Malware Analysis Report

2024-11-16 15:49

Sample ID 240216-ffn9aaae47
Target 64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030
SHA256 64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030

Threat Level: Known bad

The file 64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-16 04:49

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-16 04:49

Reported

2024-02-16 04:54

Platform

win7-20231215-en

Max time kernel

57s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000004b2eb1a3542c12d788ff9bf3a7288c520b6982c76d3aa9ea20a93d4e538057d3000000000e800000000200002000000005c2a44ddd0703a4f21a40b8126ebab57a56a9f2714114a5bc9c9ea3b8d307fb20000000f4850ef7b5a85d08c44202e89f56e2463eb10ad65b5eff9a1b0cc8d92dde27de400000001bcb3970fe1b8c4c795080be808927d23b463a64c35412a1948fca00ebdb3cb01884d3fa6bb632063d7eb14a0c8fd232d04bc88239e1b33d31ad61aa194f5a44 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B84AE4C1-CC86-11EE-AC02-E6629DF8543F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8439991-CC86-11EE-AC02-E6629DF8543F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B845FAF1-CC86-11EE-AC02-E6629DF8543F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000009a20ca13e3730406b16a6c75b0a054975fba2685ec02e6694d02a3775379d065000000000e800000000200002000000081e07000b3378ba127f432d45ead933a4d2f1c10322070f9e13400ae23384eba90000000957aed18c1d146e0e75196ca706d5f33b8d7414ba53beb0a391c9e4eaf5a4fa7f9a93d3abf7bc9d452daa1d1a5d9e670ed6155bfeeaf0ec26eeaee36fe36a282f766d5c8c272d8ed79aa88d3e1e6f6e8501e611d27404c846e9df27bbe2e43210edf931cfc10457b9861201b908a6469a29d6835b3fd3e552dc08ed6b74724c1642def565eb4ec826cf967461cacd7d0400000001f23a8aeaff339ca6069a3aef44030eb6a72bfadc446245b4586fa00ba7e8b74992c2123ac1c956a46c5de9d9073defdd3e6b32aa3a3a3d96ebd9d97ed5adf2c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2420 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2420 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2420 wrote to memory of 2684 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1640 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1640 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1640 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1640 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2852 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2852 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2852 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1544 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1544 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1544 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2924 wrote to memory of 700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe

"C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6959758,0x7fef6959768,0x7fef6959778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6959758,0x7fef6959768,0x7fef6959778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6959758,0x7fef6959768,0x7fef6959778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.0.1531903622\254161222" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1108 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a4cd26e-dfd1-4bc4-ad7e-a0780887be70} 700 "\\.\pipe\gecko-crash-server-pipe.700" 1324 171c7758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.1.1645296085\1978549021" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1524 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6023b3b4-2ff9-4bad-9979-285bb1b1ad5c} 700 "\\.\pipe\gecko-crash-server-pipe.700" 1552 d71258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.2.275879674\1538563234" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29fd0550-089b-483f-a607-caccf101195e} 700 "\\.\pipe\gecko-crash-server-pipe.700" 2108 2056c858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1328,i,12915444965885600833,8053006750589136397,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1296,i,17672238838156758376,10220891222592134065,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1296,i,17672238838156758376,10220891222592134065,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1328,i,12915444965885600833,8053006750589136397,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.3.127993570\1092602485" -childID 2 -isForBrowser -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcc95a85-c476-4270-bc23-3f474dc4185f} 700 "\\.\pipe\gecko-crash-server-pipe.700" 2724 d5a258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2556 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2096 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2956 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.4.757729191\1108863554" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3468 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba688fa4-e041-47e1-9cb0-a68aee3a8227} 700 "\\.\pipe\gecko-crash-server-pipe.700" 1124 2563db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.5.360763423\626115524" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b1aff5-d67b-443c-9014-257cecc651c6} 700 "\\.\pipe\gecko-crash-server-pipe.700" 3452 d5db58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3296 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1360 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.6.902307402\959498154" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f900901a-8d10-485e-bd22-dd00ab41c9f0} 700 "\\.\pipe\gecko-crash-server-pipe.700" 4040 26b58b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.7.2105964782\1498830569" -childID 6 -isForBrowser -prefsHandle 4164 -prefMapHandle 4168 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7febd75-2e16-4060-8af2-ae225d5db16c} 700 "\\.\pipe\gecko-crash-server-pipe.700" 4152 26cd7458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.8.1330617106\1302945157" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44bbef18-90fc-4deb-848e-71700978ff40} 700 "\\.\pipe\gecko-crash-server-pipe.700" 4312 26b75f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4032 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.9.213214504\447117336" -parentBuildID 20221007134813 -prefsHandle 2716 -prefMapHandle 3288 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fe84fd4-3604-4d56-94ab-2bc61bfe2db5} 700 "\\.\pipe\gecko-crash-server-pipe.700" 1880 253c7458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.10.2017647822\1449847739" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95fc9202-718e-4ec3-8294-e7fdbe50f5f6} 700 "\\.\pipe\gecko-crash-server-pipe.700" 4660 253c8f58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="700.11.2102217141\1207029496" -childID 8 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83df0e6c-0bb4-45c1-8ece-792febdfa3a3} 700 "\\.\pipe\gecko-crash-server-pipe.700" 3564 26862b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1320,i,9394654623543963853,8731238293362036697,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50123 tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
N/A 127.0.0.1:50137 tcp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr5---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.202:443 rr5---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp

Files

memory/1968-0-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B84ABDB1-CC86-11EE-AC02-E6629DF8543F}.dat

MD5 d0c2095b03bed29d9fea1f59571ca903
SHA1 c39d0d3a8be130254b2685ea1c62ac01185abaf2
SHA256 56da96a8392a149f55a7d14260c2848b2823ec2bb88dfb2b9b6a3bdae1757f2b
SHA512 4dd91e2ddcdf4a6da40fd23a41ec5314843689e9d7560eca2944ab4f68d2a6a5d82243a7e88e1a16b57a34de79f4c343296771951f0d15aa3c816f943fae9c22

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B84AE4C1-CC86-11EE-AC02-E6629DF8543F}.dat

MD5 edcded9692507483a5887ee26786e79f
SHA1 261875d67a2f4f7e9c5eff6efb41b065a64858b8
SHA256 a1ab396f9fea5cb573a85ebf86f04cb9f052e2cd239db80ab4315ffc7ada7b71
SHA512 07ae36a3946b1658a9a5d255dda50110d68068defb8ab9b21da6dace7f5b934b21f0dd6e6d233a56fa20f2545a08bf76ed44374d496a5ea5ab1fd96bb70edfb6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B8439991-CC86-11EE-AC02-E6629DF8543F}.dat

MD5 ad5d1b37c5ea5526c1e0751312afc1e4
SHA1 83b21aa1f4423e8f0a1a0b035b8116436ed0a4b9
SHA256 fddbddcc64bf954bac065b2aa44205180152ef04ac8dff2f8b92714c3f7ea044
SHA512 26ac937a2a2a8baf858e57132f79a02f03690f134b8386dc164291b5708630656573a43beacaa2a2be7b10f9f602aa893dc51e52c73236b50eaf65544cda8eaf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B84AE4C1-CC86-11EE-AC02-E6629DF8543F}.dat

MD5 8466e60c23178b89393d6134fbf90fd5
SHA1 930450e35ffb1e2a598d1783f31d741eeed419f1
SHA256 595cf969eced0865dc94ac8096d2e1202a5796da62314b13be1de2f55c9f2ef6
SHA512 91b4cd9f7b12930a8f9b8a42c7c583935f7666901c5829709e2528ba62e8a91b941cd5fce5cca0e205a95847f94d7c595c08912a416ea9130c5ea291f1c7159b

C:\Users\Admin\AppData\Local\Temp\Tar66A0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab6680.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69816d0acee574002dbf2d35097ca7e7
SHA1 4a49e15a130292126bf38c90b1db8e4010138ad6
SHA256 cfba47552defabe852fdf25ce6f7a2de6dc37163e8180e6484dde7db04557a82
SHA512 d2f4805965c8f99d7062289bc7de10a5db17640b18312f244b20479112b8cc0f19a3ebddf80e00b03ee317186769ac49fae4faedeba2c4b6e9509c2d973e0d11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 431152c1eb30d6ce23768f31c71c7ced
SHA1 63b66be6713198c09a2f676b97b33388aac13eb0
SHA256 635df1ca34612ec94a844a9deaac196bd05e6b693eb241f7e2bfb81e51ca14ca
SHA512 db42967916434e4f02529a9d07d6e66c34f454430ea028755fd4800b3f57fbbf584e1792ef43d1c563c56741228021f051d9f8d2c57a21be841394b055e8fc68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4bf303cc1bd43c2d1cef6b101c04091d
SHA1 366f5ecda18d907cb58fe234742bfffd94c1d8bf
SHA256 47f016d9ebb3683a5a74f64aded1a15deff74a633297805a9f23de13766035ff
SHA512 6d5f2103f9a7c4a696991cb22311a488d822dfacb567b164d10ab5d8952de5ad62b6d90aa5ad07b00a61d08863f651d7b9364befa6a183de396c7299bcdf4d14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0451878bb125b21970f6648826e368dd
SHA1 56c73d173e93f585cc13593ae33cecb0f7524e36
SHA256 bc192405d01467d5d5be8ffbc01496411964232a412765100fc2c1c654379e34
SHA512 52dcd4b11b4fdad46f8f3449d48ea43c7fd217db871cadd0818a951eb10bd80dba62304457541d31c17c1332868a879a50f945558ba2f3bd331188f2180946bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63fbf22834290e458f28faa540e6d91c
SHA1 3e7bec2f4976b5c3bf859d21888ac5a68d524af9
SHA256 a95a12d3ea68ce8a1b40d701b9011290afe485ba85c6f4fc107840fcb4d38006
SHA512 b69b5e34c83880b9ce649dce0f037c3d5fc411d6464fd696a39356d6cf2961691ecb0863fac9ab59e3c6eb884b1042f4f30d60daeb72620b4308787bca180cc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3800da125099e00403e561ed90efcd22
SHA1 40e4fca1c09228750199f6c9530996e5098fa274
SHA256 73b6d05029767da2f592f7ff14caac36bdec63892670c117e5dd7fb5aa949acf
SHA512 d572b62b98c635e06b951f933ac304834f674346c5b85e3425ef114996f1d96056813b18d96aa4c3d34efb148628caca839cce4471babc9d5466b3a77f22ec90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d0cd4fe90c9d4ac909a74381a53ce067
SHA1 dda7494080ee20a69274ae7f7b06c73026e606cc
SHA256 c412ea0d00a8ec4cd1ef2be9e1b480e4b6baba3acc8065ca390ccd1edb29f33a
SHA512 c61f06d84219b2918f72dc000ed0a2b68adae5dd989f4f27370a463eadd65c508843028f927e4f06a5a0da46ae26bab3fba1ae212ca42e3bcdee6991745aab94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a4cdc896cf1ea5aab1783ca8edd34a0f
SHA1 1269f8a13808f33e5bd4ffba0e544bcd8fd191b3
SHA256 dd3ce2b14ac115080ae50ee89e06cc428195ceb19095d1e030df80d1d3e33e9b
SHA512 73f92a2eb25ac099f480817c31f5531ccb43f9e55eb683e110586a8d9bfa1e57811f4da15ff58297ca7c4994bf10fe436c67efe5d1269ce5750e65d0527c5aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1183e82f1eff07dc1f0118fb8ad7052
SHA1 ededcfb2dec02910c850f4df2e940aa75ac0d14b
SHA256 9d7d4081b2d8b64a8cd8a71da0ab6d0adf7602a186f9295ed1cdaf00af81254e
SHA512 82cf650168eca85a33c0ee1081b7d18386ea174af267cb44e959544bf8314877075904a3727e409aad54423d99ec36139b77689a326192704eb215158fd12b06

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 48a7932ed4303d1dddf06a68e935d279
SHA1 1367bf0e0a4809d47064e5bd60bc39ad217f9921
SHA256 122b8fa174b63c77241f2144e43cb122c469b75002b867610a0bc1429fb4f199
SHA512 f7802928e17b6949ada2e3234a1d415c182f525f3f644d7f0df3dedec98e7dbae99cefecb1d3f4ecfb10e51f0bfcb74ec1768c948ec3ba80db23aacfee7363f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 2f728c734877f241342057f3f5bf6cca
SHA1 cdd3e32f68c022ae60d29e9b2d5405c61a254ce3
SHA256 36203464967600109866d70f149ee7aae2e1881c98f71b8e912821c1bcebe2b7
SHA512 3d8302151e475148b5cfa4117ec3b8d3b8c13620ac9d6bc86feee279a8c81ab37d363d9e00f349d7aa48239edb4dbcdb86c55a85684bf38624cbe48fa5efcede

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9RPHK2ZL\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FW21RAVW.txt

MD5 0bcebfdbc59b1d8b3ae60ec9f7be78dd
SHA1 df1b5497597f2bad845b17be02c7c55c2eda43cb
SHA256 3e4a071c3023c4d7c26aabe40c8257a3856f7fdc5f1d1d19fecbcacbba8deff8
SHA512 263503fd62ffd03bd9b074a0ed0dafb7d8818ffc0b98196f5093d4a6fe1c46cbd554f34ed61c60eff1af3ba08836ea49baf54a1c8d84eeb0938d53889ac7c8f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9310d15fe3530482aaa41bb043c0c26c
SHA1 242cb6873c7a9df47a6c7e7226aa468687e26237
SHA256 18f69cf02450fcdcc0d56065a786dd1e67f374485755a47e476ccf5c1d04f250
SHA512 a6457edc971e724da57857194137dd3f24c5b716c82b8273c15ccc89cc25fd68d5d3f37d66d574a11461763003847bcb3dc8cfe9d92ba877b104b844df6acb59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 1cff71f7faa334fd9a37cc3ed6bf1770
SHA1 880b928021248e7cfd4373c042c08e93097a8e32
SHA256 4523ee7c00c115a33663e1448e1c23b8c9c1967633c9f2298aec5cae7a0e65b2
SHA512 d527a39990dffdcceed6943213d52bc026ae80d75e4c34f8bf033879f53eabcdb9ec63113aa80b1f7b56235734c081a774c8fac1242fa0e0edf4996b7d30097f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 16b3e11fca76e496d572be6332d098bb
SHA1 ad94edb8813d79fbbda5c7d385267667c6892e3d
SHA256 56684f21ebdae96d3f850042f2d7da3cb32e38cffb8ddb1e5c2d919f07ea22f7
SHA512 9a848e4399ea82bd260cdc22c379c37cba224cad23fd37be4d758996f3c4b561716400126c83ef18d4822fc614a9fa3e96831e1a61e12386a637e5920283c9b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25034e69ae3caa84f6d57426cc0efe4f
SHA1 a4902ffd4232861950493eade38b01711ba6cbb0
SHA256 e85e5d3b91e701ba5cf02d325cdc785f12b1e35e739e4dd25ba0f168efaabbb2
SHA512 3139b430bc15ba13126504d23832961015d95b06352271014c9bea099a9ce855671ee2f4eb3c590ed99b870deeebbe56bf5a800fa2ad0a43c85535a81e5c9eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6f0cf27deb2ef16357e06922c7fdad2
SHA1 0da599320e1f63fed68e47716f5690ac608c52bd
SHA256 f6408ac48c690593f1b5ae7f7b869079b6ce2cd476a2b59fc3e2e4044754f53e
SHA512 edce00a479737c67e5181de6da37edff5a76b84cc0fa1ea41c97c23e199f14ffc36f8fe8468ace9cd7a13044ee2e6e7210795d713870e278b20c25d9fc937080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10a4cfc05b1ee05e3cfda346f7e220f1
SHA1 fe487ff94cc10a2cb3d927cb1b29660751d59926
SHA256 f136f9018e81609410807bf70ec75b05864996661f1d0aa874d89f9494ad96af
SHA512 aabca1899322e9893a67e34fabc94a26936cd6f307b8a7979d4131e78af869f0acd9a1461e6bd8f9601cf57aea1e208367ce7c03600d4ff1a58b75a1231bdf84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf5d84604686609bd2540bc4ed7a4962
SHA1 538f80d615447467297d72be2bab0c101f7abe9e
SHA256 4e00968a58b5cec53f83ee645c25169e39eaaec02ef999c423ac7efa0a2600c0
SHA512 e5f05a76cfe74ae07843c3ae9c0708e3aae6730168a40a03af4dea3f3745e1acb2b4cbd8161eb45f62517f3f46a61825399cf5c03c7c20cd03342ab5b4b2cb89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38718be8bc7bbc4169d6d69b270ebff2
SHA1 9eceda689b08a4d40bf83d53b87cd8b0a0e4141e
SHA256 62d203d469eda9608ee29db8cf8273a3f0c87521305f49857947db7506e12731
SHA512 0e5cd79d2690bf776bbf24d0de070fb8a93391a4fcf1de7ce1d7e29a950c8fbc7f979fe4be21a01ba3bd8ce9311c6cfee8902b2ac246da655ea529e77beb6eb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7da844805aa95f13cdbcb6ca432ea30
SHA1 20060b3751bbf656b3cd2755f25a2bfe77fa1ef5
SHA256 71c36576eb72a1fa299689e269c32c580138bf0b9ab5ef69bc41fcc014422ca9
SHA512 46de5b15fd9d8259b6ec67bc733abf7410b928f9b8db7fa1b5c3157aca80ad4e126a8a64adf5dde4d4a1a01988cf3af7649103ace4a721fef6995f981614dff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82f6c71bca796053c942bfa504eb0cfc
SHA1 0bc611eb677122cd3e1208ea99674badc10bd946
SHA256 c887e8087cb7d986856f2bd003f9be9da608dafc08d96b1dba254305e1ce6dcc
SHA512 a8fef32693d6f91252b9e2c476a64dcb70f84bd2faf64d951205c5efeea13f7768035bc1e5a91ff0f72240aa54d70758bd56db4923d2e67dcccaca80038cc6f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae14a5d8b239cd056cfc3b5cbf28c016
SHA1 bdfbf4a3c410c8a8c17003d5b447a4702610e4b9
SHA256 f38f485a3b19c98f282fa838eb7f8ebfc5c2ab4779928868e818ff07bd1f4711
SHA512 a6858c12c557787dd3756960552d8d49c0167ecdc7ee1cdbafecc0434d15c4ec76f6b07500753c80bbb9cc89b33cefb12a4f14733bab076009ec959f01c80e44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb9159977d9a1cfdc31c5d88589da118
SHA1 9e0320495cf20fa9b718772b5145e7819a91a217
SHA256 568b1d78034b6d99744a09c0ea9c3c37224e5a4e3d75329f5a9543c03f859d69
SHA512 dd3044b0d7a1b8534aea5b0d15b3b929eef7c30a23df3f7e5a367302811a6171d9fa92706fe1770b3916ed3be7cb4566e2d9314d93a4e453a5e44260ddfab030

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae65baa77bbd3b5f035717724c4b0af
SHA1 b5dc9d0cac94698acc149cba50c30e461af49966
SHA256 1c5266f735cbc0d45b19e1ed767b1512a0227025fbcd70f332409acee78c57e3
SHA512 11e31f2b5219d9ec3dc8c68baac0ff18bf77f23d27653afc3e55611f35ec1e5e2d842c891f43d11083147ae119c849936646c3b56acd3be7d3b87adbabc30bbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4324ee4e9b1240597ca95311755faf5
SHA1 e984c7b084fb4827f1488aff8dcab149af43be63
SHA256 88ac9515928bc64ef11310f6be2eaa0c02adeb6a6e9e65c04021d57cb67b3379
SHA512 c8df0994e57335e1d9303decf8067eefba1ca90f9c7c0e33244dbb4864866b9a64baa847c103da41b5c1e67e167d27480cedebf6362652494e9672dabf57801f

memory/1968-857-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ff684cd3d1d94c2fb6b46100f307d8
SHA1 132f5fb5a6dcae572dbd0ff97eb367dbbb9c87b5
SHA256 c872f03f360cd719310fd2303105d47b8ab815561280819e5fd03241e8029959
SHA512 419b717a78bfa29fc5f8d45515e1c50cbb2afb8702b5b152c9833c63b25f951a70eb0f2c7b32d6ea1ca747175753e853d62629ef51eddf91ea59072f6e8a0cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2852_VQKLLNAXWHYYECEE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a184a92e-2c7e-4e03-a7b0-aa3d3d0e1cb0.tmp

MD5 04ced7075cccdde824502c80b2e9defc
SHA1 d61e8a4d540158c150d75c19cad268ecf14cce0b
SHA256 7f80e6fd50396522620dae0ba97d5edca042eb6281613d11a2aa918ca310364d
SHA512 71d631ada837de02f04964c1eaba82c67015cce50f06464ed6e701752be064640c6b2517ddfd6ff422dfb5804f370af82f0ef39c1c4b728d1a63e832e8297ff1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\e90a16ca-f184-4cae-b9fe-474bc95c9b61

MD5 4491179d37df7d4431748ac698532640
SHA1 13bdeb1cb07e7f3abccb0abbc98bda884998bff0
SHA256 dfb1cafbfac535248f749afffe987d8e53192592a6c417a6b809aad706b786a7
SHA512 abbd0b1aeee1ce0f512db49f3fc4648c99a8dd0e447e26729b50e721be97073fe148452977a0325c200b9e1f8a49ddf755928b4df90d1accecf6d7dace1a6911

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\5b2eb7c2-7e62-4736-8811-0876cc763e60

MD5 7219758f47cc4b06f9793226a30ab1d9
SHA1 572e01a2c1a9465db48f42fa2985bc0b3fc2bb58
SHA256 f6f8d649caa35cc945a89246852ca18f10ab9bc5abfb4665a01f8b5904aa56b3
SHA512 ea58cc34daf4ec8d552455b8684c4fff8524b16064095402945bbf3563fd6da719908808ac28d99e7edc20505b3edc8d9caa1c3c4bfeaa2c58e96a6fdc85348a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

MD5 7d99cf0da926e2754e000693139df16f
SHA1 f847c22aadbe3b2d507d735538e973c29066a4e5
SHA256 ce036fcf88b4ec74468548ca20cbdb51aecbd60afefad172856bfddef0abcb6f
SHA512 d36b229f1af68e4752059ecca7003652fff917022e52d05500bf0c9f1c6890de2fb66e5071335075b6b3108655040f1d761e99afb9096405b07ecc083d423bf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ab39c513-3d44-4442-985c-7b30328676ee.tmp

MD5 c201e594f944ebd702398a015f71207f
SHA1 4871a18fa5bfcdd380a763986d6680ce403375b4
SHA256 88ef5e4073ad119b4845f826f8cec00e821d90716520110e4b093c645d9f2f61
SHA512 9aca296084845f82ce7868b2767db5e2a6d6de8e073ecad593c35d9074162ad17fee6a80566a2dda7e82ebdccc0f332f8eff4cbbe5a5c384ebcbcf81e72390c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs.js

MD5 11018b2911b0e367781c907bb7159388
SHA1 a140c62034b87cee45d7519a33c3bc7b9b9af5b5
SHA256 7b7f6d72672535dad63042aab5dba1f0eeea6c1f240d488d79ac82d54f1a756b
SHA512 817dd8c3cc6101c1f3f8e78104fedcbf16ec25b336ba20d9323bfe04cfd0948c67d1721dfaaa02b08a259986b98caa9ad8015fb7e9876baa349411102314db00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1a3730d2c03dc5dd6ca328fd31ffae25
SHA1 ea5ee0830758e5e374b9b6f4ea53c70e988fd1df
SHA256 012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579
SHA512 2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 bd5d52c676eb014323d3217eb757bc1f
SHA1 1e640dca3b3350d4fcb33d90ca0199e430ea6b78
SHA256 aa63bdeb6cd36833b6c25006d7ba06acdde0aee2cfb854f9b6067ee09285a93c
SHA512 1ae92f5319724153251a6f74367c7a0c2cbdafe0b54189bb2f4c22d663e0fc495634f8670f8f4241d33318484fc6d362e045956b3ae440953e7a62b3c9c151df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 5b7a57df1584521351c9b7914ccb9bd9
SHA1 df4c7df685901d6f27da43a6a5a16c0f66917708
SHA256 fc4f02fa2450cb30e40bcbb46f38be3c19852b1047b8c248bf48a30a7e9ff031
SHA512 c31ca11a759bb322b030d509d4f54205b4d1b2d2e2bc42186503c54c6f87196e49c8e619a4c09544ba66d62d6736107acd5eabc37fe93a40bb22832e1ef8a553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 849566e7057acac09c1c1437bc4e0c0c
SHA1 bc1d09f93d0de04f52a894e038b2968943d9dbcf
SHA256 bbcf4868c1c597fc7c31a255b9bc5379cf0ac52fcff9150fab779b3ee51068a8
SHA512 fc0a8a0f4dfd0b776c42f3a7fb1980ad520de690de3d89a235e280380369e8a61e068b23bcc524c89a6bee7065fc97d90c88db1054cf8396115333a576a66169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_AB52DA1DA93ECD4D37595A195AF2666C

MD5 0154ed306537dbcd7247944d2fdde907
SHA1 22f560546aff5814009fcc5ac479534bfa9347ba
SHA256 6e979c8af0bf53a030ed764743c2e9ff2f406f8dd3177b3b01fdc7a6efc811e7
SHA512 6878ccb773cfd435787680c688d4002c966c821c33493f6a3e953d7bb0a871d1240e02111124dd91ce6180221101d9abd0c8956a48b8ede43bba18162458d640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_AB52DA1DA93ECD4D37595A195AF2666C

MD5 db8fbfcba66a25627449d511e1e6b41d
SHA1 742df39edd44536b82900a51d49a42a16d33bb5d
SHA256 aaf0cdfcd93e7fa599566447bd7d24115ce1a759600e1d133250e40e88352b80
SHA512 af9cd4b6e15091a95dc7d62ce68a8e749385aa23b0970579d2678b4390855b046795beec0f034fdb4e64c50b5ff5e0d36001674253b00465f91dd0083f35da57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7858d5bb7a9d3102b638fdf0b913e632
SHA1 72982af3fbd7b1678fcb13f9f8e67620804a2c39
SHA256 07a9478f1244172ca7fa82a6947eb0bf0159c1da311090c803c4d8fa7b66eb5b
SHA512 21dcb2a3abb92e5cb85db1ae4ddf948b34ce120a8ee3e24e278bad798e8e92e5ba20e0b76e4b549a29f504e7825af56832e5f34d5e12660053b2c72cc3bb0c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 65e448fae8e5057105ad81ae6fadcaeb
SHA1 e605b96163fb8b3e27ade54eeb3e40246e518794
SHA256 f1d22858897547d0358df7ed33b0c8fa828cd8402d79b1b9f48a962766220d8f
SHA512 a4871614ce38a0d3d5367222e4173e7d324a2083b6ae98cd7e0aa583cdd30c5a5b77cf063d00d5b1c6931162a138d146791eac4f8de79761cc320771e7ff3ff5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 93728e93717e6f3aed103e1bcc65a19c
SHA1 f91f1346b7e3a1c52fc7bd155356510bdbcf344d
SHA256 1d55e61be2c256cd6b5bfd9b4a0c313e0a3c0c4eb29b23c027b5506fed7f6f9c
SHA512 a2296d26db65f897cd29817a5bc38597716e1453c6fd18adce6d83d2583173f21dca2816c19930d8b409d8bf2550e0a62973d838a08c148399bab0af1961346d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9cc18bf17b8e3d4fe538e9ea28998318
SHA1 0a2c2d64d9ee858f83b5e635ac3ebbce4192d0e4
SHA256 2145ac4e7c4984c12eb858ea4c5f049694ec53900184d15b4710f95f78f4cc92
SHA512 abe950a00960193be2ee80d5ecdf27179b9f43fe66accb0d1e9015a55f22748509040078cdee7590a2c7b70711fd7363d7c72ad6c18dc15796477d9971106e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 db15460e2800b1df6ccb24ce3084acb9
SHA1 f0d8882f66189baa3b770010c8981b83dae800bd
SHA256 95b7539b0de8296b204d4ce0427e537ad189a5755e73f8d80ff418739c2e13e9
SHA512 3b4f9ca307e46bebfd7d404ebddf733451481e4140cf80865b0e37008c7500ca9adb55ac05f39d52f985b3692cbb1cc0c1a9b85b2cc89a503f0139f74937d6f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 fd7e6cb0618cabbfd3694c6dc9b6753b
SHA1 fd0d9afc7da05746ef70d4bc0fbff063576e63a6
SHA256 53a5870cad2a4c46a0a3f21df1c7ccb1cd9a2001c60b40b0329831580c7f3d4d
SHA512 b94f8e33e87e2558f56197e4a3db184fcc4e960f141202499e8a855a0b64d9ff912625bf4f35a42c9c9c860132b6708c71018461e79021bfc1d4bbb8e5048aff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7712f4.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 829df58f8ac878b7056d46204768f3bf
SHA1 91c25ca3ad3df040e252c9fed4a2ee8924b600a6
SHA256 29cdfb77f815b8534ebc2b3fb8ed6f4fde6933991722800d2f9a723634ca7202
SHA512 68a0f7b55fd4234c346aaa08c5674905761fc81cc47fdc55f079a017579f38c3d5becdddfc8c2c61148b00fb969ccb9bae82b30d6bf693e9806819747e92063c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 0ef9bdbf5c142c58fbcb9cae3e368146
SHA1 3f5ffcf9e5641a33edc8159231df8857a1a6e43e
SHA256 76a170ea1bc4cf009bf0caf517fc7bd0f56405da21cccd365865af40148afa10
SHA512 aeb54813316b16ef21a67bbb10017cd20a53b80c548e68c0e2bd9a619095f4469bff38e5ea85cb88971321b6416c69fb4fd36d7363dd4ce53d95fcfc1fc8191d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 53dc4d955f989b04cad766f04f09b6a3
SHA1 98cfcf092ad30f6ec3e600e727b07d357ae57545
SHA256 68d4607a381f2dd1adcce0068b66307efd7488511b6fcfeb1531ec72e2198344
SHA512 4b2f5e9e1cbf99607ac581f363d170012e034b40153e746348c0a03b6f0e25f664d6471572086b492c5f2c3e2fc80282c950a9d8a424d9a0e9e772e6f4c12024

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd07e87f7af0ac96969e99845091e1a6
SHA1 402cec9b9b6f890857b91ae7d43d426661d4ccea
SHA256 7a0218eb1c7fee6bd32bddac98183ce73510e4dc72fd2a79bfd295f68bd5db43
SHA512 9045154ac79ec2ccbdef524a27f130267e2437b177819e34861045fa61824a64af0539dd449bfac32172f32ab25364c50e2eee4b13a070dcc9f6706e5a1d9364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 040eb246457ff13da429547e79972722
SHA1 4ae0ed81c81df03b3821e16ac131abd434469caf
SHA256 b56abf4c11e5fc7b071dd057a8150eb8f108ac56f6404cafdaf3a847a8d2f0a9
SHA512 47cf1a2c0b8c9cad47374dd2ebe093b7fc4bb709264fb04298853bf320983b1b43531b61d7677e08d9ecffe16f33273b662824a56a0e7a7b56605bf2e2c9fc8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 f8e1c80df1665d7c854310ad505f1aa4
SHA1 67d0621733c34fede2ae288dddd9a4d02bf985a2
SHA256 24ec4cbf8fa990d9a897ba1d58922eda034ae5593c4f4adff8339140538f5935
SHA512 765fe968471ad09260473bbdd93d17a2632ca0d3bee8886234aa92a98d5861eade15e460c4f5cea94b7fc48614ec2c31a5f3d1559bfb42e3c74290a8313e006b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{09cde4c2-ac3d-4c90-8825-678b71557d69}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\idb\4063019932yCt7-%iCt7-%rde3scpfo.sqlite

MD5 9802ecf8d9d0050125e254c09d96b198
SHA1 da916218bc5e1757417e2343a6a3d2da0ee25b76
SHA256 e7d88352b171fff74547839e164c2b9dc636ed01297a55f51824a22d92ffe89f
SHA512 4153f3dc4d162bdcbf6914c914c4e344276762498d6c886a3264d2124e9eda4f6535ed3c42e9ef28ff89080e07e52921535306b843d49b4c0f1cb649605e378e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6084a1bb03f395d3e4fc4133462e7f22
SHA1 2a3bfbfa30f7e77ab85852ff5bed4f723b3fc147
SHA256 13a244b47063ecf6b0ddd1bfa163aa2e6f8000b4a6c9bc4139c0756c395e1202
SHA512 732ce87253482e49ab3924ac67cb23552e7ba228358ebb76cbb323e64d648438c213f4035ce9ecb28fec827aed91e0a9900b302a5b9716d9f415f56df1dc470e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cae98dfef03e693d4f8387ce99752f87
SHA1 600515c39fd5307371a6b48304710b56eb1ef62d
SHA256 a7162f18505ec688e8bf73a48cdf2e173e6b93c9d521ba636b42614eaf11f501
SHA512 ddd980e006bc4afcc7728f7288e5d5162e2aba1dcafbd9125fee9af1a386c9eb6dfadb996273bb4c279b58593d052aa10365f701b2b4a6354a6b705dba3d7f12

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 573b8ec4ee4cab0902526c72bbc081ee
SHA1 9745552653f60bd7c465f6100399f50c8de59edc
SHA256 2e300e04f7c3916b5d463b07afe8e3e09b085b557f6e8ca3cd8d92ce8c576101
SHA512 f903bcccdc3e896abd43c2e909fde05d1e9a35326b24e2a65f518a931b1478773156b256d3ea89a15934daa3a591b4b73fa662e54989c8b8050467b9a56fd326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8cb4d1527a9dd6c4814843ecb25de74
SHA1 5e4adc0bc74252f81e6fd3eb6b0a527de279d032
SHA256 314a440a4bec556d522823951e83437ea3e11854b35f3d8bb8aca543b9356807
SHA512 48ba536651c66ce092da69834d6c0365d98b4be40fbbb6ffdea9487453cb76c196de52a5a9b1df47d5b746de464d704d9e5373bf132dfa2934c265a61bbf438e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5406b7342c98a9b134e762baf8083aab
SHA1 3d494d83cdf06dc29ceabfafadd3da7249e4be97
SHA256 bacff02e7a9b2a0996c37dbf16ebcc121cbeaa74ff2faee85f8ba971f5fc9992
SHA512 b702ddbd14ed0695396b14fe2c1afb2b72be684142124d677911fdda79bec65ab376312b11b4eb7524f85b499cfba1ebaaaf55f495c29b9bdc2cd944b5fe4041

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 48c855d622637de7d730ef11fec38dfa
SHA1 eb00a88c88a19ad23f2697940ddaca8c9a4994ca
SHA256 a0d4c6ab66103f9b9679d42b9909a2c11d9f8146996e10bf006851151fa8902c
SHA512 80e846d4a1c6d15eeec2f826196f22e9700ae62bb553d811912bd08a008dd7f558af34359add0fd8a0b623f35ef563d77d355c290b3648dd7b501707c8dc23e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f66fb26d4779e5a290fb78712b44aa3
SHA1 b253f52f4967d777198ab83cce472e7a91115b45
SHA256 69df455d6d4671424cb0672e04646bafcfd55702bfd080a04ab0370d1b815f7a
SHA512 a06f615cb542708cdf7dd355e0d74ab29e17aee088d2004efc7071b9b54a7d78c20f0aeec7675352f8da5884641bf8ae4a1f0b12a02a6c5ac0ce9cf7d88b243c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fe414afd1a82fd4f708ae4335336f9c
SHA1 9ce0feb21984f6edc717f8be58dc2c490c677216
SHA256 09caf4e5c2c18cb30004799d81c6c001e2d4fc0ffd9ca4399f525bd30e70c8de
SHA512 836130a7666a38f89268e3c893634fb55f2fcc346e78ba062c9500868e4d82045d18866c197b61ae70003b82079496b438d1073b897f8d2bd5367d302d98fb89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89a0c85f80a37bd1ea516fdc7bab0a61
SHA1 83a328230e35b01516948d78991cb8cfcf906fcb
SHA256 fac55bc853ad5081183cbdd0af9f39ffd2761de1a8dff03ac64285f51e83d8c8
SHA512 cce821ea2f271a4241bc1eeab67219f1fed474982256b33859726c039c05056f6622975398cf94d2d0a04ed8e188124a8cbf8417441839976306d4040390316f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 621b044052e7bf41fe6edd99db6a2314
SHA1 604a4ccf7b137ec798c91eecb9d672be2ed154a0
SHA256 734202406350ba51a9ce2f57033aa06021c8561b148bd568fa5e5994e3a3b69c
SHA512 5d9be8acbb35512ba80fd4c8b708e18b56e9bbc85dc32d1bd8a2bbbe41851e443a304ea26b5a7fc463720ae1b40691f474efc13bf39d18352bf101f8a9eb48d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5d7933c2b826e9b65d0a509c828928f4
SHA1 36b4f4337eec4d41e249989d0e32abb12f842d23
SHA256 dcbf4e72fba5446fcc468ba581b8694db550540bebc89c48c655e985e72fac38
SHA512 9ac7af99c12575ee26e4f7bc01de83478cf3348c50d224f1d55d5b54f7beaec1d83c0268a2264a146030acf9919c37c6437f34d24ed46ef378be1a7cd4fd0eba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 813e684f18bc23ef27bc82de98dce44e
SHA1 b146bc855dc821b946a9eab707a5acf668617192
SHA256 278fc29d8d07b94079fb5e2b0f44b04e149c0213a12b1ecfd21ef175fa1c0d01
SHA512 722709d2b0e9609671fbb0f3e8429dbb5b58ef8a0ac77818b53e0070d5951881c1ff2ddeb4fc40693ed6d95599d5611a1540e2e9689cb0790779673ab334b403

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc908d7b1f27c1d307ad0a6919688730
SHA1 f1eba8e892585ac6ae3b9fd66230b68e92bedbdf
SHA256 cbe0dbc905c9d6dda7dcc682747717eb31b234b399092992b7ac8e572453063c
SHA512 4416f59c1401c392b793998325e7ef357165564185c7a07098d6bd571549cbb4984914210e06926a672be794a38eeba6b11441f471ad8c45d2acd33922ae73e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2918542d6014a092f8e3f6d8d6154d5a
SHA1 7aeedab15670c59747b0ac9c28087e255dfdda8a
SHA256 2e0f80cb9cc17eb5356e86ac5d187d276de3abab1c845d70f1939d05010b03b2
SHA512 db98088bf619cde154d534502549ffa9320931a8690d4fc176a8483d7915a60004555ad0c8f2b8e0b90b7bffdacb26e4bce3cec21e30ff2928993634298e444b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0b0b49e164aa6247ed1a6757055e228
SHA1 d97465b9c5aa15af859ac7e45b6c097b1ee9c1f7
SHA256 de8a14ff2eea7f609fab65fb3d168a74a64e9637abde765ed924fc3d69494a84
SHA512 d5c35761e83891fd1f2e7e3cb89cfa180e2752a554e85d4de39835000eb908fcbf332b6ba10f0868c0dbe442cb76444bf6c0e2cf584507facc1668d555333811

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 76b4bf792be08f3dd4967f28be082d5e
SHA1 556af41f88503be9c41801de5f735e288251ca09
SHA256 e1a6a4189aa280f3ca4779058430a7e7d3d33f45eafb6bf72264ff7f6f565b86
SHA512 cc0845b258cf7e45825616b503d83098dec1d92e1e945cc62b19f1f37686ee4e4be8310cffb6fb4f3dfe525f9d5159ed946c065bc58eb05e70330b069c6f3e5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0a2474dd26161ae44b211701cf2c6c77
SHA1 ed0c27a36c12c95190ac0074a6d1b4b185d6e33d
SHA256 1ee019e04152f932d6fe4c89e6bd2cb84aeffb96b0bfc2b948ef4d9944d4c148
SHA512 d6cbc562315d25f5f223ecdcab88530b7e18a2931a9a01be3bf6642f7f81e4ee1161d1db3a99e3b204d726589ef4d1a1f5f79b6811237933fd3dfd13dbfaf6c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6149ea74d6d9a4a69700503e5c9dd7bd
SHA1 bf33eaf3aadeb9348434cf8e9849a34b1ef833ea
SHA256 a7438bd5d3d076e113ffaeedc357ffac560045b8d8dd30dc608f2527cd4de1b4
SHA512 f1daaea058f2e6d11dcfaca816fc229c572b6c3561108b0d77fd0c6cb387bc75a750267fb5b760aaf357289acaeab0ce4ae994d14f733aa5a70250462ebb1bed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{6f99c836-b8f7-4cc0-ab9f-5ede13974715}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\110\{f57ad394-201c-450a-ab98-96cf301ca86e}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\94\{d0077a81-b698-4256-863e-e7b673abc85e}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\93\{899ced92-f05e-4003-b026-6dbe6e8bf85d}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\177\{cae0e1c6-762b-4683-824f-f0fe11e579b1}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{ee59f9cd-fae2-4fe4-9b6d-349904fbd0e6}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 edcf103e97f78c400665c68891ab60db
SHA1 553dd8d0eedeb19406ff035defd2fe76353de4b5
SHA256 a2898a4c968a87b3c0aca9019dd1c2ad3d7eeacbc0ae2bff82104ec9c9bf4934
SHA512 d45160361a18ad222c57ccd3d6264c0167755694493d0cdc66bdae59bb345f9d060c9816c3f73cf67bdb45372cdc3c3f8666ab1cd1c88b9b658943fc239227a2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2a5a8883-0ee2-4168-9144-1e584cca5481.tmp

MD5 7c45aa99da6f833a8a6914eed4f34d15
SHA1 343be0b4de1f9a84c66fb2ad7bcc64150d9fd23a
SHA256 e286ce5c68ec6ebc749ca8ba8de98a83ce5207eaaf947ae6104ec54a37d22eaa
SHA512 96bb87a587ca7cad14a88d896219f8719c5bf9bad31f26cd4bf414e34c61e13eeae348b31aeebd0d3ab8e1c717dbef5763ca5637455b43164c3f9ba92c1d4164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a42821674bce76d5e3b883ce4304665
SHA1 309e38a25783f99401df35953f336d0015c05f03
SHA256 b42062d7cec225e9fa806cdee4d9c9a42346aeca17496206d0e8dea9523c7b8a
SHA512 48ea2e3ac870cb19ee643d50a97b83bb633c5ecab3243295f207925df8a8330a6cc376bf572842260be5a27a9be7507bda281a4f007f7e47b41c7ca01e5b55d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 50e4cfe26cb115cf55ed66efa9574189
SHA1 33ee4fb12826bf2ec7ae4882c20a2b1d94405ebc
SHA256 0947b29d3c0bbd9e96dac4aa9f528e6794b40ee357dea0983e400b6288a4ff56
SHA512 2e3c318595c4ffcff944415909bf8014e60080b1a1d1e622f4332af2d019c236e65b55097d0b3e77973201c40b0abe190d369fba721286268aca40c727520fc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cfcd1f8dcb8c5d4dbdfe3243c855a00c
SHA1 251d543fcc4e50ec173ba198dde6f937f5cbf3da
SHA256 9615d4031a71a8c6a478a5d3d1deebda2a621014fe9b5894b4f61063d340bd03
SHA512 b45c939d6e6b310369120c5878b15781ebab6de02d8549543239b36b2c0262e0ef03c2ad28def6599cef0552c8d559f78131dbf596b43a39a3adaac01e6fae08

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 56648495dd9395914860084537cd29d7
SHA1 e0a6cae2b6e2ca59bd3ce134a769d9cb4afced7c
SHA256 7a1e9715056b120c0179c528ed492effa005cbe42b349267df8163a1c3685cbf
SHA512 6c54801ef12bc004a0bb0154c67ae7180bd7406e943399c40dcdcfa078f928cc87f64319316d11e7e6c2f711b0a1a1c0a61242855b74deb8b29e8de170604dac

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-16 04:49

Reported

2024-02-16 04:54

Platform

win10-20240214-en

Max time kernel

300s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133525327537435167" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b648727b9360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d1e56f7b9360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414839270" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = faedb57a9360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "414881966" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9190d8959360da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1952 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2252 wrote to memory of 1652 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3368 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3084 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3084 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3368 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3368 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1804 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1804 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 440 wrote to memory of 5156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3368 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3368 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5164 wrote to memory of 5232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe

"C:\Users\Admin\AppData\Local\Temp\64b15c14507a719404dfbdec4135eef1b6fc668a44e021938816443c6ddf6030.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3c219758,0x7ffb3c219768,0x7ffb3c219778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3c219758,0x7ffb3c219768,0x7ffb3c219778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb3c219758,0x7ffb3c219768,0x7ffb3c219778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.0.1333327468\1219162012" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4990e5ce-7275-4bdc-90d5-acdef1d4dfea} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 1780 1a491fd6a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.1.515431741\1272073986" -parentBuildID 20221007134813 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94762284-5b5a-4de0-83fe-09fbbf569dc3} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 2208 1a491efc558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.2.825413907\289213809" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e69947-cc14-4954-a908-6563eecab819} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 3024 1a4963d6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.3.1808207976\1898993156" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34c10ba-bcbb-436c-bcec-80391fdb4f74} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 3524 1a4971f7958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1740,i,12909067163133088122,7156002445893732421,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.4.1897029837\54171798" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4636 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356daf62-382e-4d29-a0b6-6edf512fcb45} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 4676 1a498ac2d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.6.1805384681\656490358" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ed19a6-fa8d-4c53-9d48-e2c0ea35e76d} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5000 1a498ad7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.5.699243457\611201150" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4820 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e0e4f25-a21b-4527-8e37-064e021e8ff0} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 4804 1a498ac4b58 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3364 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1860,i,6732572802554046551,2854031060121125506,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1860,i,6732572802554046551,2854031060121125506,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1740,i,12909067163133088122,7156002445893732421,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4712 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4856 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.8.266861322\900540589" -childID 7 -isForBrowser -prefsHandle 5512 -prefMapHandle 5508 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b138c05-9444-4462-8887-efb15a90d87e} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5520 1a499314158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.7.586198258\498236998" -childID 6 -isForBrowser -prefsHandle 4300 -prefMapHandle 4312 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {414592a4-7e83-4f8c-91c8-4446ac7debdf} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 4884 1a499316e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.9.375616171\471832939" -parentBuildID 20221007134813 -prefsHandle 5844 -prefMapHandle 5860 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b1a544c-6663-433e-b548-4373ef8f7c4c} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5848 1a4965c1458 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.10.454519294\1317993874" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5828 -prefMapHandle 5836 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd6016bd-facd-46f2-92c5-45f54c85bd9e} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5876 1a4971f5b58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.11.1819513722\1686544857" -childID 8 -isForBrowser -prefsHandle 2604 -prefMapHandle 1280 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {803f9197-4e54-4c6a-90e6-82cc4274c212} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 2612 1a49853d358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1988,i,4175216389033235175,1337347156544135115,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.9:443 rr4.sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-hgn7rnls.googlevideo.com udp
US 8.8.8.8:53 9.18.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.9:443 rr4---sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
N/A 127.0.0.1:51032 tcp
N/A 127.0.0.1:51046 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp

Files

memory/1324-0-0x0000016448620000-0x0000016448630000-memory.dmp

memory/1324-16-0x0000016448A00000-0x0000016448A10000-memory.dmp

memory/1324-35-0x0000016448B90000-0x0000016448B92000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 909e27d6cabbebf02e7a375d5bdbed97
SHA1 728b8b4d27c8ced57c0e6ce4da9bc9d287ccfc38
SHA256 2373c1953deccf7eb9194d07d00e2757b71212fb6686f71a3e4f616d35f8a80b
SHA512 41fea1cf48b8f5f50602258c8d2078af216781ba88ce8f9054a97cce07f4b124596013e7da7a7c7a51f7a445651b476487660266d95ec77bf856e9bd5fe5c7be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0451878bb125b21970f6648826e368dd
SHA1 56c73d173e93f585cc13593ae33cecb0f7524e36
SHA256 bc192405d01467d5d5be8ffbc01496411964232a412765100fc2c1c654379e34
SHA512 52dcd4b11b4fdad46f8f3449d48ea43c7fd217db871cadd0818a951eb10bd80dba62304457541d31c17c1332868a879a50f945558ba2f3bd331188f2180946bb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9742fb8169236fa973c15064b39492d4
SHA1 af1393dc2a282e48b1f2a3998c4ad84ef6ee4231
SHA256 644cc2b529c4d5180c67095884d2773142f3483973ee95cec9700ad3b29fee17
SHA512 051677c08ac24f55d23ee2e7a06b497f036a47746eea15587405187237a6112f2abe24d096a9099738e61d9d79614d1637b9c8c3df7e1d9833999b7c5a4f68c8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 20b28e42f4a2da096028492be14c0797
SHA1 c26ae55aeb44e48ccfcc086a2d242b9419df4460
SHA256 f5afa4d42f9f6e09b86d6e24c05da772a07b5a6ba3f853c7a12ca7546c5add23
SHA512 421105f5e62697651826c1c90e885ab3dcc80e6c5dbed6302892a6dd6c07fa5cf5e6de43dc6df149656b7ddea58dfc2409469f507c28fa210b0d6d8f1bd179ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

memory/4252-118-0x000002BA56EC0000-0x000002BA56EE0000-memory.dmp

memory/4252-145-0x000002BA56940000-0x000002BA56960000-memory.dmp

memory/3284-180-0x000001C361C00000-0x000001C361C02000-memory.dmp

memory/3284-182-0x000001C361C20000-0x000001C361C22000-memory.dmp

memory/3284-184-0x000001C361CE0000-0x000001C361CE2000-memory.dmp

memory/1952-207-0x000001F555FE0000-0x000001F556000000-memory.dmp

memory/1952-208-0x000001F556440000-0x000001F556540000-memory.dmp

memory/3284-212-0x000001C361F00000-0x000001C361F20000-memory.dmp

memory/3284-240-0x000001C3625F0000-0x000001C3625F2000-memory.dmp

memory/3284-244-0x000001C362B50000-0x000001C362B52000-memory.dmp

memory/3284-249-0x000001C362B60000-0x000001C362B62000-memory.dmp

memory/3284-255-0x000001C362B80000-0x000001C362B82000-memory.dmp

memory/3284-257-0x000001C362BA0000-0x000001C362BA2000-memory.dmp

memory/3284-263-0x000001C362C30000-0x000001C362C32000-memory.dmp

memory/1952-271-0x000001F657040000-0x000001F657042000-memory.dmp

memory/3284-306-0x000001C364820000-0x000001C364920000-memory.dmp

memory/1952-303-0x000001F6570F0000-0x000001F6570F2000-memory.dmp

memory/3284-310-0x000001C363840000-0x000001C363940000-memory.dmp

memory/1952-312-0x000001F6572D0000-0x000001F6572D2000-memory.dmp

memory/1952-317-0x000001F6572E0000-0x000001F6572E2000-memory.dmp

memory/1324-378-0x000001644F3D0000-0x000001644F3D1000-memory.dmp

memory/1324-380-0x000001644F3E0000-0x000001644F3E1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\78H8IA03\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/3284-416-0x000001C367280000-0x000001C3672A0000-memory.dmp

memory/3284-423-0x000001C367AC0000-0x000001C367AE0000-memory.dmp

memory/3284-424-0x000001C367AC0000-0x000001C367AE0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 bd5d52c676eb014323d3217eb757bc1f
SHA1 1e640dca3b3350d4fcb33d90ca0199e430ea6b78
SHA256 aa63bdeb6cd36833b6c25006d7ba06acdde0aee2cfb854f9b6067ee09285a93c
SHA512 1ae92f5319724153251a6f74367c7a0c2cbdafe0b54189bb2f4c22d663e0fc495634f8670f8f4241d33318484fc6d362e045956b3ae440953e7a62b3c9c151df

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 1929ccc4976702d4e07eb0441b479e3f
SHA1 f141d04d34490e428131ee5e4719e22b73c5cc0f
SHA256 064ad2328df8fa0a24902a1d064aa49c210d34ae79644b670fd2c91db7059fa8
SHA512 a5b17d4727c604208cc34f1c4727917553e6574dc08a7fea52df8fac189c086a590b002811d8d2625134edbf384f9b23374b90a0000625a3fb1c84d58ccfeef8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 53c0cdf674ff474666c0da240b0270cf
SHA1 50b64a1f65d478a38fd2b1c8451a3136730d0419
SHA256 dcab23e7a5d9fda6e3c9bd7e20f113674b08f74e55bd38290e73a68f8e5aed05
SHA512 7dcd112ce265b33dc543afeca669acb29c7f598fe4fcdcafceed083caadce206a4f606a10f862ee299c065358ac36769764205455999cf269ce6a4476b232aeb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7F3O8D3H\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3284-637-0x000001C365660000-0x000001C365760000-memory.dmp

memory/3284-659-0x000001C361860000-0x000001C361870000-memory.dmp

memory/3284-657-0x000001C361860000-0x000001C361870000-memory.dmp

memory/3284-656-0x000001C361860000-0x000001C361870000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9310d15fe3530482aaa41bb043c0c26c
SHA1 242cb6873c7a9df47a6c7e7226aa468687e26237
SHA256 18f69cf02450fcdcc0d56065a786dd1e67f374485755a47e476ccf5c1d04f250
SHA512 a6457edc971e724da57857194137dd3f24c5b716c82b8273c15ccc89cc25fd68d5d3f37d66d574a11461763003847bcb3dc8cfe9d92ba877b104b844df6acb59

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 860f9804c36365e28ec3aa7f4d39f1fe
SHA1 44bdcf920f076977bebef2ae497d3de960099aba
SHA256 315c5b26fad3e66563722d89a39bc7c2ce6085419194bb799996d7f0741342d9
SHA512 f06c70ee7b006cc71af30871916a6139294025c522068a0c6b87fa44ec7bdd084ce98c4855f501d0ce44131212dbbb864cfc5ae9cc417a6b94fa911eba67d52b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\xg2qa7n\imagestore.dat

MD5 36d732a93ad2615d71c6350276cbaacb
SHA1 e09e51ecdba14c62f09ea861d224f9f1b46afb40
SHA256 bee2dae006477e58e77766bd110e4bb5915ea7b54afb8945a9f13d4f8dae21d1
SHA512 aeae5da9f5d000ad6e727eda6a5e09468629e23ccd5560460e9bf6946d0b8d8d1aba7b16ecfa9211a6c08d90d22684be3b21f1bda81a80559390be12af08c70b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HF1CSPSN\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RMK89M87\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d0cd4fe90c9d4ac909a74381a53ce067
SHA1 dda7494080ee20a69274ae7f7b06c73026e606cc
SHA256 c412ea0d00a8ec4cd1ef2be9e1b480e4b6baba3acc8065ca390ccd1edb29f33a
SHA512 c61f06d84219b2918f72dc000ed0a2b68adae5dd989f4f27370a463eadd65c508843028f927e4f06a5a0da46ae26bab3fba1ae212ca42e3bcdee6991745aab94

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 59293120922c399f6ac10231fd5cacbc
SHA1 5d86fe765d3037676d8b00e67ad43dbb1583dd7b
SHA256 a5470169c312b606a0eac885c6f5ea11585bf0ddb7097d1f6066bfe06b99b119
SHA512 a5c2e8e1017d84aa17d55c1d92d2a2e33fd53de0e48fb9bb64706b2c523d6961e98d967e167ff188d4680eb3d45b25081e0d942699d09c613c189fba743fab91

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8KXZOJA\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3FJ0N7E\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3FJ0N7E\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8KXZOJA\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3FJ0N7E\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 de368cac13501fff61abcc78c34d45d8
SHA1 225b86e06f77164d8c0e1cfbb2b70969f33a7dba
SHA256 7444a4d5bf082ec6852dfb4d0ff3d3d9f6fdedf6270a92ed1412221052036db4
SHA512 05c436ac373de33d945d8957c51f75103bf5257a031416ea5f8bd777848be035e00db6d03f9e724c4b204dc83dbc2f3c2d3176c3d24dfd443d4cdb9358a432fd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 1954dcae983aef0fb5946ae27a31e217
SHA1 5ca127100c6db5f7fd33dbffcc4aa9b18798f868
SHA256 4ce357ce3bb21b9a9003482ce27da33b7e57382809f0cdbc8d18acbc4c4fea4d
SHA512 4666909d5699164f54cd46e0179de9fd9b8b42956dcb32c71903c577d6efffe54f7287165bdf875cd1e8089d1f1d6ffeadf0e0d537077bac5f52b3f7172f93c4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8KXZOJA\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8KXZOJA\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q3FJ0N7E\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SR7S07TT\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SR7S07TT\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8KXZOJA\rs=AGKMywHEIYQh7sWB8iqy7VDdPxD7GEphMQ[1].css

MD5 b03b6f8e08af40af202b3c59cc2142bd
SHA1 0bae6528e9937adb55f78f259f906292cef060a5
SHA256 a5d9a9d5992f070c2b428fb7f8ec766facdfe89db7a27c1e965c2eaca10d3067
SHA512 f3dc1e9665178240d881c095ba34da8c0256f63410ca5c19947b1d5bbf10e5d0cd1d235bc0ea11767c61241fa4e398a1432ffb6af17ff532e2dc68ef394dea60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SR7S07TT\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SR7S07TT\desktop_polymer[1].js

MD5 6d8f8b6984a62fac0279e98f93180f0b
SHA1 45996079c14e7435c7368be427a2ac4fbec7f6bf
SHA256 5dd00bfb075973e4188f2934dbaba9f8809df84cf92921a521532bfa1b983d95
SHA512 56df5a8ab808a8025a06d34d92a5212e9502ce02c35a190ceb13054b251705ed0438aa4217e450f11cbedeb8ca11ea2fc2ba128cbf29dec2bf6dc6b2f6d37738

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WZSVZ5P1\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b74001b1e403f8b746fd1a26e1ec29d8
SHA1 681095d1d455bd73c9c2ef124d522f8b48a42983
SHA256 aac08ed92a096ec770c2ce1c48211ae9d3f944484e03d51681d7942c047e89bc
SHA512 f6934dbf9c49713901837a866c92b99a2aa9668790ead31d4c474673068a0ed5bc1080ed5154c37bcf8cd661a3a7fba804793d20f40f10c83da2efdbac6bb3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\pending_pings\e6e9eafd-023f-4da1-aaf0-e28b9398f3ee

MD5 b8fc51cc10cb1b9c8124cb72d0b866b6
SHA1 7782e8f1552574aa09764a706953dcfc97a08e4d
SHA256 7b1c946e397c292253c7001b4230fbb0722501fdf955435128b3ebbe6701e517
SHA512 679098b12c28618988913503e8c739a5ae8f2c80f6ef75951002c1196e169d450748c2a126084c69df60d6c9d83abf80307f3f92c3acaf35c028f1985c2e4f54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\pending_pings\bf62198c-8bf9-4782-814c-82bb2cf6e110

MD5 75bbbb49baa4da05885d94bdbdc70202
SHA1 c940396be60b07954302b8169771152deb0c63b4
SHA256 76cc13d070593d8b94a08ed4d0a6cc3bd40e18bfbe936544d0f6d8d60a0defdb
SHA512 5ca79a94094b976145dcc086901a5dd1ce2da5ab5bd1a59364f429bc3066bb9a8c256738eae68d2a29168bdbfa49bdf9b420e8668a8b9c8ca5abbcf452d5eaa1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\datareporting\glean\db\data.safe.bin

MD5 b76c9155e288a403167b0c71678cdcdb
SHA1 25219dc62f0f2170172b8d6eda48ece9da0acfab
SHA256 f41b5339259904f5d8986141837fb688c27bf376d25bb88394410f43fd39bf58
SHA512 b45a578fd09036aa869335937aaa569471f94328c6e77d3228435f8d492dd36f99c35c4abb8cac16aaf8615f15c67b6eabeef4a8ddfa7ef02c9d4aec795079ea

\??\pipe\crashpad_4740_GHVIXVLRWTXDMYKY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 31e98feff625c8a3ef0e48f6f6d7c50d
SHA1 f0d7ff485d1b858d8c07231f24fd6aee2a50ff1e
SHA256 e0291b8d2e4ba395d344edc5ed5090e2e27afe87fc1d47a999279160dec56e31
SHA512 efd91361d3db87e68cf8f35f49507e81abdd3b3ae015177621dfc1811b126fbb4a7cf952cc8d1ac4771771e59e1ff88be865e4898c3bca42e9883fd867ecd752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 436b72c7dbca8046418d37985eba9e6a
SHA1 3fc09f3adebde0b30a8f8efe6bd3eecb769c5481
SHA256 cf0e66de4fda0cbc7128c95310920d9de71cb2442b768054669673dc8d92bd42
SHA512 5ffc9dd2d294445025c6c99dbc61f80345ade2acbbc4b6c5b61331110f7c0d110aca8b2b5ffb7853d4072b87d3089419f80dc33e582b7d4811fb13df3e1e33a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f531e7bb2a8f609d9e9e66bba7e95295
SHA1 1e19edacfcfcecaa2f89db51f34aed42a58a7215
SHA256 4b0daa6ec85115a65cb5a55473a7bbc2deec1ea3c23e9a6f2e75a627faa11219
SHA512 7447b1e6ca97010693716ea64400f9b28d108a37d116f499a218b0922afece9f1988d819c1029697e1cff7eca1bcf744bdad32241a9b97c39fe1d6d297c1ab3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 982974975ebfea2c4cd03c1758543721
SHA1 afc2239c0008bca8595b28f88f19d29cdf4ef664
SHA256 a98cacf0896cc273b35c4fcd2752a64b9639f06c8cd6014ab10f531180800134
SHA512 71716b082c54f754c17b7e49d219f9f96bb806788b5a07f63dad4ed3017fe7c2e4a49311301e189b4c128d2e5c63ec176867efe61bd93bb750685923d9d000e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs.js

MD5 b790c80694a468b68db6f4eb8b1bd6d2
SHA1 7fdc3c0899ca10d99ee1e89bf3fa69b023a5fe5f
SHA256 ff80bd0566fba71cafc48d7793bbd32d4aaf4e18c9f2b9cc5e5884ac283db81c
SHA512 bb80aa1e29f2b489cec99c8df28c6230d0f0a0d230821440e6448737315644414e59f95dbefeb760ba41c86578b7a547bb98b79e9ccb61aa2b8bc60dcfd1d092

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 c920714d08f464a965635699f02baca0
SHA1 b1603944be7c772aa67c434cba554f64e65be804
SHA256 6ab8ce27106d1294f0ba1956085ec441442f13fe99d728b8687159ff02161095
SHA512 503f534ce8e83141c1e1d9cb90623f6c09adc2cb79a7be77b02fadfaf018385da759b52c49a29045f1cde134d42ca1b4b83228211f86768d29568c56ff4add57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a4eaf075b0e26ea9fed206b33ed513db
SHA1 89e740b0e3ab8eb782cdf6a08e7fe64ae971801a
SHA256 e4c88536d0f6f23782914114e39f281b801a0598723fdde20aa20a2149191f70
SHA512 627019c437b4d60444cced23b292648f6f05dadf5fdab3abc87505bf69464c31d1679f07c285bf8a368dbad41493c1f0eac34814f627d5c94717ddba88228ad8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0e43a964c0a94525fd563df9f9a2dc53
SHA1 81d3a71c6c3e9c15f651176ec2cbbe30b9d21fbc
SHA256 6c92c2ab2280728424d95e4526cacbabbf22b618517bb37b830cd989ba31f2a1
SHA512 63e09fa9da70309db6ff43bf695ce047cfe4173d1c6f81b3613f34242dbfd77f767cfc5b0fdedd209e80c66586e32621c9bbc28c399187e3f223760554010fd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b636e4275d6d876a72e4e77dc6a5e29b
SHA1 6e8579f71872da54788efb1b0f9d74419f71ce3a
SHA256 833b4cb888d12abf9de8cc92ff985f06be63ac12b3e8adfef8a8b9e7c5a296fb
SHA512 f16d7bcaaa3f116ba285f50630e0985ca1618e28095b15788281bbb361767de5466bd83d777125461f3349860fa1734f228d6866a5aeceaa3bdad768ea61eda9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3MEJIBA7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\storage\default\https+++www.youtube.com\cache\morgue\33\{a640c408-c1bb-4509-b3e2-7e69bfd0e321}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9bef22ef-d4b3-427e-9b2c-8035eecf4c13.tmp

MD5 c5e0312e4ce30abafb947a4d8af52ac8
SHA1 5ad7b7cf4148b6bb1989f6af7d46ed702a31cdf9
SHA256 6119017c3475d16af1204e39fc012967c1c01cf6e8ddfa356aead24ce2051774
SHA512 6d2e39e1f22adcef1be5a74495b66aa73de6cf1c36168d39bc7ced7ca59fa0f77640e74d3dcd40abe9d011ded81cefacf9755e852519d46362a80cca0261034d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\storage\default\https+++www.youtube.com\idb\2556004075yCt7-%iCt7-%r0e7sfpco.sqlite

MD5 04ddea743b7f60109938dca035bef748
SHA1 8f8f13e086ccf9f329c80887839b0490e13d96ac
SHA256 7077334c641b3ecb25ef4e622b9d0e9bad6e85a2705e6f686bb0bdd0ca44f812
SHA512 ff4d6bccf91e2d3fb67b07c46a3d38c1409f30844f15913bd943dfbd1b5fda62c414851ec926dee5aa2d4df6d98447781372dad1dbb7d6d2df7d3723e117e5ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h7xcgubt.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 77489fa98b21bae0070399b1ea447d63
SHA1 5f7f7239754ed199d74301997c8fb89f3f492da4
SHA256 b7ecdd2277cce9b07f3149e6167c41e66975c418e06640ca9f6d870a7482a8e5
SHA512 0b0ff1ee6030daccc938c126fa79fc597804c404247e2d069e512cfe25e819767879453b4d4dae43b64c0311fa6f2a01d477fc48166e0cb9af57227d24088de4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b9bed36028e6f82db8faf5b5da4f0970
SHA1 3bdad7b341cd97540af4e48e5d97b6c3705264f9
SHA256 b57c93430781ba147c2cd80cd0748bbbae237f18749143cec907f5d130e052d1
SHA512 07bda8c9b1d010bd5469065c06fd28360d5d3ff326f29e81eeba227d043123929a5d8d52814ea22be4a33059b07fe7ba8e01a9efa22a91879925b6aa6b77bdd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ef2e1727813a408262b4860441699fb
SHA1 9ced44e3abd7f9290498a384b5bdb086a8ca1880
SHA256 fdb45360401f6640061683649136686850993009cb67de10df22e3d1d4e99608
SHA512 7aa437603bac4e92fe229d316599a7f0d3973d84065c30e1a9f40ad1818ae47a059606607dbc2ce9142fe5f952f7b598b4440fe3de11e380de7e2b1ca48cdd62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58437c.TMP

MD5 c1fb8e4b99ab7bd4cb1f2b299ccfa43d
SHA1 5d7c73da7c2086910d38d66e1b07602e2e05ef7a
SHA256 c9061e37444eb35521ca075fc31155c2bf634d2775bd883764d6f38e1c583745
SHA512 1d28bc6abba747273dc2213a38a03c49625394a489a95a74c3ec50d5965e186739a8ecda89028b2584c7579ab6f5545304431ba6f55d4d660728e772a50d1a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d3e1149c8844dfb5416cee3a02834788
SHA1 b7a6f18671e513d6af2a444614a43d915b404b3b
SHA256 0bb29daf7c18c963f6cb9a2c710e613101898be3fe9eff7f2d793369fb0ddc6d
SHA512 800d29466e820df841554503325255aab59946546280acb3bfe84fa3bfec590621a420555ab5b40dd4c17bf5bfb77049a0b35ed045c83a9e1e37ef96c9b964a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fbdaf822b9b9d17d78b01508c694b422
SHA1 ad834cb20220e876c85bf50acbc9a574367ce61f
SHA256 de621a318353fe789a20979ff5bd3ffbaa04c7f34a8220719f06f99684ba01b2
SHA512 22a63511dc4950a7c324aed0c5d0c9b1817adcf2778cba4099ccea2f1ee8f9ccec8f972c64322573e7167dc39505d87cca4eb1ef4ba88aa956c41f6ce462523c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 44e5aad5fa66bd9eca86b232d38a936d
SHA1 0f3d418214f712456e0def8e5e363c17d35e1d0c
SHA256 d08c510be690adc833824d5cc696abb049b72fdad625ce22127fa01ac0074c53
SHA512 d67ef7913fdfb46cf4cd98619cb82a7352a47dfc0cc31a1453d255f6943128a692cb870cce6bab0115069729a4f0b40f7025b2f951b3f8cde42aa9e5999d5963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2af4e623041d0bcc9326075c0ed955df
SHA1 0427ce1d5f35cff9368ebcb9ee31f6930324a010
SHA256 37a88fedebe4dbbe18fcd1bd9ea786050ed42c635873219218e6130a90f89f4d
SHA512 24d786b9559268b2fc53376600a8daeb6b239e584f660362915ae7aea07c83dadd891cd3c30a67c3a6d793498ce9c2ee1a593fca51dabd810932fbbde9c2dc5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d9805fe6998fb39ddf570941044c82e
SHA1 e0025a506a35ce27a4709ee2e38b853e62c4a599
SHA256 098aeeafb7be0d15fdb311b1369b515041528392e610f9553124605299103733
SHA512 67b20eb4c950afb52c42fc63e36741eea4b7168f5e2ad450e29b44ffa12a859c25d4e8fc93916173ae1aee8ece11ae423ae37c809eda1d59d889583d9d925a19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\prefs-1.js

MD5 11cccc3f79ea0ea01b1fe37ab8ca43b4
SHA1 cbcdcfc2741835f77cae6942867ecc96f170bb77
SHA256 05418dddc3e9f4fb93ad1ec9526a8d398b701d5cca036137b5c7dfa0aac65a4c
SHA512 251ca25d3082ce4a3a31164b7bbdd2c61daf9dfcd20c087e20107b5c06a0e8211fdd7247b25dcaa5356c21a7a1f8ba5fe0d664f4a0a8924146aee28c54f05564

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y3KGR9P1\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 33c81078b2d76016a74266471bfec6e1
SHA1 604f2186e610e4aa49ac3403cd7ff9a831668664
SHA256 0e971a113d3231b12aabe79f96fc9f58cfe832c4eac44f7eb847d85bf5a01e0b
SHA512 93376e408011ddfaa8aecdbaf86b2e558f4451e6a4bc310aef4cef822c454196237ab6628f617955282261c93161106b1cfb424805519229f58947268d90c937

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589fb6.TMP

MD5 b5f26dc6ae9993dfaeac583499fea101
SHA1 7dde87f7fca4ad4e5e645840720c5087abfb2a09
SHA256 f118aa10f184a4512727a3918c3ac54f9a6e72d6503fa7422ee4da8ef175dde3
SHA512 6456ce50c541b3e523e8b06d3444a25e73107dd62dbb0bba4c334651dccd2be5475cd4af6a0ba89a821f46bd97bc6378347f8e2ed7af8a14e07bd6d60854efbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\sessionstore-backups\recovery.jsonlz4

MD5 71bc67b7e5796084c9028e73ede195ce
SHA1 e12d971905e0e99c649e59b661a37d7bb0e40300
SHA256 d930caef6712a991a47ae70c5c82dce4d14284cb0fad20d2f7440980fa0befa8
SHA512 3101c548ab5a5a2e16319fb0920aa2226ed9849c58b16a2d8b89f0bf23387a83041dce9b322a42c2dc3fd5c75e2005c4639399a7612f4ff7e950b4a90752f5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e410fab761e06d6c9079ef2ba90deb39
SHA1 d85cc0632929356db5d9f86eb9bebd9fcc92ab40
SHA256 5fac0a2147972ed89148166f790cdbd3849009e7c5a8e91550ba92108338d965
SHA512 c85ec0d618f3ad5ec83ace2ae6c38f5ec513d8ecbcce44e5211bf6e608b57803892eec0d8a99e227764d93101a8ad4f165f89dfd551f36905d199c3ba249e9be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad2f2e166ef0cfc7108ca9d5dffae987
SHA1 63ee467ef895c5eb319470c414ceebd9a4a5ed4e
SHA256 caa3133afe7ad1dd7a21344485a9809df018491c4efcb692bd989f4770787ff2
SHA512 1b79058b4fc985525f937eee82c27680c9fb1b6d8fba82299914191687ca55a6f3b687b2f32a896ee7bbcfac89ef18222d2efe47081ff6eee92e901f620d75e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\203e54b3-344d-4081-a17b-3305554e1499.tmp

MD5 6dc33fe3cba2f91347360a19eaffb74d
SHA1 9e67cba00c82c62396eefcad8de8732fd34061ec
SHA256 15e5d992741981abc276253353381d9d2b1651ee9a1a09b76f8aa6772732479f
SHA512 cde0015d6291ab1928d82f2b8c6019e1111991628d4987d9a54453961e0477d71fec875b4a9a757e6650af8556e3042d29dad3aae345ffd744871308085296c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ae9924c2992dd5e7d1db941db57d6305
SHA1 78984b5e23c6b5eda15a53a49be544a5937e51ae
SHA256 66bbdb48af66c152b28131c48386fd072b43228338e62d146965ba535b80e474
SHA512 f71a9347be904d807dd9a6b8d2525482e6c94074afb9c89e4b98409157525b078f15fbf75a2d09d69a9533553960a7d9b362ab2f784aa3259b85c4313f810c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08dd1e1dc3ae326cb7813d6bdfd2c4d0
SHA1 eb3185bf08bf9d0467e504542508b278273de7d6
SHA256 3bc6cacef09115be7a684a46332f72c76149e0981e493037911ea16987ae90be
SHA512 01679c5f5a45a25d5d21c0849e4106e06a222518551fe52fc247b0430da2109e5486b2a6d5c0174264ce442e5505e66a926c7dc86d5b87fcd9543aa1a1aee2f5

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 05e48cfd1ae06f7f024609d62d395317
SHA1 21aafcf9482c97536a6e3eebd53b22a0113414ff
SHA256 3b0c419023666b9ae2975387d97a499cf2f373e336b60e7b019e2dd28362041f
SHA512 e83dbbfad81baac262a1805e62d7e9c1c344b6bf71f87ee2a00947f98554d1f53025215e5f2a860e41e70ba7385cd247c651658588ca635c70fb2a606fd710ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 889ba14e857a7f162154c6c5cc91b02a
SHA1 363e8faa3fe5ef59cc392ea5bca9fee0f9ca31b7
SHA256 8d79f24d9dbac9b24ccfdd0df47b16d8c05c0bffe563249ff141210443b2234c
SHA512 82e429fa93c691954a086ee2fd5df8b7522caa57a4df0e60f8b0e27a02a12120bc235e247fa2047188245cac618c5e3d17c3f6edfd75c3bee12061cb69f5b815

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h7xcgubt.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 377b47552681fb74d3c5be4b65ec5894
SHA1 2fc03582b6540a84f4416367afd20afb4526f5b3
SHA256 7c6e8e163f90f3d3aa4caad8561c40cb1f4050e45c72431eca29231951bbe8bb
SHA512 ceb230ce33311ef99b731d2bb0d12c25e48b2178230a327e918894f72aa771f5368431fe91f547a39c95fdc6469b50226adeff10c6ef83b713b0496c662dc6d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7a24c0071dd9ff0d5b6b999605eeea51
SHA1 cd2fc83224ad77fb142b2eebc5082a734ce9483f
SHA256 f8ec828d717699999c7ba725b63c90b6314d02a1dd90e5994b602e5da88ae303
SHA512 ca0cb8dc214e5a5425c115d661ca6fb79575c5b46e2630c16925165a4ca2361e606f0cbe9a323ef63cf873258aadcabb332912a8a5d6ede7d889fde4298f639f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25543666eae6a4628b47842226599b23
SHA1 d53a0d2e2e7026d01293125acda5fed8fc697a77
SHA256 167de11ad1506967df245d8baefbd31cecc72be3f338991c8e8976a000c64252
SHA512 b61fac08664bd962c5d7e1c32427ddee98a2c61ee62e0d1bf4af0da5f711d7fcdf150de961b605611147aa9e3c500a967050c176867098f7df3e21c4e9bbe318

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 04ac544ff2b8969497e11b742b3c34f9
SHA1 7b6a91e320028c716cf0fe201f2ed54e22d3d462
SHA256 08b65205c9d77836dea169bd9ae8b3849f6ac7f9d68b044be21eca8d1a0f6c85
SHA512 e398234298d08328a1dd7e27f174c96484f40002545ded7dd22a374b8432352fe2ea05b598c66c3bd297cd3a10dcde7094185cc4e31884999345aa6b6c0ee426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2c882cf207d5127130eb62ce52741daa
SHA1 f341cffd5aaa0c31ef7724fd7e5656790e918fdc
SHA256 93c9cb3e7ff85431707ca7ba4c9f30775844d4fb8a83986089cd5b0063c8e5a1
SHA512 49898633b02f25437f72d52b0f7b839fe62325becf27f86bef372281031e9bf4abad7c962d25b2e7a1b2634067d15a74103b5bc9b66dd0ee7eb585b54f0c5759

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1d7402e34fe75db6ee1788453b3d7191
SHA1 c7de1837b746974ce66a5d5ad7d06ebf259575fa
SHA256 65a1776a15517cdc990f88b66f7bd937475d550ed6958f4b5eb27e5d0ed2232f
SHA512 1962505afb5f7768e696970c866e5bca86ec0b6f505285d0df726d0f51812e2363f6722d189e3484c7bcaa7f69c9b45d5e50a8ee99f64615a1818cb93cfdd48c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d14cc52009253a7261536a3b777fabce
SHA1 3d06e7dd9714394a7d56942d3de156b93692897d
SHA256 4b4b61a5a56562843b5a93f841a79bbdfadbefd33db7a7476f557b019feae3fd
SHA512 a5b39732b5d6bd605bf8a620e6bf82d4fdc355de2d04f888ceae51ce46ac44818c13b1efd0a4288c9181e757cb02df7cf9303e19dc63e7a2c0b94df18eb53550