb2dc83bfeff8b67
SHA512 9f70ca92326556fc728fc1d1fbee88a967278feaf99c4d361b1861e4cc366a6acf70adaefb8cf5751472571707481fe6bbabe31a67e70ef1b1eb753518dd2073

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\184\{3a6f07d3-b37c-4c06-b357-3ad9486a02b8}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\2663205483yCt7-%iCt7-%r4e4sbp8o.sqlite

MD5 e4ea0d5c3abb98fc261349f43475c9d2
SHA1 62e0deaa8d18ccb12db74b5e1084c2b82dfaa953
SHA256 9aa94a9626edbd13e3d199625f737937abb71145badc3bc7cedcba34f02813e7
SHA512 a0c0ad42d00fe4fa0a54901cfdc31b51a2931c7a538be17a71e51da864786a633d105dbd911238aa7a53090967b96e711ebd8d2f3f24648d83de8717718952eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76a5f0.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 10dbef41c0ad25a4cd7bde85ddc58780
SHA1 813d0ffd286e2501c88dff9f1d7fa9c1c398efd6
SHA256 f78956752490c77e6537807214f246f4c1e1b1609348c15ce94aa4415b3c8907
SHA512 c896676e11831ca542db1744f8b77918cc0f0d1c3aa880db91804231074ec9f1eec771698bf1f9b86f339064e7d1736429b1c9b921c67969acb0b454f4ff26c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{882f2a47-8e8a-4772-8133-c1c346a1ff12}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\109\{b578c9c1-6f21-4777-94ef-068fad41186d}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{c56ef3a4-15dd-428c-b1c0-c4afab1f71e6}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\62\{b694865c-57b1-4845-8847-59dc1708a73e}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 50c0b261dd0fb7b5dacaea5e99edf846
SHA1 05a96fd70013df7a8bb678c1534f82b19514480e
SHA256 9ba02918caf50b4079e5851088bccc5960bbdc7a6881e5bb4d2a0d8431b8080f
SHA512 873110ae7561d6c7ad37bc85430de9052ea8d90780f41e783ce627ba997f1dd11ce00d0ed846e0e484de80b92f0aabcb6e106238be8ab20ccf1daed0e1d210c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fe0c0e7c635f437677b1dff91d2dab8
SHA1 719823a59a4f68d9f138a49702edaba0b3ce1bab
SHA256 11046eea31c444ba950b81001cca15febe1f4e07651bca8ba0f6d5f4c2c80131
SHA512 a46b228cf38889d31ddb623c4c900d989ddbaa0861f44de0115c38f8d54924d85812f7f66e52a6719398eef3ae3e2e13b9b9a86e0459eba0f4f9a242a0d56fb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 43c50e69d0e513674315015c37f4f44b
SHA1 94fd82d88a60f48eb9cd863adde149fce90a98b0
SHA256 1c16f713efb789f2dfcc50520167c0423fa254700759ba8fc7713f6d74281b83
SHA512 9938ec6a24588703415c09cf3701ecd128257946d7c9ddc7fb19de78db972158bd4258c85d7f7613c343107ed46960dcbaa49f2443a471717a633041f749ca5d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\680d76f0-97c0-4eda-a749-dfa27d7363f3.tmp

MD5 224592b84e8069ea4d32479c58e573c6
SHA1 933220f915b72e270f5984330bcf1c803e2bd885
SHA256 a14cbc552add90dc6ddb26ebffd65b841172da0d20af2c7fcc539a0d9f57e110
SHA512 0ad68f0c5760a1a60292203c0a17964956311b5349e155328e7175d10451345cf0ce29e480f0fcb69fce13f9a2e4c416fed6b0401e6a625af2da23fde65b83aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 0007616c0fa5d3981ffc4141a988bf4a
SHA1 6cd46a6b04b96cb7698477456ccb6445f6a162f8
SHA256 bc8e493f0d74dc0a915d5173a683ff3874645b7a6aa479662d838aaf1c0fb678
SHA512 f27b2cce808b48957140617d58eed1949b5119bfc901a962daccbd924c7b860c9e2d94a20530cb7c8b87b607a70b1303e4076ade3725173918fcba0f0341ea18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e9a3333978397e7955b1185f62ee94a
SHA1 365ceae468fa86d9ff8b88c76e2a3c13e5675e07
SHA256 e4cc6173901b28703c02850e5858c2d42b83be0b1e03a8eba6616cb4607f86b6
SHA512 6f862bc912cc6f0fa26586c5a865acba79a71536aa7d060a3da8a80207f3e8e46bc62ef0250bfdd51190190c3c87811282c5d48d2c8510417b21ff1a4c7a3d66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9d77e857688b85e7348dc38cd13006bb
SHA1 006ef66edba1508a9344f316ca026ec977b4b32a
SHA256 a6030bc693ea691ae16f3673c90436ed2b86e71efa6c35e55006765cd746bb21
SHA512 5159975a30803e1f3f0536d323fff12d8b39bfb9d3dd38b9801ffeb0814525a889a8373d584a984455a6009e06cce98422839cc750cdea73b575156a38471b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95fb0d01950858405f0118fb46daeca9
SHA1 0fc454691fde6211b50acc22f76c5eb436aca6c6
SHA256 4e8ea3b073c54b4df04d7f790992769ec87691c3e4eb5860702a72511639a19c
SHA512 724660654c13e28bf937a7071b58e37bd4a344da5e96647abc12d1cc291978cba27bf002dbd13999fd7779a35760079af2db0163cc80d18392d8690e63890ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d2a6d8043882dd55f65c79f6d5ed98a
SHA1 ee0e9bcaa0b0f530a6c690dddd60899f33a942d7
SHA256 b26bead61a97b70c62d8dac94ba1756f4447aa2898153594cdd5fa62aee74c5b
SHA512 62240322ad48bf6e9bf34bd0fd6a39d656ca65ed85f080f8f94944b366ec9a1c76803421004949c0b684cc5d35771172ae66151849218c32d4667caec6a83a81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94224737c13831cf0932a928be6de545
SHA1 b53b3c3909deb3388e1187a5de38e833dafb685f
SHA256 e5701405f790994260de6850ab3d51c47b4f1575915b43584320ecf0252321e3
SHA512 fa5200d105f4f378d8e734f0de15fac067810d347b7777da718e0e080811d90420d9831f607e1233afe398f4d1e76f6dfd666fd9ad958947913d03d99bc61d73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82bb2915c0c20b069b75f209ed52db59
SHA1 50169e2dfea495101112fba49272fde769e1355b
SHA256 e2dc583d304153623daacb86c66b0de60c5abf7fd3acc6dec4ff89ffeca31474
SHA512 24b32230ec50349eb1e45d5c61f9be273ace5ed737add07f04b4d3a2e61b5dedd04c2953c5cadebb2db8623a45d03496591ca6856b56635d0820c003fdd8b75c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36ac8accf1bf8291b813c3e9f9040492
SHA1 62462673cbb9d997b4c5446d107d0c4e96dc8022
SHA256 14ac26a3ea1e5a0cd104bec23ff83b3cae33a25ee6d1af8257cb6b1865e976fa
SHA512 d4800848216e11b447595e9a97124464ed457f8e9a260f9f04323e8cd4546bd580a81b0202146007fe2d7cc9efca5c6550077d41d5a4696a9a550e5a5d9ff187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd06d47c4fa3e99ecc41a3be47d4b69c
SHA1 4bb429ac85957ef0b211d8e023077148f8fbb648
SHA256 9cfa6ece00e62cd643ff39be2b5f3f287a74a4594cadedc7e4f7356e0bd8e23c
SHA512 496d38ced164cc995bb72d872885711930376045989b39878d2a62e136b0b9366ba5e5e606517164aee63a9ef1da5db41aead03e5d4deb8791127e001fe6e9e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 24d2746b866b957ca695429df44abb2b
SHA1 28a04298f7db76f2d898b64d02ca98c002999335
SHA256 7512af13f84023e3dd2ffaf671a73e05ff07ee79bcb1aa044a06f529f93f2f6b
SHA512 f88179f87d1335900cb5e50fc3fd1fec458dea01d210eca0efe676faab5f38d7c2d139a8cff76f4531d0f39e81749be00b70fcd6ec2cd60060e7e01524467017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59a17bfa526cff22ad7231fa2e342f75
SHA1 814cddad42ce506bf25a937b21b5fb1e9114de5b
SHA256 78731ecab619753bb21f55131d4c0230c35d4fa1a6ed1f63e3623d69606690bc
SHA512 b6e1f0e5aae7767da57f3ce118c94d1a03b18429206d8433307f171d3af439711fc6d7938b8fb9e5db140c62bda3b295b37ab6209267fbcb0a78262813e0e6bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f37a335d2374c414660ec2a0f31951a
SHA1 697aee8d1f26d6df3725055d328da28ed8301411
SHA256 c556137d5ba7070ec85c3d54448c7119b848312ef7689a49ac03cb20a33b25f7
SHA512 497889d770ceaa13a37d27c0e0ef4e96767b00b2bfaf6a84350fbade22a6b1f8ce7c07c170b686e1b1e082296ff2ca52a520d9bcfcf1cdbddeb2b681702db125

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7831c618735ea98c20ce6f00cbae0b7f
SHA1 8df6a9f98b91d44aeee348afeb35a001710eea95
SHA256 2093a11c4eaf5072f00859ea95f822ad8d10e221482b276184ed5f2f7aa75e35
SHA512 18dfb52e77ad714f01911bb94d42ececc31c11f9718a1296b8e3d5908409da9ba1b90f74b6760ffe564abd6476bb0aae976d981131ece2bb6caeb4aabb4f28cd

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 1aa127a62fc27cedfe67e2ff597388b7
SHA1 eb1831553ae497bc8f9d41aad7787b9b9d7c9d0d
SHA256 cebe8ab3bce0d46e11f6afde911fc37dd28a685fb8f1df15d1aadd0e7e95f191
SHA512 93cd81de7aeee718a3b9c9d1b972214fc6a96752a1dcaed10a609888d4aed5f0be911122dc01e61fe8fd0c0ecd687c5e588502f2c5c970ff04600628c97b5937

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 08e4867c24635157560ff5ded6c21353
SHA1 86a4a325e848b770d3e7632d04c7e3d280844896
SHA256 fbb8330cccdeff90b15481f10b14b50ee4eeade1ea2adb658d1d986085703318
SHA512 bfe9a3e8ee2bd65fab28a56afebe71a6a4d9b5619d9db269db9c3d9592a791e7efb2be30e1f182213f71faac4654fffb19927028011710c95d59f9edcc925df3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 005df7efaf21496704fa0514bc8c47a1
SHA1 a43d5a04bf61e5c399d06f6ba44af4c6d0b06b38
SHA256 09cc7a84552f2323dd83c0c7e166007a96dca517b858f9e23d2f19be5743cd21
SHA512 26aa10b9b395622933e05304dec7c521d9a9f82f25e82734d23b231497787f03a58f2091c39c6bc87250c94bc74907716749dd7ee9fc635e869d355ac571d3ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 402005477cded584211f8074cc278a3f
SHA1 2ff28e4f1544de70ee00944c8fd976aff333f863
SHA256 8efe0573da81ddd595bd671d4c283d1ad8f98505bcb8e731cdb2c5c11fef4ff6
SHA512 1196a44dc5b6ab17a2fd4046b982d066f6dc673355a029b9121e0af137ad7bcaf0cbd27492aa6daf089017efd54ad40c4efd7f9269b0e66621d22e75d6fc809c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0f3a64faebe2cc93100d22449f98226b
SHA1 9f6f07c591f7ac2b8c4d3749e09cec8cf1c3d3aa
SHA256 cd9cc4ff1c440f7301d5e840c5419d7fc198ced25d2d1513d6627075f5679f0f
SHA512 963ee80ddfa193687e6088efe18a55144eb1a1a40afcf6d428403b30076dc22b99802bb343ff2ecf595b59c4e1e7d34dea3a5b9c1316432900927345ac6b0774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7010778520d032a99bff41a9eab6e6e4
SHA1 b650238d52ec2222d55b38fc8dd72d48953ffb26
SHA256 bbeaaec7e3a98624c683c5538b3c9e9dd4eacd65e7c2d182db2be9757a8b5144
SHA512 7197b969049730380e77bf15e3f66dd9557e8bc08a7118be70b1e178faa87f2c5c293b114067bfb0e9d433a18c77037f6595c0150efc02f047dbbd790ec76817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a4643648d9220f6bf574dcaf8fc9dea5
SHA1 d938807c9f21194a0e794bb8f7419f1e731c30c2
SHA256 b5d82de724b1459bcf472186fdc271f7cede37ea472588e167e02a9e3a587bd2
SHA512 1790305a0fab42581578afd140223179c8e92d82fccc9ca770509a5eabe181fece91d35f5823d8c5e2b2694cb2e3d6d8d6f39b0f55faf453271472d564605720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0d85879dedf86b7568f65ceea0c0e5e
SHA1 5b9b54ed4deb43d0420b7362a3e277f1f0149d91
SHA256 5361eae1b612bbf9601a78dcde67b07612d43dcac46529e4292e27a97a81af73
SHA512 1ff5465010c6ca92a033225902d5b3957c80b01c0b109a5a98c4e4a2a7a0ed170824e6498a5519da0b8263ff586f5530adcc8c8c620ef6aee837b1e00a196807

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c87e449b90021c58e950f575382d0116
SHA1 747ca51d21665d319af301300c3360e606719396
SHA256 f67942c7b79e03e9ba3d654a71f12220cf5b7f85f83ab22b6b2a0cc15b914c81
SHA512 61c267a222cedca7e0a781668061e7058149b2448dcb034ec4015101b0a61a77463400f3e6f23bbdcce7e6661e7c6a6fad5fccd5a25ba7c16405b5db70fda53c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7790925aaf7abc5e9fc0a65a1bc59614
SHA1 d1dd4bb651c11e658a3e84b5eba7dabfbdfd6760
SHA256 95fb42a40e61504a9a7a01b84b7643a88d71ce0a7e7eb44c7a698fdc4c01c84e
SHA512 1629d6d6bd0778322685671c349c3f9faa9406afd2e3572ae8abf14e51f19b5094274e4cc2ed817bbe81263f15c65fd29af311da36050051509d10619b85dba1

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-16 04:47

Reported

2024-02-16 04:52

Platform

win10-20240214-en

Max time kernel

299s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133525326805068751" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8060d84e9360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{A29F2DE2-E7BD-4ED8-BAB0-CD698F12A19B} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414880487" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0bd40c4f9360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2694788800-2737334826-1937309534-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000003f01e6a107578636a931c310b00d233cb73570c4ab893222c4291ea370753397670e1b468ccfdd8817e858bf30c3405032b6559ec24d53d89e04 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 4920 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3508 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 5868 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2996 wrote to memory of 5868 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1340 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5156 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5156 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 5196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 5196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5156 wrote to memory of 5204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5156 wrote to memory of 5204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1340 wrote to memory of 5296 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5240 wrote to memory of 5320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5240 wrote to memory of 5320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 5308 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1340 wrote to memory of 5308 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5296 wrote to memory of 5144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1340 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1340 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1412 wrote to memory of 596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1412 wrote to memory of 596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1412 wrote to memory of 596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe

"C:\Users\Admin\AppData\Local\Temp\3476c4af383a7344a64f0a9902ef19d77ac5068e4973aedc42dbdf5ad9b15d1f.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8c4099758,0x7ff8c4099768,0x7ff8c4099778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff8c4099758,0x7ff8c4099768,0x7ff8c4099778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c4099758,0x7ff8c4099768,0x7ff8c4099778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.0.2059298496\795262078" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {077b9daa-3414-4901-93de-a1c188e95805} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 1816 2aabbed6758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.1.1161243441\546678358" -parentBuildID 20221007134813 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d672f37e-5fcc-40a5-a7f4-a807938981ca} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 2244 2aaa98d9658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.2.761380380\574167177" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2740 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {308794e5-2f09-4191-953a-e14e60437e94} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 2756 2aabfecd158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2376 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2368 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1760,i,5671049574360551721,5903270116159943934,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.3.271972073\616529917" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88bc547b-f28a-49a2-a803-e607c9bb3f49} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 3512 2aaa9861958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1760,i,5671049574360551721,5903270116159943934,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1772,i,16504190674959711658,16248587025172526023,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1772,i,16504190674959711658,16248587025172526023,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2568 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4784 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4632 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2968 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.4.1457062599\656417859" -childID 3 -isForBrowser -prefsHandle 4624 -prefMapHandle 3348 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {832987de-56aa-4b23-9267-1d1608641e35} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 4640 2aac24e8058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.5.922010005\187643079" -childID 4 -isForBrowser -prefsHandle 4756 -prefMapHandle 4760 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0463b3-f579-4615-b27b-ff13806ed688} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 4640 2aac2744658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.6.492311696\392115089" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5044 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d99a80de-3bab-42b0-992f-3db18ca2ebb1} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 5080 2aac2fdb858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.7.1008193628\288230460" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {437cf536-2408-4c78-ac4f-b8ca2692be9b} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 5244 2aac2fd9a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.8.1647657578\1192782708" -childID 7 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dcf695a-70a4-485f-9b86-93ad9f91897b} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 5540 2aac2fd9d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.9.1405706233\1892572974" -parentBuildID 20221007134813 -prefsHandle 5812 -prefMapHandle 5808 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40371be2-b179-4bbd-a61a-5890e7ea9eb2} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 5704 2aaa9870d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.10.569093677\726578500" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b2face-c51e-4523-828f-e0289634a9da} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 5500 2aabfe5d858 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5308.11.1858275096\1784758097" -childID 8 -isForBrowser -prefsHandle 6260 -prefMapHandle 6252 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33c81063-296e-4f38-b490-76337b2738f3} 5308 "\\.\pipe\gecko-crash-server-pipe.5308" 6268 2aac1d4d858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=2580,i,2015678571211872103,14136294838697811322,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 26.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 138.91.171.81:80 tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
N/A 127.0.0.1:51002 tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
N/A 127.0.0.1:51015 tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-5hne6nsy.googlevideo.com udp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 105.132.217.172.in-addr.arpa udp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
NL 172.217.132.105:443 rr4---sn-5hne6nsy.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/4676-0-0x000001B49FF20000-0x000001B49FF30000-memory.dmp

memory/4676-16-0x000001B4A0300000-0x000001B4A0310000-memory.dmp

memory/4676-35-0x000001B4A0120000-0x000001B4A0122000-memory.dmp

memory/4640-93-0x000001FD68000000-0x000001FD68020000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1c30062af9a10af1b99f3ad8194b4fc0
SHA1 473f8b7199f4b97f274c731b3f398b977dbe40df
SHA256 75d25466893e281c8ff7fc1c11f7307d5d4075714e3a7d6ed7d9346c8d792a9a
SHA512 4f8a7091bfbabf10a2c7aa0ada67c3ac684101bc478f14f2c82707b682f39afcbfd54f7214f819a1a6df775322ec4c9469b3547b352c157f7040cc97a9a9d6d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0451878bb125b21970f6648826e368dd
SHA1 56c73d173e93f585cc13593ae33cecb0f7524e36
SHA256 bc192405d01467d5d5be8ffbc01496411964232a412765100fc2c1c654379e34
SHA512 52dcd4b11b4fdad46f8f3449d48ea43c7fd217db871cadd0818a951eb10bd80dba62304457541d31c17c1332868a879a50f945558ba2f3bd331188f2180946bb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8e48667af9502e752f1030215c4dba30
SHA1 1dd448c89403d8f751893b0b3c97002a62ada18f
SHA256 c70f7697bf1593473de242d5edf684fa7b1d91c0aea11fe5c215d127231f636e
SHA512 79e8e21ddf743964d75e2ebc4c8ec15ae9c6b996efa7f7e32d0757a5d471000cfd3fe4ae36b42ca2dffdfbc2012e5e61f0f2eea9009abdd28e7b224ad60bf1cf

memory/4640-115-0x000001FD67880000-0x000001FD678A0000-memory.dmp

memory/4920-165-0x0000025EECAE0000-0x0000025EECAE2000-memory.dmp

memory/4920-170-0x0000025EECCC0000-0x0000025EECCC2000-memory.dmp

memory/4920-172-0x0000025EECD80000-0x0000025EECD82000-memory.dmp

memory/4920-176-0x0000025EECA40000-0x0000025EECA60000-memory.dmp

memory/4920-188-0x0000025EEDB30000-0x0000025EEDB32000-memory.dmp

memory/4920-209-0x0000025EEDB50000-0x0000025EEDB52000-memory.dmp

memory/4920-216-0x0000025EEDB60000-0x0000025EEDB62000-memory.dmp

memory/3508-224-0x000001C5C6670000-0x000001C5C6690000-memory.dmp

memory/4920-227-0x0000025EEDB80000-0x0000025EEDB82000-memory.dmp

memory/4920-235-0x0000025EEDBA0000-0x0000025EEDBA2000-memory.dmp

memory/4920-239-0x0000025EEDBE0000-0x0000025EEDBE2000-memory.dmp

memory/4920-310-0x0000025EEE900000-0x0000025EEEA00000-memory.dmp

memory/3720-321-0x00000134961E0000-0x00000134962E0000-memory.dmp

memory/3508-311-0x000001C6C7880000-0x000001C6C7882000-memory.dmp

memory/3720-326-0x0000013495860000-0x0000013495880000-memory.dmp

memory/4920-307-0x0000025EEF860000-0x0000025EEF960000-memory.dmp

memory/3508-352-0x000001C6C78F0000-0x000001C6C78F2000-memory.dmp

memory/4920-346-0x0000025EF2260000-0x0000025EF2280000-memory.dmp

memory/4920-353-0x0000025EF2AE0000-0x0000025EF2B00000-memory.dmp

memory/4920-360-0x0000025EF2AE0000-0x0000025EF2B00000-memory.dmp

memory/3508-363-0x000001C5C6860000-0x000001C5C6862000-memory.dmp

memory/3508-374-0x000001C6C7B00000-0x000001C6C7B02000-memory.dmp

memory/3720-373-0x0000013495880000-0x00000134958A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C60R9YHD\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4920-402-0x0000025EF0900000-0x0000025EF0A00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9310d15fe3530482aaa41bb043c0c26c
SHA1 242cb6873c7a9df47a6c7e7226aa468687e26237
SHA256 18f69cf02450fcdcc0d56065a786dd1e67f374485755a47e476ccf5c1d04f250
SHA512 a6457edc971e724da57857194137dd3f24c5b716c82b8273c15ccc89cc25fd68d5d3f37d66d574a11461763003847bcb3dc8cfe9d92ba877b104b844df6acb59

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7723ef2a6d8abdc050acb96ab9ddabf8
SHA1 3034ddb94818df419bc1b7c5768806f29a285e2e
SHA256 3c2d8bc72ce235540217d1e44d4971ff2e62996b99c687da532244dd412ac447
SHA512 814fc7cd5f12509947df78a35b7d772b039cf07a8f9bc89edc1568ac8d2471846f25378dc1c606167ba5659aaec6c1d7cb176c23eb7c12e4c0b1fb3c065b4586

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 bd5d52c676eb014323d3217eb757bc1f
SHA1 1e640dca3b3350d4fcb33d90ca0199e430ea6b78
SHA256 aa63bdeb6cd36833b6c25006d7ba06acdde0aee2cfb854f9b6067ee09285a93c
SHA512 1ae92f5319724153251a6f74367c7a0c2cbdafe0b54189bb2f4c22d663e0fc495634f8670f8f4241d33318484fc6d362e045956b3ae440953e7a62b3c9c151df

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 534758f14dec0e43d07291b899fb501a
SHA1 647466eaf2ccb47c7657fc540d7d29a5132bd817
SHA256 a6f963dc62c966813dbaea9325fb63f88b0a9d8e5d7e68061ece72625225872c
SHA512 9957363c78e604c86da3f22cb107ccc21251a4f8210c54f9a1a5296d2fe4b6d89fd922fda083bc5f0269908e054bf014d1ceecb0eb26dfaca9b72c871a021680

memory/4676-549-0x000001B4A6AA0000-0x000001B4A6AA1000-memory.dmp

memory/4676-548-0x000001B4A6A90000-0x000001B4A6A91000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CPFKZVI4\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/4920-646-0x0000025EF3630000-0x0000025EF3730000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YRKSFC3W\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\85jvbrw\imagestore.dat

MD5 b6aef0913fe1f112a0146a9c0d4442d3
SHA1 d68aa0064e1ebed9688af963b30fd0b5096417d2
SHA256 701fab8df98f87871e5372cfa22c24338ca58c68f52dfcf9245e4932a582397e
SHA512 8a4e6ddb528487d6219265aebac4e26909b62d5194177faefa3831a0e97a8c037094c2077a0ffc15de0d753d7c6a26d1e5a2eefc7f0eed11253410ac25614576

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d0cd4fe90c9d4ac909a74381a53ce067
SHA1 dda7494080ee20a69274ae7f7b06c73026e606cc
SHA256 c412ea0d00a8ec4cd1ef2be9e1b480e4b6baba3acc8065ca390ccd1edb29f33a
SHA512 c61f06d84219b2918f72dc000ed0a2b68adae5dd989f4f27370a463eadd65c508843028f927e4f06a5a0da46ae26bab3fba1ae212ca42e3bcdee6991745aab94

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7ae75d182f94617fa9c8abadaf04619f
SHA1 d39f1475b57304d7bf2958e3da95f6a1e25d0e9c
SHA256 e31d97a30ae1a9c06f6f70654189fc4c8bc0e446ce010174085b0ed07c44460a
SHA512 16a2584579506af7a734462ae20ab4382a5b40d03841718bc3865ff5eca77800fe5106522186758d5c073c0975fe4c40857189f15470420a4d3c796da8a4975f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RK2RC6MA\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MCSO2I5X\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\rs=AGKMywHEIYQh7sWB8iqy7VDdPxD7GEphMQ[1].css

MD5 b03b6f8e08af40af202b3c59cc2142bd
SHA1 0bae6528e9937adb55f78f259f906292cef060a5
SHA256 a5d9a9d5992f070c2b428fb7f8ec766facdfe89db7a27c1e965c2eaca10d3067
SHA512 f3dc1e9665178240d881c095ba34da8c0256f63410ca5c19947b1d5bbf10e5d0cd1d235bc0ea11767c61241fa4e398a1432ffb6af17ff532e2dc68ef394dea60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 de368cac13501fff61abcc78c34d45d8
SHA1 225b86e06f77164d8c0e1cfbb2b70969f33a7dba
SHA256 7444a4d5bf082ec6852dfb4d0ff3d3d9f6fdedf6270a92ed1412221052036db4
SHA512 05c436ac373de33d945d8957c51f75103bf5257a031416ea5f8bd777848be035e00db6d03f9e724c4b204dc83dbc2f3c2d3176c3d24dfd443d4cdb9358a432fd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 a41a57770724727ba7a0df5a22f65a91
SHA1 5544e02ff36afe4130d89d1d504f04b2fd3c0683
SHA256 8a00555acbda13e9c3c6cb6d4d82739a1078a534347d75655ea5786ce3fe7dd8
SHA512 823d56750b75267ccca70e3735c42fdca9946d540f14a51faa4898d547a55f1aa87b98f522786209f93856c95b4b0f7845ffe9603edd62f8ec7b4883746c0db8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MCSO2I5X\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZF1RS3S8\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8QZ0Q62V\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8QZ0Q62V\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MCSO2I5X\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a65244f27e3c02bcaba026fd25486840
SHA1 5eae3ff9294fe50ff85bcc8815a8d1df201db071
SHA256 06ac086850f29592cc1bc6577ffc82ba66645ca2099205684c57562a40603621
SHA512 d16cd18b728e2ba371428205a7661fd548337242567b82f25bab06aa0f383f00f2fd7a4a453029f3a0a3c54ae425507105fe13056d5497b05ccda3d3209b971d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_5156_WKXSJVWHBRFVWKBA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ca3039367d2830687c7307823185af6c
SHA1 54a7654c45737166af24921a9ce0d70b09732a7d
SHA256 14308fb7284e33996a120663e34198aeb926fe249f8420d1bf066f8760abd499
SHA512 4b892fe331a061523ed8fc97e086b1ffa45a7fc314e9ed008b70b4126b13813395e254447bc4e0338a06f61474d9698d510809340b96ce1cb27b9eed44873535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\73b74b0e-62e9-4c8e-9b97-fecdfe4d94de.tmp

MD5 7abb7516569a4e6f19fe316313641935
SHA1 bf38faf121731322c54fd108e60efebd48bfd330
SHA256 4b9127320dac1e2773a3c7ca61826d7acbd3404bfd86b912b19a492df5acf378
SHA512 358c88b030990e9a86c5af315db9d8a8514dd05ac9651ed343c842ae20043f1aa58651a1848ea7c6f7a540a6f8123ee0f420dfb5d2dcaaf0c6a64a0e1d1ae1bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\pending_pings\c0d2a20d-7a28-4b0d-889e-6cf05ed9c9a7

MD5 a368a6fc143e57af5398976bf925332a
SHA1 1a5eed0aa36b5147883fe63c90056461e6f05358
SHA256 a18e997d61bc02c53ebec3807410376a2c0ef0ad37eb8ae73ebaa38afca1eb29
SHA512 3f28b75f8ca69d37d0c1433fa4b03f7ee93976072a94ef691dd2d36f52464d526f78c74270aad60d5f7733f87c7af3f8946bab018ac71300572d5c4e8450a279

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\db\data.safe.bin

MD5 fbaa814c1c30f5b2dfc993914861892e
SHA1 122aa348b62fa6a4dfedf4d78dd87eae486257c1
SHA256 3058ee979f2032e7d56e3a15ae3838b889d4d0d143d9c92e8383cb7c7bb2dea3
SHA512 63ebcacac9f7662fa02df9fbb93cae5a5c26b7eda7de03f7cc7eb141171a97682fed1611e46805e3f759abb6f8eaab0593de52b5f525e8e4199dbe2ca2a724dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\datareporting\glean\pending_pings\a9ba1bb0-de42-4473-893d-af0e69d4745b

MD5 28064a4d608ea764b6c02c435c2c5330
SHA1 f33b9f55fb9ff3ea10350577efda0f12f69a3988
SHA256 f86052ab933351fed19abc7b13851368100e4f7b9a2c6938b19cf5b6b3f7078f
SHA512 06000192c506e90f52c21c2d86667ca32c7865edefe3bef0ca95709814cb9605bf84316cbf18435778e9b27bc25f772e62f186b3828933d955e67f83d2039c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5156_736628691\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 cf9bdc245634acc59e50ab6272b259d1
SHA1 b1a8a1863a0b9e3ea826e6cf17688c68f71ca7b9
SHA256 74645f75a02b777e89fb6ac94ed9f8a3a6fa3edb0c702e824e1e655fd747f411
SHA512 795fcf0c318ccfce06ae0cc3cf6ccd1da53b978dcf04fd0747df491aaed7468b49749771c9b939da89a16ae20d5861c096baf69ff1dd61a44f9b5b3ccc5acfc9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 e7c393443e95129565171bff10b55353
SHA1 52284d15dff75893a3cb885bcfc0250bec773154
SHA256 619dc67ab5875ded59d85ec815ab43e6d2b3e0ded3007d1dda97017a9e5adc5c
SHA512 a472668a9255d8cca3117cc908e7c4405d37dcbae096f4d0b124f5fc8a3214d4934676e7877607009f8adb8b62a8c1bc1378784e1e3c7132e67e5ceb966555d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1b2266bca57bbe476b8391577a5d24aa
SHA1 1969414f1807f5bbf7fcd89924df56ea78dcb300
SHA256 030685148098f0a70738c8ba0f04d5b5b271d333a41b611264913b32bc6522a0
SHA512 ac0bfbc7b5ffa2faee2719095c29aa72217023ebf2222a72a63c4f2f08a1c92bc0b18183a4b3fc2595f438ebdc87e8ba4e33ccd8fd7ba9a5fa73d0a340b406f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\prefs-1.js

MD5 199f1c9f3019e111b523640abd02f584
SHA1 89c0d162490cd708c96318cbd9e6e6b7218819d9
SHA256 9d1385f1d52eb06bb4e9364c15bd35465afe1b2f874c4e6037d5a68b00bafc44
SHA512 2747f640ba8703095e69f0b7ec7ddddf21b647dfe1cb8abb02044dbbf1601d805aa7713803c4834f9aa88ada92ca58429abbcab11023eebbe1c35aca44cd283f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 73ef649e6bf6c01a083c9924f899e00f
SHA1 bc48a85f006cca5059f13cb41960e0a10842a1d5
SHA256 61037cb43d5f8e7e86a09834965c9ba6a279b5b3776c02f2f1f6595c32b8f10b
SHA512 53541126568b0f418336ff60f1e1657f6b7dbc0c19122ac6f430bdb07a7fd637d316053cbe0484400bf7bf4b943ed252f1cebff02107991554f0a1741a494f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ff5f.TMP

MD5 d2d6f3bff0b551f6b1940d1dfb783710
SHA1 208150b374fac532aba6eed158ab833500ba643b
SHA256 72763ab6fbfbfd864db3396198f2f02f0826dab02aac0da1775f61fe0f97cb8a
SHA512 57d99e93b1cc85cd74130920d1f5abb8d9b66a38550bc656205c6a6a623c95a2963a4ecaef01ec6c4270082b590343f3619ccc4c3cbdfd7bb62d036ec15afaa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 213597d48a7541abe78b7bdaee0c786b
SHA1 b1e490f95d0d3d5035f52715155d28011a0f8b29
SHA256 3be1070a04e006ecb7cffc585cbd14c1999f47e14df0033530951e94450a9fa7
SHA512 2b497d68b18c326025541ab9e01faaf723f27ed948737b1f4d5936d206f1f88b512ad053b8ba7f1f0aa4d8941caf82a86b64945c5b13870f1b00dec223a5b03a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24eb29bb822507cd2111a80782e83a57
SHA1 cd43cae9ad03a5eef1bd7d2b16a8296d896384a9
SHA256 eebb18bc49272e7dfd87dd508f34459b9933f62bf54bde27d2b3c604107df9b5
SHA512 0793d31ff560c1642af85819fcf07086d8c17a23569f00554b351be647d6722c56150be64eeea6439398939ffd39d64507593e93a36b8bcdffc5c99848461b08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c857d5b5c1ebdbfb48a41cabb3f4d50b
SHA1 87df7580b3f67affce843736d9fe0167bdca5318
SHA256 62e408ccb8edf2fc1e4507170a200ef6b87d5dc809058a1f96ae70fe3fc0bb46
SHA512 58846cd134f4629d9d51a6384f5a76b9b6b52ccb89893f0b6b4d91fc763dd4cd82d87e406197e573ff4d3f1d3dcdaae4a435c8ebb1f5cc56172c57e14bb0100c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\36O6T7NK\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1df7c722058bff8d746391204aa215fe
SHA1 ccc27176222bf8477d6d8996c8b8ca30233653bc
SHA256 3bcb989a20a7f36f57379b1c61b777683c9aa39d67948bb09e898230845f2034
SHA512 61cdd42d93bd87e00f915e2861d8bafae8d7911997150ae62c66a540d0da986872c6851a1a62f992ca19e0c760fcb11a25fd95ced6254b3829fc2290efe2a1ed

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zsiigt9.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 3301c5102316029295dfe2bb3d460852
SHA1 0d752bd211f910fd642e286234f4a59aafc11ea9
SHA256 efb0fa6b9dd52e64f195cada9af8c0b44774ddcb123efcca26d7842def1942f6
SHA512 cd110625e7c5bf6df1853599c47560669a82ab54dfb553a2e1d37e1f973d3e645947a6dd733cedb74674395d5e1f49d3465df1a662d52cdbddf49dc13717862e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{91647ea1-3580-4091-8a47-7476b382a459}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++www.youtube.com\idb\2869388955yCt7-%iCt7-%rce9s1p0o.sqlite

MD5 71a94206a44bfe16543f2846c88fa9d4
SHA1 da58de8e1d4c9bed392999ab3e5f25dc095c4b70
SHA256 bc3316b7376c3d0d9ebf9033643c4221c3b4a2d6139395835f097da3925aa6fd
SHA512 9b4396d449951fe6095713a50964754ab872e2a702fb4896f1d74dc27485becdb3bf5f1128d560952be1be9cef52b62be8b2bbac34165f6ea8d6700f8061e1bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 40b8c70dae3bdb4e8c7859ebe0972858
SHA1 2fc3e389a2b6f31adcc966f4f0e8834b31864ea4
SHA256 2923b568cd07ececb4550a4333d7bb55af868454808478dbc539e67bac5eed66
SHA512 99710d11b5b3c4cd2232b19928011bb4d3dfefcf8f173ad252cc57228ec776e0a54bef07aa333d74b464528002e860459ed50194ac893627542a7cda6808063e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 146fee5d9a72abaac4105b767d306ad9
SHA1 d45f6fe7eaf420251825760421dc35ebb9166a06
SHA256 0127c8657e188f97f5d8d629d043edeeab42f63564ee154f5a27e7b5db014ebc
SHA512 1a10644e11c5286ba9a912cc3f032c8305880ded5e69ad1dc91e620356049f2a376ae50d3e4ecda57cb7c7735ef4297638be922b6bb047aff21c3e559af32af6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{b2a0ac58-3050-4f44-84d8-4d9a0625c759}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\default\https+++www.youtube.com\cache\morgue\242\{a47b9986-acf4-4287-b0f9-d16106c399f2}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 87322d6159c557264c60dff0cd656611
SHA1 cc7398a798e14538f58d360446aebf1ec01cb3a0
SHA256 851642a6d8024921bac37e31ba11a8c9e9ca22a03c70c02f37f6955e3028c420
SHA512 56adba4e1c69ff84bdf9828715d8ed4aa7a899c5cbb09ebb93540a4bef69cc65da2e380bb79bd522f504e1751ec672530847f2ef5188ed0763a9542081da2926

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584e69.TMP

MD5 7d0927f6d6f540dac051b259290f43ad
SHA1 9cc9e9c13b7be713758cb8c3af86c38cbe852793
SHA256 d8e71c484398ce47da933b7ea0491efde40a9960f92777e7482c8d1dda784ab1
SHA512 e06723a4853e78708ccfe90778382cbe84092dcc2dc16fa834ee79c2302821e5bef43bb94489b8fa7edeabc779d29409f5386aa5b204f4c04ed42ea979ce82f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\prefs-1.js

MD5 2d94efee7b00429c29d71f5c18492594
SHA1 2b5842d871e21155e3ae533cf5f5a27e9b787a62
SHA256 4a883d76a6c6df5ab4db8319f9a41735d3c309d6077ff9817d89eb82f897e5cf
SHA512 01282396164c8785cd95fd64aa529743f3d210d385ed9832dc3edd1bcea1aa132f198e1efc503e9e658fe6f862dae22ffab9e15101d6b99af83c0982134eb41d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1bfd00a1f9ad8dd9c9b5ac810de858c3
SHA1 6f01f7db8653246d1620d69b26f60e718de007d4
SHA256 23f21c70154b315ff7910d99c78542963103dac81c10dca9536ee59bf4e47911
SHA512 0def0fafde1a8c79d88d0c788f2a03d791672bbd631bd636026e65b70f5b7e1085028341997f8da7f0e34c4db755891ac337cb8efa339304bc6bd66633ccb659

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 925220546c53144dd75f168c00335d9b
SHA1 954f95860aa77e5208aa75db814a342cf36f13a6
SHA256 8f413e165a99704a725106bc8fda276d7b38c8ee2c1e25aaf5591d611e3618a7
SHA512 d091f54ee59ce0f72a6d44baad39580256e553e4546b7919d57909c2f8cd1aaff220ab87bb3cd3fab573bc7f6513b2108e3b6311080d9a57f3156a7ab66cd5ca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YSHKWJGT\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\prefs-1.js

MD5 ccc43f5fab33edfd8e1be650dc2802be
SHA1 230f66f7187b746b20a59771a597f5a23da79ca7
SHA256 67adefd3ea86212ceaf82b1662a9d75fbfe2765327fbdc443c02ecad76980a26
SHA512 9f1078199d1dceb068b30dc4ac963daf3756666a10217b398f3353ffbf4dd5fd0a624e62d7efe6548791c13a80c2b19923e6fc799d5457d50acdb1ad7b4d69ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 feee968552ec9fcfb2ca2a0a43a70021
SHA1 13e68a14736069d39c503a7e8c183be47071f083
SHA256 1823425b46dce08382548578d21cd2644b1ead50205b8d0d33404ee8fffe1ee4
SHA512 e5ff0b2b9aa59b35880f597ef4dff256b8433f10ad830d52cf631f1ed94d57292eeb0588aa81dcca53492484f56c1eba6c05ee06bd128ab025615aed9a00f51a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e0108ee8d9fcdf48e749e6dd0c79e13
SHA1 c6052f2ccd8e1a6d11b4b295e47ce0e23aa6ac1b
SHA256 8ec7b61520e6532ffe3053f87479ef9fbcaa28bba6e3bf2eb86cfb048a5fbb76
SHA512 5baa2c7d858d890666c692eed31cb935bbcd820481984a804c82546b204f771c0fed2f81c298b3fbb5ca22022e6b40b1d823b8427ea0af4206bf8891eca9ba6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5dde67bf65a57d4ddbbd5800e913901d
SHA1 e650482bb12f5f30eb0cc26d71d24ab5b5110749
SHA256 81c5f8cf59a7afb034627679b81c3a7e5231c7bedde112a5828973ffe8bb0708
SHA512 192390283c480b67370ace9cdc140843476caaf77639a8ba5c05af1839e5a02f3cd78fe7966d56e39461fe45f098037e692c301b48cd87e7ddc488b01bbe1172

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zsiigt9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a84539235986c4e7afeb8f3528322981
SHA1 b2d81457defd7de439843ef7bc28af75062a6c47
SHA256 6f4f536515196d9368634ed9b7ff8bcdc61bb79892fa2c588d94a1f9458056f4
SHA512 c11ecc948c37b7015ca2f9f400ca5da71f1721f06f025c4a9019e53634fd64a895b026e0e9b837d2cbc90a0cb8be1f1be771cca455683273f967a3b8629b6746

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d6129043f2b3fe2d41e3ee9886347dc
SHA1 4ad166bd44bc3f0366a679cf16dcee7add758ebc
SHA256 c14371810fa5df98d5edcf70fe80dbc133a21f96e3a03ce5696a0f1acb6fe681
SHA512 de19274aeb7c8f23576e2d9cc9e87fa42e959bcd6eb5193d242aed2ec92c44c88b37632155ad98d2ad14595466fa10ecb7a2fff64bb376d17da64747e041ce00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dfd517d088dbcd57c20e36b4f32bb4ff
SHA1 1757c16697f16eb05288031e108dacd70fa993ad
SHA256 8fe7a2362586c6af5f5eb2ca3a25684b0ee03b2cd4b646508534a68397fc0803
SHA512 36fbe096f9f0a08c2ab191fa77232fe363c254265d2f83fb60c5b68a00dedd18518e5a8b5909a39e7895e5cd66f2b9144dfc3f25c808926e7e47bf2f1f34863b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b56a59693e7ad984c75b24a41e45897
SHA1 8027404e50bbc74101236d0417427e81dbd1842a
SHA256 a2885213d2246c8fdcedfc79eeab56db6b9cb1c6095016733d6305f7e0eeff69
SHA512 4699a6b43c22ab43ab2054ce6994eec5800056dbec007739bd9a8590cedd92cd8fcbbb7492de8df596e9f29c15b2194b85f02735ba98ffa37e40c1de3d7f1499

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 5786a009963db2cc79c492657e15783e
SHA1 e914027ac3bb9436f8cc5cdfc1817ed022fd7f37
SHA256 874ffcfdb199ae32b136cc37c8dfd05de785f6001a66a5d7c45bc5d18318cf07
SHA512 5ee3f9e2f5487985304585bfe0c040f014cc279f4663bdf056b2a6daf8e2d93955d67f714a2a7a2ffebd4cff1aa44e1d1616c1bc115703415564e9893f9099cb