Malware Analysis Report

2024-11-16 15:45

Sample ID 240218-31b6safg4z
Target 1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4
SHA256 1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4

Threat Level: Known bad

The file 1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-18 23:58

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-18 23:58

Reported

2024-02-19 00:03

Platform

win7-20231215-en

Max time kernel

54s

Max time network

295s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000004473b5a87fc58febafcd53ab4304fb53ae02f1f614987bbaa52ec65429b9cb90000000000e800000000200002000000079a2bc5490efdaa5cd1f96f638d2d63d3fdd2a2cf50dec2ea2322facd9f50aa8200000008f030d522000bb16d79afd50044ec72ddb469b132d8d2fa60b7731afe0b804fd40000000498ed2fb41deb6ced2b54c54550bbe35a256c17bd440e405971b856c0acd8fb37a194c384f371a4aa2b4033f1f70950c56a5d46966a6152ea966b02dea10d7fc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000c5373c662da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000405f40927500cfb3b0764e31c631053460db78baf242dfa5882ed9a519f6f024000000000e8000000002000020000000503a9cda6a959ea9532c9bf01e4e1816f5a8ab52180ac547bb1b65ec6ccd45e190000000bd78c8179e535f31f1a3842f2bbca45bab0656263606fbe351ace4d27a325b802de79bea8213d50a29f1e7081d5d65b1e4a11867d90a37b59666ea8ddc6b60d947963ec4f9b12543664f2aae25562dfe93b875c44eec36428f1b576e83a8882b7d545fe116201715349a38561831874ff05a8fdd6e9528fba6405fea7c6432d30a981e255fab8dd36c52d04a6b87b5dd400000003c5e349e4444ea6c1efdaebc139eb50a16956c2c728edb7b2a8c4337db80dcbbfc2b44e013600997fa1fd2a500141ecb2d0a28f0354df8ed08ab1ba35ae5f7f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2276 wrote to memory of 1296 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2276 wrote to memory of 1296 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2276 wrote to memory of 1296 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2276 wrote to memory of 1296 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2244 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2244 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2244 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2244 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2472 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2472 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2472 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2472 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1704 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3048 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3048 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3048 wrote to memory of 1988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1704 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2016 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe

"C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6609758,0x7fef6609768,0x7fef6609778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6609758,0x7fef6609768,0x7fef6609778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6609758,0x7fef6609768,0x7fef6609778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.1972950737\126726953" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {914bbc16-ebbf-4e44-877f-d8d983425401} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1292 60c4158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.907770877\1783240307" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f261b2e-81d9-4eba-b592-277131b38496} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1536 54eb258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1896 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1888 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.1695334843\670601615" -childID 1 -isForBrowser -prefsHandle 2184 -prefMapHandle 2200 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e95159a-2a14-4a01-b474-bee78cc9b8d3} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2176 18f88558 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.1541266031\14485444" -childID 2 -isForBrowser -prefsHandle 2640 -prefMapHandle 2636 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dda93800-5ac8-4693-8268-debd9dd2d066} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2652 d5b258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1296 --field-trial-handle=1412,i,6912756454159378850,12190689987463821298,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1412,i,6912756454159378850,12190689987463821298,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2780 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1396,i,8083260101782114763,9831005211496829847,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2960 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1356 --field-trial-handle=1396,i,8083260101782114763,9831005211496829847,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.1555797690\128638531" -childID 3 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8037dd8e-3c28-4c4a-a8d4-af454b7c1595} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3584 1b95fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.1853440589\225382852" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3700 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64d07d45-c54b-48c0-a60d-a75036615dcc} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3688 1f018e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3548 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.91931838\1826055030" -childID 5 -isForBrowser -prefsHandle 3604 -prefMapHandle 3672 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {851ae3a2-288a-49ad-aa7d-e9f8013e3063} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3804 1c5d0a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3580 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1744 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.7.321632206\993974760" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4104 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e614bd30-61eb-4df7-9be6-768ebe97c051} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3604 2017e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.8.174468511\1437584863" -childID 7 -isForBrowser -prefsHandle 4224 -prefMapHandle 4228 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bf6ee66-0eb2-44d2-8e79-68e12b2f7e27} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4216 20284858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.9.192072968\1065290461" -parentBuildID 20221007134813 -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2460b405-8faa-4bec-a54a-c1099952089e} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4140 14243858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.10.289597975\1360547320" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4824 -prefMapHandle 4828 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69f0ca2b-ea83-460c-85a4-120126b8ec5c} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4804 1b16b458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.11.474955567\1823478444" -childID 8 -isForBrowser -prefsHandle 5004 -prefMapHandle 2636 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c15cf6f-c2f4-4b3f-acf2-16418ba73ea6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5028 d68458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2896 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2016 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1396,i,16416548295917816119,14238344025932941823,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 157.240.221.35:443 www.facebook.com udp
N/A 127.0.0.1:50123 tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
N/A 127.0.0.1:50131 tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp

Files

memory/1704-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D201871-CEB9-11EE-8809-CE253106968E}.dat

MD5 209bdcb7e1685c5084a911bb16028797
SHA1 9fc51c5815ec61895a486ce142a59ae628ec51d5
SHA256 f5062b9313869adf4a2b760f76ed653cbc7dc542f3fc0e572f5b0aedcfd17ba1
SHA512 f4467bab856fdbedf858ccee4a823e873a37714c505418accbd5fdc472fcd3f5a5d6f9166c8ec4b6728263ab092bc32758095637c2b2c6b4184da8111db9972f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D1B55B1-CEB9-11EE-8809-CE253106968E}.dat

MD5 fb3d1f64ce4c9e0554411d52d26fc512
SHA1 c37cdc67af0606b3235a2de76914951a3a439e3a
SHA256 37a0fbc2df76b8e62b9c417ffb656f72a534f49657c69f2480085351d7330293
SHA512 51e9a0427a0f34a1b37cc44bcfae436851a6dc17429d21ffa5e14f2d494b146b4f8c06ac9f4d1a9c85962e9a43ad559daf8cc4a88daaf44e92546f4f41dbcc37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D1B55B1-CEB9-11EE-8809-CE253106968E}.dat

MD5 ad4f58a2d504298776a80cddf3413e3e
SHA1 697b4f4f888529fd72f85c9e50a5a0fe48eb2333
SHA256 91b66e47b89224e10298cb8ab1394977e838f0a0732379c859f9c5f95965c270
SHA512 dc0603df0063725209a25d526f2ef6fc54f9c6bbc5015eb35e54731cfbd3c1dfa81c54d7a0c37cfe93e77ba5de515e62eb46834f915c71c650e38779a006a3cb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D18F451-CEB9-11EE-8809-CE253106968E}.dat

MD5 f8f7b8878309d27b79a18556284cc3c4
SHA1 eae9079120fc352704e123eabe005405c34d6bd1
SHA256 bdf85a3f4b65af4f041a9c25f74ddfbddbdc6c2f48f29ff93db95fbe85bdf264
SHA512 b364bfdfce83613889c4cee33d55406bdd5568a3e96417289844c7847486916b77cb0f8fc9655d457adfe416413be52be0a87c102c51ece0664606c65bed6495

C:\Users\Admin\AppData\Local\Temp\Cab4856.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b1281a2c0ee0ef182df575b4f7e69e9
SHA1 9e14a477a85d059f6fbf3b34022794a74abd8fa7
SHA256 88a7e22146fdcbadbc49d4ee0c4bad83d64ad1143b843dd2411b8af7b1be7a40
SHA512 d5bc4e304cd0777d2722cbc5040e220e152c1ae1965f2646cb53a4b39873761ede207b25bfd85dd64ecf4526cbfca9e31c821585a8915a3d6f44a7d200de1869

C:\Users\Admin\AppData\Local\Temp\Tar4897.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c095e07ed7aec220d5790834b054f348
SHA1 9e0358ab17e08afc74ff05acddee378164c83c38
SHA256 51086c0e2226ff40d4883d0b7f93db26f129b63e58f08a8478b3eab64fa5d716
SHA512 ca532e44f281b514cad6e2af44eca4ddcd91e29dc5fbdfb439b4d7b8a3692026fa6350de6cd505e092a6759316f10b521d4eb04cdd95e0b4368cbbf0a2f6513b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 bfeda1276c7a329dbce323283a935d51
SHA1 bac50b63a2602e71863e2d9caca317673bca780a
SHA256 71878cdb3a42f73d59d2be7e63a8939f50e48c4e416f3779870628dc68722694
SHA512 b6bb3c655709564857822e3139cdf582f16a6325d2a6f681dc19542f2933fd5e0325fc4cc20f111961a14b318fed14a92c87a81d4d13b213f83f8ca71eaa0ca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0b02c1d9bf57e6ad7a7efbbc29c03e8
SHA1 e76b9b13c8f2a312817e0c71446db7f1c67d314c
SHA256 f3351113cf3c5b0ca4a1741a665a7e38a1fd65858d357516fce762c8bfa95e18
SHA512 33477cd9d706c4640b51ad66ebfee56a37febf21ed51b88df3f4cd1b7791a182d2ce09d316c9b47c3b198090860ed2e0574937dea1c15c343b9d26ec01853651

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 459afaa36b75f31a0d3e1dd9db26e355
SHA1 2b396caa8da8f86ecd3257674c653c2a554edd2d
SHA256 63ea5e03de84c18db2d80ff1ddb8221cd8e928a75d24a0cfcf45591dec4f3acf
SHA512 edcc79bff51b0857bc301c64d47edfd8cec6b3bb79677c81a943c9c2d1b9780c3d1279947b1796db02463e8513f5541176f1c8bf3463c3670a7c7168ba075264

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 79aa8698647d2835858423068bb1d29e
SHA1 9810137166b605d14cf25ed432245bcfd8f68366
SHA256 8893cb1ddaa31d37ff8e5580cdecb3d464de543f8721eedbdd510f7e56e54e8c
SHA512 789aefd465ba30c642202fd3a87f0559c4c97cc58d33599904f5ba456718be0b18c516d8d313cffc644e184354e5a7057726d3278847ae96133521880f8f30a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 3ddd4cca291384e31d97a3a8c0534207
SHA1 73e3211843a7e3c7eeceea51ee34daacaf9308b5
SHA256 30348ef76fdb2006d1250e2df62236fc3aa21c7e97b9a85514fc8bfa2a99ecbf
SHA512 a8ce2926dee5a176c8cd06b9ccca4b1ad08c3d4c77c4fc67e1f17b01b4df11db6f05e86be12430876d9a5f30b6126579b9b1358d93d44f38cffe1152a4960151

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 3678bcc3de371c77fe3a5f2c7efd4f3f
SHA1 a0e3f29e08bf71434e3cff36507c0fa20b4793c2
SHA256 873f58e7d9390a70fd47c0ec1fbad51c94038298e094bfe050d7462123c39cba
SHA512 405f828866cdd3084456aaeb9cf00e5ac16a48fc93bf46b42080bf7eb314fe6c0a307aac1689d5dec6958e46aeb772ef435644603817e26611fa92b2a4b07925

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GNTDT8S1\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N9NUFAKQ.txt

MD5 9be9f94472a4899b861fcb7e3138e7af
SHA1 67ab76384eedd11f7e8deabcdab50ba18fb9a588
SHA256 e00a6b9c0f6a8b843d5c6fb43c5431affa488e0c7b3db70e8d848fac4b94f7ab
SHA512 0b71f253e43d63aca3aee63f4edf722554282797344ef4a21d4c250fc7a1f7e24f26b1fd9d82004f0d037fb280934b3fe7fa0c2d80ec94b37f8f187aa96bb0f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 5367c3d760b72e1ecd19c70b506261bc
SHA1 6ff2d68df3f78e50c412111ecb3f7071a98ea9f3
SHA256 7010abec9f92747076678b51cd60f0f69ab407ca0e240595a0260083f6599056
SHA512 205bbc671eebd0b62f4ca16f95828b8b085dc1a7f01265c3644c52ef2df8d4a68773c8691589239ef800b63efda616e4d02e8644b9f7fd4447cb3b171c5058f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 51da91b25e69bcecb0b703b0dc7fc8fb
SHA1 7c6ec254eecb6d2c3606b20aaac7eff71b2212cf
SHA256 615db9f3df47a38d02ba7a75cf30386e235a7b68ff7fd322c5dccb3eed17f26d
SHA512 d2f19b0b2085c1dd9498681dd6c1b9a7776e054d9b21147684bbf9480c1737a7c275e9503751764f1ce437b823cf0f9b7aaadf024ed80129d88801eada311b9b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 969f72369b17b577c3ef0d46b4b7bd3d
SHA1 ed150f3a4f4aa8aab210e662796bb5c2103d20ac
SHA256 0bb6d5e1cc91549adb4855553ea8a576ccb68da7670b5a349897754a92b4f706
SHA512 1cc7cff4b2c9c8afce298c62b9563c97e39b9270458506b5933267007fcf0bab7d440fcc6f83779cae6dfd7f7c8821df3356b11630e31868244bf6f31499e97b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b38ee6b36ef2ef08caad9c876a2c753
SHA1 de6b6fd2f59d66a9fb5c38389d0b5b81ca5df3b5
SHA256 35d6f94c34b74063450c2117a090d02b2ca8a0b34c9c5381c221b78d7923cdd4
SHA512 1a502e659d5264e268b099ccba248ca981421611c026a5752e9a2e21af6cd318533e4fd6c598ec4a6c72c7ed4a2a885e07722023ef77be5080b74946a98d183d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8948405f9779fd10b42268ad4d3d99f
SHA1 36d06a450f601ff252f2914f638a2c39e00f1786
SHA256 6eae38a2a9a89dc475a04aac2aeb3a81713843b1f84217b18fe04483a340dcb6
SHA512 25996af233ccf88d5a6eaa948f4e7826838de88a382890f34a5ccb01ec90691a96ef01a061b6ece669cbe139e480c67107bdf5c907343f59f634a32a2abd5008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b87908fc973bd0f6786a451eb9eb516
SHA1 3255b9629c7d30701d8e5bdaea5bd6b956dbc5f5
SHA256 7edf40cb007dd049b2c309904ad921d5beef5a1c4c9bb4fc0adf8619fe7247f8
SHA512 b6056dca6181ef6a261f36f314a374206eb87dad8797c058688701e4d4109bca60047e3b1bbd7b51e9686faa2d1ddccf754344b9d9722493d2bd42fc8534d0b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11ea98fab85a5b3843a5c69b43d9be8d
SHA1 241fdfcce72d213118336a58d2b193af29f7bdf3
SHA256 c883f4b107fd9e5588ed7aeaf6f4bdf94c2012855e1e44242d19865c542a08d7
SHA512 0e3d841f6d752b51acd3c721ab3ac2773f0b6dc784863e33a9d8d60024e32940ef6b98e901c0909068e227f9d42096f2b5eca777d7e6ee19b999d9ed06477efe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25061161cbdf42ea6dafc4b70ccc96d8
SHA1 89bd9f01280f807c89aa630e54f457d69329fc19
SHA256 fc19d37a5f7077902850f3fe6f5aa4e3f6c37200e07ac3721aa5eafb5db029d1
SHA512 5c848b0505d8e8f47f5e5e2e1503cdc7323fa75bdcdeea8e7b2b15e314509db84327a2f608ae56fca24102dce9328b808ae6f44ac6a59fc6b73a4959828d9ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e7effc4f599ff267ff8c6c8b5f9bb81
SHA1 b835086ac344e14d9e28b75602c80a03dcb76301
SHA256 bb9fc827b06f50b3aa0d9a90a210dc09b4ba8242ca6610db6d23564fec6f903b
SHA512 6eb2d1ab9ee54b4b04b00525997a71ca47c33716950dd15fca4fc616140c4c281a1efe102d541dfe55d97df14254726080736535c96496d911414d870011a6d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a499e6add884667ed6b4e7f31f67547d
SHA1 435c2906c61d0e2f33a90c4955446dc92e9ce066
SHA256 55112cdb01737f5e9c2af55370149c6235ae53e7b5632c3a63a004c279401a3c
SHA512 1ee608203f77a10b228efd1751cd6489e7575c4cf0dcd99184db0f15ec41c91e6c77646313fc7e1fd1fbf8b28759d3e07444170fc123b8d884c5f3feed418efa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c21352fb28f3da94512e7d0575c7d91
SHA1 8b8e25e08da7b8dca4640a46f30b85a5eadb0929
SHA256 0c7975dd5c829995b04d2eb6a6c67d55bd76ce0b4ace599690cb5ffba9926e97
SHA512 cfc0664d2b7a87d23da4f2c6f99a515145a7c01a0b075d7c9c286fa3471cfaf48fac59d3832e9e82fb334939fad3a9da9cb7047518afe4ceb637d576f97949ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b75f949c4a8fd73ea85770fa9c8e64f7
SHA1 554d1b0fced42987862bdecfd9fe27a165e56a8a
SHA256 42eb3632b0cc022f4874a4e7ed41fde298de516204a5f1b510b92bb8cadd8266
SHA512 beca96674749e041c27f339930880d90713ca1698cde7d9b501d75a2dd06789063c11ef756a74eb1b0930e6afcf35aa189d56b866409909128c4502ac61596f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53b800355735a9d3006a0db22a751556
SHA1 0cd8e8ddf3286fdeac42b721f25e532e91339ebc
SHA256 ec2c5515a19dc2b3750b940c5a4ae2675e095f4f95ad248707b2647aa450bed5
SHA512 9e3f2b1a58390cb79c1f3a73968f6fb73f0c3694b0654395a97bd8bb98e98e6b34543c70a46902b651c7d8a6049c3ea63a5468a50a569fe12196685979e905f0

memory/1704-853-0x00000000002A0000-0x00000000002A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c45e0616ec7c6b20d34f0f14282f62ef
SHA1 eb2336c1ba44a8932127f515d4f9e218c5379aae
SHA256 ee6a697a8106b3fac3486f60d6e5f0e42045f873c97455f4644a5f070d029132
SHA512 30573e4fdfa88c62f6f3a30b265ed6f794ec5e86a528922d40ce273ad4c5108b56119e63eedd639f7d9c29c36e3634e3e9800a0212d569838e01d10051b666ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1920_KOUHIGJIFLJETHYU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7ca86a95-6047-4241-9713-8a1f02403930.tmp

MD5 04450494356304f785dfbf1341ce9891
SHA1 f75622b8319072125440f72b8834c6784c95f3b4
SHA256 a49bf9ba7797bdd25dd628e85b2915b75938f58285c6da57cb21d853816d6b0b
SHA512 d8c461fbe2166a28e6438cceed28b3e54651afd072944ad88f81f685532e5ee69115eea491d798025c7e5e47ef3a151d7811789bfb5d7bf9281c5c1a3f57369e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\9eea8ea5-a040-4dbf-982a-2e7920b6f6f1

MD5 1ffd1bcaf5fd361a4baf4761c8797631
SHA1 5697aba8e3f74574ec4914a373b703ded50591b4
SHA256 febd09c51b7db0a9d5b900e4f4d6dbd149c8b50406032b73afea666754b929ca
SHA512 3fca3a905a713be13fc1f046605663ab002bb8eb0d9b16719fdc1def360e8c350fedc5e963028229f26b425d041cef84492df7a9eef26870eaf3321c419bbecd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\3754f0d6-0c19-4d20-b7f5-488407ce9f4f

MD5 c982c459b3e92a5a068bd03eb4be1283
SHA1 b4591297f93b314523c6024fb8d42c05d2aec4ee
SHA256 acd051b5c9758a9c89083a867801d094c10b69ff124d0ffd41d1294ec250cc6a
SHA512 535ee85cba7438d033a7609ca70ebd5cc38656984c6aaae0df1b393f7ed0ae2bdee6a64b94b5d1aabe448cfade6fbd16b01bca2e6f12a53dc3864ccfda95f44c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12c4a256-ada8-405d-b694-3e874e9113a1.tmp

MD5 0490c8e646b330aa4db3f2e263f54316
SHA1 03881f6c392870c848bde12f6be77f1b74ca8b80
SHA256 d3b075f9f38e67a7a61ae36ab3dab43eedfef5799ee5c96e2bf947223200ac72
SHA512 aceea545ea03c84dbafecb05d0046239b418c184313250169b4e6ccefec78cf1d9f83cda24a61eea670920f9c772b18e0ed2632ffe856e28e1bd196405790e0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 0c775cdab0b027ad439761a5ddefdcc6
SHA1 99d26fdde922ccdab7dd6a01b8f35930d574f274
SHA256 fc1dc11221e57a97c4544568eeb3d4fdeceb386c8a945bd7e33bab0c375f291c
SHA512 a595bb229d1ea6d58494ad30283310b0e6da964f22404e1c9bfc89c22b79196600808cba0ac4a6988c05734a71ceaf1c6726109165dc55c1021626a445e9551f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 151fd634b43d8683abb5c608477d501a
SHA1 6ba99f7dce4e7efb8c53b2e57926931b008a2828
SHA256 899c1a708bae405b1481b19141df664a2fa3c3a9632451351bc0fe37f78ab7a3
SHA512 05a23a623af93117c42c325805d2a206e187f1631c37d72334fd1a1867b70b2cba5b5f671ced16f6cecea939f7b4d7ce45c0d4017acdc33a6dece7410d553296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 9f6aa8a0886bbdfd18f5cedbcb7772da
SHA1 01ead72648a0ca4bc8f363946ebfe7a5bff7a146
SHA256 97df3fa25e4027a19d0a211dbdf44b72c96188aba7e4f9f60b5b5bc4ef05cdfa
SHA512 73c795e1021b4947972686068a778d9560231bbb104396a1ba829f4a2240aea296f540ee2f56143f56cd30e969f7d5743cde7ad60ddaa663d427c5c6c54d7162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 5bc009587d0a22fe832399be8ca00097
SHA1 cf705dd3a30c77b3292bfbf9b211856b33207456
SHA256 62cd49a29cb1bdf9185ebe2a662d5bf5d61fdf93a3625d207f9ab18dad44460e
SHA512 b1d3f16d7680de3a2fb5b25795275b92e11a7577797333e997c925bdd10716534170010c364172d098d56e389d11faf3809e6011d0acd22a94f21322697f68ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 0d179ce76919f4fbe5d700c277a9710b
SHA1 8fb41fa8e3d542dd77b94351405f6e2e66b1b77f
SHA256 1fe29e7fd731b970029e008f0a8ad3d38f5b25c3d2200c02c2799fb0de3e9e4c
SHA512 9331ec09180938afdc61d405aee7dafedcc4f3d39300b944bd5ce23871561754412d60a0e55a424c026ac186b0a8d4f0612d48084a719cff86f1dd8a42060577

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 4c12fe3f905d684174122f3899011f1c
SHA1 b35d665e5fb021348546f825d3ce2d8ea9068752
SHA256 ab5e1fd586a59778beb3cfd9750f822d663a80716081ba8b5464f3f404467cb9
SHA512 4315f25326bdc62fbe738879f369fde416ac99ac0e875173a69909ad5b97191b5f28e3a7e63d4497b91153f959b37d336b9a29156baab45170aaf4e63bf64f0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs.js

MD5 a9429306fb15879d73ce33980152797f
SHA1 86dd236c8100ad7c603b93ed717106f8ab6fc16d
SHA256 ae92eac99893c7c93ee58cacc022649e37b80a8028f224ff24ab35178bb91c80
SHA512 8e4dc6e83ca0abcd18c394adc368001674164f135eacd33aec0e9ad7e6a042f2df7d741ffb1ba6b88146414c850d34a3f7fa7fa51f950a2c7779c8d0e334fa71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b7fdfc050a74dfecbf4834ed5fd8392c
SHA1 3d124888d65f80484cc3e5d9b43ca05d94dc0bc6
SHA256 261d7591c1c63892412afafedb0fda9d3180595e256a59e6e1a96058fbaff88a
SHA512 dc685518ae0c203f4f101bdc8477efed869345bed5ad22730babde1ef587680a046bf052342e6691a3412a10a4ec5c17ddfd98224d771f09e8378b36a70f6598

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e2c13eb29fabb18e6538c5196ea0d343
SHA1 3eafb25db7cddd77995dea9d7eaf90087b38282d
SHA256 5172aa64d2b8e16b89d2ebd4f0d4cec4b25a53d9674467726e74b4cf4e58c3ff
SHA512 3f4e1c7a4f844a25f9fdc43651df3cd76af228bff0e8788bb04f08e645d2e7593251fb29fb2878ed6edb84f84dd5e620fcadd456af70a1a1202cad23c05e5200

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs.js

MD5 8e89bfe14881e7901154547637a83d4d
SHA1 af71dc8f531ee2d30f83b4add6aa2ecc1e5f50c6
SHA256 0021354655e25ff150b8a689387f052bd07472907937a96b7e0c931c6c5908ef
SHA512 422691dd140be14fec8b486dfb308ae07c1c76d42b979c20dad2a638781b557bba7d22bc8325a31546cb6d4bae8f62eb892270d2a4dead351b0f0f7d74a1f5c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\15\{7ea73c0d-e368-4dd6-898d-42ab8ebfb60f}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\idb\841677099yCt7-%iCt7-%r9ebsdpeo.sqlite

MD5 b6de9134a0ec6c85b308c5b5aa2e3cb8
SHA1 845086a22cea5e09dffc6365163fff7f32ab1579
SHA256 8e2075bc59142278c608bf9d30f755cfa7007dd64ba376c38177e32e6d30c33a
SHA512 9c7c0107a88d994a894577477c5e473e1286d2cdf4c07a2b0078c3cb31114f53c811876fe2b0917f600e424c9f7d3fbfb25ef9ef9cc32b08d4bee7d7ed60df92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bbc6e91959185cd360c002e736ecb8ee
SHA1 044ad29df3fadc634658d290825562c6084c3d7e
SHA256 1ddd486d983e91addb9de8348d590a00cd791058031d5efc88dd19d2e4328924
SHA512 1b4af5e88e90c3d0c2b698772665ac4b777c1e95f31dff08fb5c3ae988ed5674bbcbdc8da51d6bd45f4e4e245596b93944068eb6dbb49cd15dfc0ff384d17f5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 d3504c4932221a89e3e6dc977909d97e
SHA1 7c1520ee0ca47d4d516c12799f3dc6a3588a93a4
SHA256 9b335cc5627c63d6c58af575e7bc30516abe9a4248f6c493170d771ea4080d3b
SHA512 772acc2583aa296953c2b6f7bdc303133d4178ae5c26f9641307e37eac56a1d923980fba342fe380e3a27c508a8169fbb2f83cbae2b6d4b4794ed634a86ddfc8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7af5ecb779d1c65452f96b1f7dcd7a93
SHA1 a1eecfa969732831d17a8a53e6c0a7e8c80e4db5
SHA256 61427ac2d25cb6e8d5c55ab7bebe16e460115b3088eb7e4bf637cecfdab7df05
SHA512 75c3de411a19bfe46a09648f8f641e1159bebe514d31bc62247c9b47904e87c82f200aa843062f01a6d5ee549b197031b9573aefc91dab0617b2a11477f45133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65db67d796eb02daa64a96655fbb53cf
SHA1 6f19a5655cc548336fbdf2c332441f81570daa8b
SHA256 c5e7ee044259934012a65b9ba7dbaf42c0d32b1252c1cf7cca2a256eeb661d5b
SHA512 bab66d73e1f32bba4f01237bdb82eea69030a1aa5fc3e8169833fa341676ac8c47cd4a0f27078a3d2e7c22aa3f42a47e8b1e9fcbc20622ad810026217294ac69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84f4433580a321d27b841bca34cd22c2
SHA1 be18de41b8e5cd93efd9aee38c5b8b64f1381d02
SHA256 0fa311890efc24fbc615107d8030a212458cb75be0ad7414b5bb2222403657f2
SHA512 0c167422d7ab80d273c79e563b94282ae12ba3e1f554e87470e88e467f271ccaf1849dfd8d41015f694b38a7c150bd2a99639b3a85550c0614e1d42377e3aec5

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 b4b38b1ded70dc06efa38e1763d8c51d
SHA1 dc89bed474a6111ce34ebee70f4606bc2f02867e
SHA256 393524575409978733e3b5d58dd8c30d1939bc2f238ef09b699583f24234e16a
SHA512 e6f3d9647574b9464ab3df77f3384367d6ed864dc31c4c51a3c610b5f3665366de667ea0033a427d44ce4816a468aa97d7c23d0ba4b0dc300ec7d9455baf66fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a25ddc07c0b2f440c9c77030d677337
SHA1 58977a67c5d9f382ced0a2129babd2f860409220
SHA256 6a640762c82772e8c251fb09d6a2bce96559769bb73413f05d9b5465a2b64b93
SHA512 11bb5250088a387f4c26dd0ee6891fa34b7f1d6ca1ed9567e884f942c140d89acc03022f7394041ce859655bc0bdedeace35c021f944bcf99e5fafe22c45beee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b6d13be5f33ce32aafd0eb66820953cb
SHA1 c2d67c83c3a2d2c7ed7e4bffbb16baebb258c5de
SHA256 13be02f279b7e73a10ccd7f3012b3320829646cd8e4d2d4415f6b97c8fcd08b9
SHA512 928ba7acb4c619e2f81fa2fec8f59dfc7ba08de8b10c9322d7ab3eada0a6dde8095577191c23ee18cf7f854472d87e18ed27bfeaa803fdadb0b29c69931d4da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 07c88222c68c93a542fb6a644f5d92d4
SHA1 64cdd972102bf2ab33d8051b1130514e7adfad0e
SHA256 555c76ddb28325179f3385d286d9b1d465f31eeea7bc28a0b597f332375e83e5
SHA512 cc1b7e709ce7eb9f1752e20d9c28fd02ae7358534e2962cc5a23f23dfa981f77241ed0d107a0e1c92843c18459c96b9a655c987c046f170319aafde8898731ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a32f57975360e264330e46648c1cdabe
SHA1 1c4c6a0987164208bd4e61450d488b73ed494687
SHA256 5109ccfc0231dcf6a7656f20d8b02a51f08a5bed0eb89db520098cfd89182dd5
SHA512 f7e32e79d14f23cabba6d6230f9ee39f8b25decf04cb3c0a117f8996a16581b4fabdecdf95c7fb9bda9e2522f6683f0cccdeefd138b2f3241c3282b55d22731c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\79498C0A276821AD1523C74BC1C5780E5898BFA0

MD5 4b90a7139a4fa71d135f126c0aae5e81
SHA1 e9a5246f43f64d7de0df85a2ce3cd110ac5b0dbe
SHA256 4729afcf1740f1432780b0cd61087af71de301307be5a69dc1f9422a3e3c483e
SHA512 c408b62cc27ea42475b678f9b1e2fbeccab54baedb6ab4ef02dbc5fca2f5242675a923f6b3a921861cd20027d51c60ed8d6a3cb909f22a5a9347aa8ec413c84f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49cf26ef2d79f06b3bfed7967f95398c
SHA1 58c6d6aad20eba4e5b22a043b9bfe063262099b2
SHA256 9116f72967de911ecd086b07d9e629bcf5968424c23d933fdad296b8380cb939
SHA512 b2ffedf73be7461aa2606c3f2aa02c947ea687f1c248870b0dbad88cacd41b221b7636d127aeb1a49b4bac0e9c80b6499a1e33e5093e565a3c83a581d3ec6102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8195ea32a5a8af9aa3c58cb390a10d55
SHA1 3575bb8ad697e53b4f9688d574bfc46dc6e678e9
SHA256 b20ddfa9543a859ffd8d8866616e34386734d45e7f4f473234984dee28c42fcc
SHA512 d130677ea41e46ee83b16bd1f91b2ce9acdc3994419b5021f0bbfcddb4e10f746847bafeffbf70cffa3e7a9e87a1627f1f2581c2e2b646b1ed28c6b7ddc11338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7feb4425672a1b9d41b9516e0a72bb58
SHA1 a94be7d7d72ffa18b785ba19e103397be297888a
SHA256 d74e8695d756cd5736dd2b96db0160871ba27713e0dd0c5928122d07e49d9295
SHA512 323cef8c9bef0985e4f2faea51f8455a9225f14d1d517d73d8f4026c575fbf91208312dec819fd14a959066cfeef7ef8238328cfa06a05ea23d618de04e18c72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14a25c5422d76f8e256fde3b9ca1539f
SHA1 aa74c295e300d9127ec96b3d2fa3fcb1fb95120d
SHA256 754d6798b06a1621785cb501914c74fff26a51ebea66e53a630bdcfed2cb9528
SHA512 cb911cf1737f53a2b5887e74d995985bc168840d16b07fb1feaeaf2c8672a537d2344ce4c6f1001354451bfb4c84127e3338282d367c3abfd9cd81d2b5b89e35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f6280ad0296be087110743488998b571
SHA1 589b848bcb281fd080d07045f9cedf569da1a05e
SHA256 d46db83ce0ddf22ce89a9c44e7d4e14bfd8a951a9030b63e57ed26dd1d360e3e
SHA512 d3cb1b1270bdea70ed2a8f77a2d09a528f85c2c81db8876f2761fa99c742c2520d579702b4e2d03fcbaf6d967c8d93aa3f5685690cdf738d7fa899b503c61bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6af15bbcc3dffdb3213dcbd6a48389a9
SHA1 f16ba715af85aa2753e41a72a74f34bdf98f112d
SHA256 5b2775ea44d5f11dbbb98c042c035784d02ebc96a22eeb0994a4feadfa0e8a58
SHA512 1efcc855f3efc37a1554d331f46c91c4a255a75880c5c6a8e82b6864b325697043495f85ab058db89b4bc1332ee48e29824bab1ae46c1ec78681dbc1a73884bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b4b826418474c153cffa977d406c6d9
SHA1 c065e80e9a458c4a2a530498ef67b5eaa04f30a6
SHA256 abf1f6579c80ad33848563b9d2ac6750b5db5b0a134ce3d88f68489547ba72d0
SHA512 3a1fff481940785b8e459e99144671041526717291f28492da467c1d67d552a71f7e9ddc38df9eb4a3c600eb7f1464726a0a2fe8131560bc89047c565bf409ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9439bf467d2193fb849d2ac95bd262a
SHA1 e9b0540d64eb125deca134b11c799fc14386ad2d
SHA256 08d6382ab4d5ee9efab77daddcfbbe2e1fce9b21dd2109b51c1de78f119b3b1f
SHA512 842ba852024c4c8db36142ebc4907436cbfa9559ff9174c8251fa151d02749a4912d17e9046138e6011b43bb6fe227fc8c4fa8bb38531b4018397f1d0da761c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9db1a9c17172b81f9c05990119f3941a
SHA1 96e68221ef016122cd4d93710b1e116fafcc6699
SHA256 7eb5a3c0d449a262604a0acb300e38d75d33b1b7e8fe5fee7e26f5e48d2ef5f9
SHA512 7ad9679cc163b605eb82f01f5f03732cd5e26c65b1dc762a4dcb5e1f7de62c2dd680813a45cadcd6abe652e611b514ade3dcf4f1199259aa192132e111230f57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6344218317bb51d4f602faa6f74f1c12
SHA1 10b103dd10989ac7dc85f99c26eb657207a771e6
SHA256 7a1fe65cf5456b34442dbc97f9811ca70a4e2e210bbc314df964addefbcf2152
SHA512 81ebcfe8416db225274e9bfa6c4d53d3ba124460ad9d56fe0eeb34a7cd1a105ac965043d6ee4894b1ea454f3080ee1231395b1969e13053ac8b3e5fb004dabdd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5dede0672d2879c1144d9de6286f8593
SHA1 0aed65d651c693d603a3da1de28099990d06fb68
SHA256 455cceaae63808fd59d18829bdc7464055525fbae71d053f72fbf9c3caa5b588
SHA512 79a89b7d995d1801dfe586970a83673a9d5b783f0f2244a8d5d438bcc1f57baae9cd8fc4bce9df1575f7835816ff856687400464133a07c472109d331a3b5ff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\acb0343f-3678-4f8b-b632-76142f0ccf9c.tmp

MD5 0eba6101f9883d8bd9683149ade16d54
SHA1 087b016146e877fababc22be5ad602a930567314
SHA256 925ec9462245585d30cb959a459366cea30500e4b448e54543835aded029b0d4
SHA512 1a7095e6858e69eb66eb6c6159a2b5dcc9115750b4fc608aecafa490b94a7d0a5353da2ef0e775630c9a7282ecba0f62330679961d4216480300bd4f846d31ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d6c00600daa70e854823cf186255160
SHA1 ff0b2361794238342ad5ef3554d1c4d9778b7528
SHA256 81abf20eb431af0fcca67f8d4b39ea198ba5310e1ab708b298c4197f21d80a16
SHA512 08a3b072f3f032573bfc3ffb0b5165c96cd5d970ac2e83611ce62b95fb0fa92df1bd0d0618bc3792de7a7962b68b3d4251397523a1ab6f4f2d3aa85ba7362403

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 669038264969d5c110356f6bd1f16138
SHA1 421290a1ef9b01f5d4d4da39d57eb8d047da91d9
SHA256 dbb820004591bceca15b5e8bc41dc6f5540c9addae231a7ae3fc11271328b426
SHA512 92bd4306993f6584f422e50f735e69efb57e870b8e28db2de3e685e210e61dbf2466831b48cda7b60de5b742234f1dc779b930bc4b10b4a17df3e032d2e536a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7877ee.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9bbce9c9265ef5d052cd0a755a169546
SHA1 5a9e97f4e9d134e58da84bfee9804f3c04da4e32
SHA256 bfc6b49e3959b7bccd400e0025c7bd0684686120e98a4b5d12145f2538b11f50
SHA512 c5d35dd9c9aa125a2ebbaab18e721e487e72163b683ae7699fc3e321e6ec1aeed377c915998af55fa991e2abe6d90ecd0ee50d0721187c7607789109571f8a89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48cbf442d67b39cb0e232d49f572012c
SHA1 708c9fa5259a28ed1c6b5feb47228ac23f25e1d9
SHA256 12341d139a248ce9244c0fc348ba3afa817773ba9109b6aab5186b9ec7c404f0
SHA512 fbab5e6465b4564cdb85179184822f83a6f3d42bc856839bac50c4dc30183f5027d5523c8be47359d0c073147a914059d7f57ca7882aefa8759b576332c73b1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5d0c0f689befbe693223b906ca53287
SHA1 c7acf134abda312560de5a83c9e72af569c979ee
SHA256 58ce3f2198a2a89c47c2e3612fb972e9c710b66cdbe4f817131254a5c3a6e081
SHA512 4dcb6a50cd12661913443d47240b30e1b17b530b56f548894739f6d442ab88df7cf6a1f3c08839ab19a491b75bd500ae538ec9d39a5109d352e997ec961d9b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80916e1f277e44a1d3a6b543ca4b297f
SHA1 4497c63d24381318a14623d08a582823f6913d51
SHA256 864b6e528647135d903caa150016e4226e25806995caffdc8ae35235fc468ffb
SHA512 d93464621c8926439f38df0d0d12aadbdd72ce88ebe39e3f6de8a7d2da27504a69fe436e78cb43862924b46ca1266fd13525a652bfb4e734a6f1e62d1a0bfb26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dac9d26a1cf1a9c1075944438a4a2c27
SHA1 0707e311bc2c9782d25371accb804b08a5277f6a
SHA256 d99a41379ddee9d08f4f6d36ffb8956e650ec224bb5a5ed319e33b12f8fbac8b
SHA512 bd2af8018a3b9dc6e9533907ba6e655583e3bb82efd70051a3256b7c1cd3c935dc5152388f0cd6e2e3a72a4a02dac374acf9e4159c9638de5e44a44cf19f27fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 499b66dc78dc2123f559787f064a5536
SHA1 a23d745a3f2f86e03bc26ce055bd6fcd0ec8c33e
SHA256 f10e81388c69a872bdf6b89d8522dfdd9705d69b0f61b17a30c2d84583a83cb4
SHA512 096144b7f02c9792f3a8c3ed86be3f4915eebf20f305a24d9e3a7c50358ba8859a5c38cf6eaeaa60c14f52085642441b59a0f84cd2746f610120dc002cd11c5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 94b1e1630291754763ceb5a5d26013ba
SHA1 f000f60a3212a098bf6fbe7c49a33264ee1a3e14
SHA256 48540fc63b1511260bebc21b97b4ce51174ad5eef07b6409592c69f5f5f85046
SHA512 6e187677e47d532169380fbb3d403cd62d9b28abccc1d7233eb1fb7c1b27f15ce1e362284de89f794cf01fa589a861a5b576890522c9ba71017ae87dc7f5854b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 5d21e711c84d0751f6e9136f90f04f22
SHA1 0db60ae02ed9b82e5436c761e9e026240f2cb7d7
SHA256 406c47a4ddd69b22c58c0d477379b0da8c87657b4210a3fc66f0982eb4766f87
SHA512 43925737581bac306cd94c17b2a2dd7ed77c3665949f6d70e59aaa31f4b11459e051e23da2d053bba08ab2d5bf1bf9396435569ed7dd55b8822b846e82d5547f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3d8851f22e7644708d20da9cb2125d1
SHA1 5c63a0114f67cb8b6d567e91aa954ebaeb60f8d4
SHA256 bca12d414ca312f6bf7a6be9e85eaeb399901c3d66fb7d7899c8a45278b77806
SHA512 15d64fd8ecae0a34375e8430df8e6b06c8c462d82d1c50960827a2fc3e76eab59270f823fe937f4a1575b012e9647a4dfe66667d8fdb06b02b7f9579628a53a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc2bcdea2912eba266ee931479ca48b3
SHA1 e48c2151dbdcb92a053941b29a96852011c56c7f
SHA256 19772f030bbbcb7279a9bf68155e9c75a6caf8e70a854411de9a03fdf7536ee7
SHA512 552df492fd547a01eb17fa1bc52554cd623826352fc9290dc1ceb563b64e3af23721cafb0545f1c45d2d3d37a515e3116989b01e9a78f553dc608de543a110f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c9cd811ec61ecc602e2467ca66d69618
SHA1 27dcbedbbce42015e7e422a04ec31f9398cdd259
SHA256 936047761f0a84ecec1718c2b7cb2da035ccc9b44be2ce29d59993f1ebdf2a24
SHA512 5fcebd78ffd6ce4cb1d93bbb8acca46e6af7f3542959a44019ad9471529ac8e100f3b12714418d804e3e6ff9d69c71665679ebbc03300ee28119d5b52fbcf44b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1362bfbc70fe4f1581ccd10b872fd1c4
SHA1 eced7483c8cdf42cbc0877404129253c73154bba
SHA256 46134c5bfc7912361c491179d2f8562f29126b6b1ced3692fd3a7f2ac67a339c
SHA512 7a744e7a8310dcd18d6a52476d77e20e396e4297ab94d30e0957bbf34c634653b9e0d8c7be3740fb7ebb765ff6e60256ee5428f1b2d9c35c7a4fa5772b87f864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6dba6fd6288c5a0caa696c965ca5cfd3
SHA1 bb29204fda596d54ca629b739a8dab850e6308d0
SHA256 696134853fce5a1553d52fe1318b3a52fdc2433e291c205f648e539b7d76c198
SHA512 ca47fa00b00a3dd0b30f99df076982ba33f05fa326633298d518a4f792dc3ddccbdcd2c791d20b1f857b2b720a0c5e108d1a81107d86b071e13466c774772015

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 35a186990c8c8fb8d24a12c8dd7a8758
SHA1 5a220390863949cb41745bfd8435a802ae0e9446
SHA256 cdca0f3e5078677c67182e58ef49dd531c6c5679050239e2dfe2ae587d11adba
SHA512 df3fc95eac016a6a68f835cd7b00843899bdb9523fd5b89d734d36cbc28419fb0a69ccede5675560681136d05106af89b2c6b3853ee35078d5ebde5455cde386

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-18 23:58

Reported

2024-02-19 00:03

Platform

win10-20240214-en

Max time kernel

301s

Max time network

295s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527745162268769" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0c3da261c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 33373d62c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = f075f0c6f862da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e1c95f6fc662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 60468876c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 4728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2140 wrote to memory of 2664 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5044 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 5580 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 5580 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 5596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 5596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5580 wrote to memory of 5364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5580 wrote to memory of 5364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 5644 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5644 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5644 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5044 wrote to memory of 5692 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 5692 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5692 wrote to memory of 5684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 5728 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 5728 N/A C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5728 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5728 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5728 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5728 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5728 wrote to memory of 5736 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe

"C:\Users\Admin\AppData\Local\Temp\1c480ba56b10f0fb345d81fd755bdc287bae0f1609e63946507b845cf17feaf4.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffef4a89758,0x7ffef4a89768,0x7ffef4a89778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffef4a89758,0x7ffef4a89768,0x7ffef4a89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffef4a89758,0x7ffef4a89768,0x7ffef4a89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.0.157717965\1973881741" -parentBuildID 20221007134813 -prefsHandle 1608 -prefMapHandle 1600 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e970cbb-fd36-46a7-bd8d-5b4b8cbe38d9} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 1688 180672d8e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.1.1861552343\1031271423" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2128 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb9eb03-e9b2-46d6-b659-a185832ae218} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 2164 18066a3cb58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.2.490764495\988776495" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a7ecd63-08e3-4514-b370-fab52c97df97} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 2996 1806a9fd858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.3.470404471\334395713" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b047bea-5d57-4a32-a039-d36e3fc8675f} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 3532 1805cc5dc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1856,i,16915199285504922594,2319600291502210883,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3848 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3720 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1856,i,16915199285504922594,2319600291502210883,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1844,i,10779913418864637443,3474999064634655487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,10779913418864637443,3474999064634655487,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4684 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3984 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.6.1222439293\431931733" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {958a1452-68d9-4e81-b967-739a6fa378f8} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 4636 1806d8ccf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.5.2131348719\815335445" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b75a3ff3-d873-479d-bbb8-fcd1bf7d6271} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 4796 1806d8cc658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.4.139506214\1670624621" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4628 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2bcdc10-bb59-4097-bcb6-3c91f6c311ee} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 4668 1806d6fe858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3592 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.7.341373633\1989787507" -childID 6 -isForBrowser -prefsHandle 5312 -prefMapHandle 5300 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53020d8d-9c52-413d-9c3f-1602812e9b56} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5344 1806d2ae158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.8.665574826\526686964" -childID 7 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8daf9294-203c-4fc0-a52b-acdb22141d4a} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5460 1806d2b0258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.9.1286052629\370516129" -parentBuildID 20221007134813 -prefsHandle 5944 -prefMapHandle 5952 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15c4c1cd-9270-433f-931a-992e0273f3ac} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5908 1805cc61058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.10.1438831431\2074802164" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5968 -prefMapHandle 5980 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde17933-5da2-43cf-a503-7f0f86b40baf} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5988 1806a96a358 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3340 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.11.712103002\1287847887" -childID 8 -isForBrowser -prefsHandle 4004 -prefMapHandle 5824 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cee2c0a-84b6-4f49-9814-cbabb688e332} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 4356 1806d2ade58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1772,i,13294343145710442024,17581314675264019519,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 216.58.212.238:443 youtube-ui.l.google.com tcp
GB 216.58.212.238:443 youtube-ui.l.google.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 216.58.212.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6z.googlevideo.com udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6n6z.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4fl6n6z.googlevideo.com udp
US 8.8.8.8:53 200.24.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-q4fl6n6z.googlevideo.com udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 7.140.194.173.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:51030 tcp
N/A 127.0.0.1:51043 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
DE 142.251.36.195:443 beacons2.gvt2.com tcp
DE 142.251.36.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 195.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4292-0-0x000002AED6D00000-0x000002AED6D10000-memory.dmp

memory/4292-16-0x000002AED7400000-0x000002AED7410000-memory.dmp

memory/4292-35-0x000002AED72F0000-0x000002AED72F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 11e0c9eb7fbb6fc7bd847e65c727f18d
SHA1 1c2a927dc537372295ace3141734e5e7ce16c000
SHA256 15226e06a29d7daf4fb7d5178cb9272c9fd67491c676471f056672153c5436e5
SHA512 cff6d0896ca654eb960d4490d64e58ad9c4196d324b6cec7ac7087c916bb2327167da7e880507a02481fd76fcd3e092b7c6b8b1d2d437b9b7647256a41f74174

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fe072010f65b1f1b805bbfc6913987a6
SHA1 13ea6c950bcc10739492ffd87d3c195a986eaa0f
SHA256 2c90f7411b7a9bbd2ad426daaf07f8eeec34c0994130bb370cc934fc7cf57fd2
SHA512 ca21666efb1578dc04c5f99ef7ca15b8dc6b48a59f8bff2d6091bab2ae9458b89d4a9b91af70b18afccb6c3d532a840c58fa4af43b4c3119b2401d6fabcd355d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b41f4c416eacff0dff2aed7a59ba305b
SHA1 c772452cf36b45689418cda80db3a3b43ef63562
SHA256 91b943edbcd80ab4c87eddcf77db89d30b648f0aa3fd87c93d647efed53b168e
SHA512 8da165d15569099cbf388ac01cc58934d43948a59023d0a50e6e70b534cd0aec261b62cb0fc52263acd5c42ed43a85f011e056a23a254c0fdd8340cfbac05eb6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2f722f3a72a9fc238b944abe0ea3f61d
SHA1 d36d12f332b38a50a53fb9c8d731efedf173eeba
SHA256 9991b299ba9fec9e07758344a4cf16af2796b074d4fc845ea2c3f82495daccbf
SHA512 4d83831e0c4ac8de161f9349c583676534764c29bed1cbecf2b52830a2cfcb2afbc8c078b699ae85e954e27b0dd795560be46098c245695ca471133161db17c0

memory/2508-140-0x0000017DF87C0000-0x0000017DF87E0000-memory.dmp

memory/2508-158-0x0000017DF7E60000-0x0000017DF7E80000-memory.dmp

memory/2736-165-0x0000025F53F50000-0x0000025F53F70000-memory.dmp

memory/4728-206-0x0000018738AE0000-0x0000018738B00000-memory.dmp

memory/4728-205-0x0000018738C80000-0x0000018738C82000-memory.dmp

memory/4728-244-0x0000018738CC0000-0x0000018738CC2000-memory.dmp

memory/4728-252-0x0000018738CE0000-0x0000018738CE2000-memory.dmp

memory/2664-254-0x000001DFFCB00000-0x000001DFFCC00000-memory.dmp

memory/2736-265-0x00000260551D0000-0x00000260551D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

memory/2736-277-0x00000260551F0000-0x00000260551F2000-memory.dmp

memory/2664-281-0x000001DFECA00000-0x000001DFECB00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 d309969474da0b566bd05f9fe48faec6
SHA1 737e5341c361c00c6a1ec63aef7eaefb4a21756f
SHA256 ae1c5845e2a6ff39f0a004945e6007a25cba92bc801ca82fe3b79e3f47e83197
SHA512 45f1ddddf162baaf7fa10030dd586200841b8ba5df0c6ff76dcb9494720e94bf7a7f41092bd0f9dae2cfb4cf0e10b528d201baaa26a1f41ddc4dfe3dfc40df92

memory/2736-295-0x0000026055450000-0x0000026055452000-memory.dmp

memory/2736-298-0x0000026055460000-0x0000026055462000-memory.dmp

memory/2736-303-0x0000026055480000-0x0000026055482000-memory.dmp

memory/4292-304-0x000002AEDCAF0000-0x000002AEDCAF1000-memory.dmp

memory/4292-301-0x000002AEDCAE0000-0x000002AEDCAE1000-memory.dmp

memory/2736-309-0x0000026055490000-0x0000026055492000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 6b5b111a9adeec7f095ac9ae49f289a2
SHA1 4ae7a1ac043be8fcc86165eeba740aedf74e0847
SHA256 1084c70f665ed3b8c8d85ab170250a73698f2e062adb027f24931248db296685
SHA512 5a0e1b7ef5f7dfeed25b3b6eabe0ee378a5074388afee65944ca829ef7dee5bf0c5347723fd93ab593dea4524cf1ef7b44687ad6590ab47ea5e480fafe1d3bd7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\53SRI63D\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/2664-377-0x000001DFFDF20000-0x000001DFFDF40000-memory.dmp

memory/2664-386-0x000001DFFDF00000-0x000001DFFDF20000-memory.dmp

memory/4728-389-0x0000018739110000-0x0000018739112000-memory.dmp

memory/2664-398-0x000001DFFE200000-0x000001DFFE300000-memory.dmp

memory/4728-385-0x0000018739A00000-0x0000018739B00000-memory.dmp

memory/4728-408-0x000001873D3C0000-0x000001873D3E0000-memory.dmp

memory/4728-411-0x000001873D3F0000-0x000001873D3F2000-memory.dmp

memory/4728-412-0x000001873DC60000-0x000001873DC80000-memory.dmp

memory/4728-420-0x000001873DC60000-0x000001873DC80000-memory.dmp

memory/2736-384-0x0000026056300000-0x0000026056400000-memory.dmp

memory/4728-382-0x000001873AB00000-0x000001873AC00000-memory.dmp

memory/4728-426-0x0000018728030000-0x0000018728032000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2VNYBBHS\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 f47945677ad3465649e7ce311f15fd93
SHA1 ba8299e0ee6f6013eecf42044a02fc0303f256d6
SHA256 9ce39de5a8286ea8c83a5c1b2a1dc3b33387d8391aa476c7b64d9c121fd0c00a
SHA512 d9f97a46e7a122bed0a9197e463cd56cfa31d73952bc93b18a934a8a5dfb9c347d47c617a8df16712eacee2e2ca21d593aa4fb89d0778f8d0cc405145a796fca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2Z72VM38\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\7g6r8kq\imagestore.dat

MD5 eb224ca5178da0c166294e5d23a44450
SHA1 c37a80487751f3352efc44342c18be9094c2d11b
SHA256 98478d9aa81147e0806196bfebdaf8da20267153dc56eb2ebbecc08da8f5942b
SHA512 b6478d9cd9d60628738e3ab459605d3205a01e2fa74ed45ffe8ad4fbb13054f1c9ee04a97525f8f1368cd78b8545a587b6c8b12a2be5119d7f166f1f01020525

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TJRLQCK2\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BSKK2FJ9\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FTYT0N9R\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BSKK2FJ9\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VKRLQIF1\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FTYT0N9R\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Y5A3WZP\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Y5A3WZP\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BSKK2FJ9\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Y5A3WZP\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Y5A3WZP\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FTYT0N9R\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VKRLQIF1\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Y5A3WZP\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VKRLQIF1\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 344d29d77651a5e12b8a1d302f071afa
SHA1 ed66d41e9f76ee0946dbe2d2aa82fc51706d309d
SHA256 b6e7f761a9d4bac2debf9e09f7ab8cedbd003e8614886825b69636e69bd297e9
SHA512 5b11b8327727b52a9b6accda5ace1b60a519a78c7235997809f828a061cf1e4e5475a7a44dca7457c014271304781c7cddc3a9fbc24a06f77a491aa7b9bee2ac

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4b11f7dc446e3661eb9b58bba44ca5e6
SHA1 3d53554a3ca71b98e24591094c22bd85535d13a3
SHA256 5d0115a1d1b3f14794d198b2c6c4934c90720f98f8d73ac304aeffc347738441
SHA512 003ed225f6bc32859fa8babbdef39a8903b8e0692ebaf4db40cf60001d7ad4975cc07c90662a8923750d16ab5dc004a97d42f58982f9728dd46cc24e04e3e3a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d366a9c869a62cf945f178750238c542
SHA1 4fcf3fb181f4d884dd2e6d1852fd679312f85373
SHA256 7f721d1e85b28e8cbb545e21557e6d1148a341b609de681a77b467f07f6ad487
SHA512 dab82b117441d1efe8bd9323754878d14585dab5470162d5d4f79da9b676a5b79e1b1d1d91b686a61d8dc8d54a50d5296808baea7c647e65a69af3f8414d6d79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_776_HIUHOIUPAMZCRBFK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\datareporting\glean\db\data.safe.bin

MD5 a2fd8043f39cdcc57675d66e586e62ec
SHA1 7ae2e50a21cc30561b663005fa527a18fcb4bce4
SHA256 a85b7cbb9f9d9130e47d33bdbcdcd839bf4487763206136f07e22836c78ab427
SHA512 c2d387cf21dd9c9d630e86cf3cc6eb5267bbe1ca877af9a8913713c3627a2e40ab436c1216e22aba3cb01825c0eaaf4c1f6938f25c47ed2693eaad28cdce8eab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\datareporting\glean\db\data.safe.bin

MD5 2b4477c4ec95857910b8e9db8002a727
SHA1 bc03824b018cc3b2d6f57d8bb3e03c8011ef14ed
SHA256 b4e3f0c87aa30059d05f81bbe0b5e6c37d78617785d782922719be358416164b
SHA512 7f1cad75bf01f141b605d1440e5212ce312904cce2e828022b9970dd2e5d368c3a97417f76797a8a551a258a96b874b9a0d7a28e59cbc99fe1b1ead864fc2cbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\datareporting\glean\pending_pings\cb0d28b6-6977-4c8b-a86b-869db6181e0d

MD5 03f5f1779af08dc5b3f91a2479220221
SHA1 d0c5305bb2ac4a40ed42666137b22b8dd5c6c3dd
SHA256 5c325d453579709571e36fcd7b0cf3c21132fc06ea029f4d3a724d7f81359f35
SHA512 3c26917b88e8d964039dcce8b296a2bb303be57843644f16e881b30f8fbc6a04641dd5035abf484defd75e87b94367970093888783e5022d8cbb8bb1896e7a23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\datareporting\glean\pending_pings\6770a399-35cc-40d7-b40e-bb3ce13264e4

MD5 47a5c83b9cda75dbc3250e227606cadf
SHA1 5feef1bcee349fa537f7ac41770aeba19f0ae2b0
SHA256 7a077b73bd0a25c6a7d05d2472a7e2916476988d4406098d3f020b0da284c7c9
SHA512 836bde0129363f71650052707c98a45105bb0288a18271f4e1d48c00bf39761406aa9db714dd926c1df29ba45778d0a837c81c4efd6db19074cf9812f522f428

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\99f4ded3-2cde-4b55-9f79-6310d26f5ffe.tmp

MD5 1fccd0d57bc42f699d1468c40d4f9d75
SHA1 92a549ea125eecf1c985f5b920801b5d28548515
SHA256 71524520aabcb0906e181d14065983c6a4eca30c84505e111fcdcbc4ea743687
SHA512 b90fd5654c92db44e08ed94ff6ad1e153cb60de23929f91258456349bc0055c9565a0da19df547d5a7ce9d52234660c66a63b09f3e645227e7f354f2872d3f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f169117bcf95a2cfbebc327253df4f7
SHA1 2eef3b892d7271791cf85cfd44b49b0ea332acfe
SHA256 19dfe841b2455aa73d7db689a5d3acbc622cb2648b5f72b0b8d728172d8868bd
SHA512 151e3b1d347822f7f3a97e2de02dfd1c2666dfb39e7e5e2453069226f94d956b1da654691fcf59db3d505264d76184be0aaf9fa9632d2498f68527c18c8fe627

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 0509cea75c7b3ccd5d947539cbaf01f4
SHA1 1a85dca47df61794fff332cde8ad5ed514eb748d
SHA256 e8d267019919541f323c26a8fea09bc609886796a81c8a88a4075c25bd7f750a
SHA512 f35010cfd59071aa51ba779a3a8cc94b7bdcfcf8085921898e8995673fa0e4bfb6d2942045cbf4fef2ce0e6251434a33b0c412b1baaaea8752c2853b91953c94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 f8990c49490d2d95002a5b10476372cd
SHA1 32a3b882be5ac5ef94526ff5d3734c34a6b4d2d8
SHA256 54ecb401f59b9bd855b55837e24430ce52d4830ab7e7a2a6a77817eaa073bbdc
SHA512 1abd6d75b76fb8652f7d7c501c4e22141cf69b28ff42f40dc1d63cce55cb2484960db8218eb92d95462ff8159eb9a883ba8df2a94c03419e22f06b2d3b31b0ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 55dbc88a2b9f178c13f6958b9aabfd86
SHA1 cd9cf5ba2993cb44299a6e5631989bead88774e7
SHA256 b3d150f358fbc533491458ac2abd336beb614b4769d1ff416f70632106d723f0
SHA512 bb109cc36344b64ce52bda1a9920e01a2a15099701d044c781597318fb29666a6abad70eb65c8e2130f69a1ad69e0c477478cc49713340d8e2fb7d7606570a1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\prefs-1.js

MD5 daacbd09a0363ce02173a8e4b15e3f8f
SHA1 98c3fe756c35175ab1755a69de3db325d6e7d921
SHA256 2f1e0a848056cab68774853ec2b0985d1a52c6f8e4f325f1c03f08bb37f3de6a
SHA512 ceb5df2ca8d5de13aa67bf7bcaf09ac2ac3b7fba5f604096a3d7b950c35707b596841e2d6241afac4bc876e8d5ee336d53e5333b636c83ac73dd7978a91a6097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 200b2884648b87e515986d9c1a599bb6
SHA1 af2bb65f17166828d002b87420d3a39859c2d47a
SHA256 5b40a4ef0ef031db2b927eca3d8de0792cffcd5e43e29288cda977c2c94e6ee1
SHA512 28f99095c5d9cd46dfa253e0e19803d1de21df2a61202afe6aaeecd4b9d3da8f8cbcddba0c8b63d70835d554898155cfff31d2d547124bd24ceb4e16d6357841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e901f744e556ada65e6ab922c7c2ce9
SHA1 7383123c4c4a7286e9892e0bd3f74c6547c6c54d
SHA256 3e69ab86a14e1bb27c97a3499b549f7b717c6dce0b63303ccf18f2377c634fea
SHA512 6394b488c21ec1a70926ffc0f143ee5b62ef9be2b10f5a46c447551ab8bc8f6a7b25190f1191a47564b5c91e9a8b75ecfe2e2e24e679c3b6f70cde7e814b13f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9015c3a637d165ad49ed5321aab49e2d
SHA1 0a419d7a27574191282ea2610e80b454e791e9a0
SHA256 aa8748c20597ba36c9c6386516b676148310fedc9eb8917d2280a391e195ab35
SHA512 bf942faefea16b7c47e5cd5d68e8d15479e0d66e5e8cd4bc6cf8278928ba32cd94e0c6e4d347b4fce37dcf4aebd366e2eb4adeb8849f0974686e88c32ae3bea6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\storage\default\https+++www.youtube.com\cache\morgue\243\{75a66494-2900-46c4-828b-8c09aeb3fef3}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\storage\default\https+++www.youtube.com\idb\2117193561yCt7-%iCt7-%rbe3s9p0o.sqlite

MD5 84730636c3abee15e4ae480633df75b2
SHA1 a748e5cfabc09d8e29444b05b5ee1752578e6553
SHA256 de87f2a31464c07a752138427543bdfd703f22755c5382b99db1a065e48f6052
SHA512 bcf784199078c1c3407b8d70b28cdd967eaaba2b77d71b1b38886b0bf720bf2fb21ad44099600ab0f3ab79189868ac4f02675818383526c68176a7329a628b44

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7GOHCEZ2\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 13c12a784597bff01d43f07f1d6bf188
SHA1 7609d23cbafd1818c0655a20c801ef0a27275bcf
SHA256 71e9af7919224581cb928121e0051c2a81bb4d4b05e28731b3abc734603bc52d
SHA512 8a058d44e9457d7b089a59df348c716b01b7076f7d951f2ee1d4d0b7884e663230372e5ed06fb6a98946f32b5f4dd340a6a20e7e4fc7f3a3cefaf32b3601dd91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583dcf.TMP

MD5 eb172d0fc4647270bad0d55c14175bc6
SHA1 c84d22cf05a6a4f1bbd0c4a476138254a4af4223
SHA256 be95e0b496c2dcac979d0399372de20d7330cbf3b042955155cb07efca88621e
SHA512 0e13b26bb0e577a0b54e743af6e1c42780fc70cfb6e8d4802ff6082d2bbe7909be4f110687a54297e2cc668164c9d6b8a296c08b8368dfbe8b04323a1599b367

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4c856dafe3aec9f7315cdede6ffffb6c
SHA1 a7f9b380fa12114c24558bb6d7e9acd6a86d0a90
SHA256 332cd3793ad200f56a8a92a2aff359e8d63c2ba75554df7d30d394430c47c530
SHA512 ba2f5a942e3e6f452e9dabe4a90a54505818815161232c5ff71c05a7f3cc1d170fa1852f0d70cb55c66efc9aca4b488168ac1c07084ecd8dcefc7be169c748fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e1f196c19832c14bb6b89eb8c2b0598d
SHA1 c785ce6fa95889cb3edb37b649d789ede854c703
SHA256 e1fdb3fb946491efba00e8ccffb478346d435173f0329892fc2c02b46a77b921
SHA512 f5a88251ee2ef74f09e25dadf33792b0964f037a19cf7781f3ad93aea7d5d6c7c11ad3b243b4d5e5d03f80b81f3ff9e6e1ed805149affa0940a26417506978a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c1529754960099d9b0c85ae46381efa
SHA1 7e9517b6a11a4f05d36499217412081585f5af04
SHA256 7c6151cde0f6a2fd6b0dc89418c41ae9c410ea6d17c51e2b7f650f2713988773
SHA512 5f0d54d99f4cea3a15ee28fca6c5f534de246e3010fc529dfbe28ec17c3dcb8d1aab19f97baac14401fc2cca774f328eac69c364aaf77e7fdd00afce62884088

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\storage\default\https+++www.youtube.com\cache\morgue\106\{9987f746-8692-4f9a-af43-24a13cadf26a}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\storage\default\https+++www.youtube.com\cache\morgue\77\{9d103e82-b32f-487c-81bf-7e4bf3bc204d}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\prefs-1.js

MD5 49464302b1c97e3837dedb4e431b2bff
SHA1 9e383c4597060978346872fa49e8f4fca2b28a15
SHA256 83006953fd54a4aa80a8a23cb44e3ff668f89ff37d3e1969b9c8280cda1cb2e1
SHA512 789794bad08a2b6e80aabf46a4df523570b8cb62f083e320bc8f52e8210c63e96e29fb96f0757442a32bef00b53f4c69903f310f79e7e2c49517c3bbcb1b2d91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 badba9391b2d327744f3286821017322
SHA1 ad855cbd175f6a2c83a296f178606638f75018e3
SHA256 9dde821baa450ac31b16a57b1fc7c1ec6b9ab50fbe2264c08a26832d7529e5be
SHA512 524319aae287320f917980c6d32c2629c44cd49ed6cd78cc5735c2a4fc321b79c24af5fcce23c8e0294e0336b374df25eba3efde3cd0df2af17e8bf75358c00b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588c5d.TMP

MD5 3302e83bc1d8cdf0c1e9e109525d97b7
SHA1 32c202e7548df69a1ca639cec9f7cd082418ca08
SHA256 e73e658f5521f59b1e1df3de37d239312f0ab07cfae645936cffcf6d2ceb6f6b
SHA512 2d3dfd38b7026dca25cb35e2360970f1890db18d82b9d2b807e3dd2636b6cb35841ae2bf359eae3cc6d0ec8aa55c05dfa0b70580f8a72c91278724ea23ba10d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae891c2924bb5debec2678fa4890e941
SHA1 1ec59ab315299ed26d46280c2efeaadcfd6d0966
SHA256 5554033a4496179f656c0570d70f7c2c245378b35fda1d225ff48b5ff62c5d02
SHA512 34f6ae8786cce5469060a251de2b870d0c0489b07510ddf4d502060bd3093391893981e61a40c3174d3665735e87c12a487f07a9a8a19a8ada181fb2a1feb078

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f5497e96345d3d4bea961b515472364f
SHA1 6c5f578a2ed137e4978121ccefb4fe5e1962520c
SHA256 5c534080b21f7791bfaf639dddc5cb37da573a635f2479ba9088d72be06d7f63
SHA512 61e369249b38c1992419379147533ed9bae7be7d382702e329a6f167311043c170fdc13064caf771d3922e0c9a56ca65d3a5259bdcbd7802b4fe9c7326fecfce

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\prefs-1.js

MD5 498809f3fdfe0d3e9ad32fc632862826
SHA1 bcd09522f8743183f7de8c8e8c875fdeeedfd213
SHA256 731d41b098c38deb29119bd5c03de9aa12c50b04768f529a7456daeaca6e7655
SHA512 914395d42ad8df45140c4980e267b6c380caad6c93ec3fdaaa47039f380a86cdd239e6f39072286c67caa9154bd8214e5e3e0d3434b7c338a5ba2543160086bb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TY1PTP3U\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4176f4b85069c3444c854dd3c064040
SHA1 21538f50635468a8a8ae8c33ab89247bc3bb0fb0
SHA256 8edab5f0537aee334deb8112a27d13718840e474665483dc82afd0d7d36f763c
SHA512 221b36cf2796dd937cfedadb9f4162b194f1bbfd662f7507655167e083535750ca71f83eebc27cfb5727a7172d73299e202f408b12c24a8a6231f2ceb261e221

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 861c8c571984fa7ce448a6615684d8cf
SHA1 0b7687ff87c80aad7012d6a7c0cb2eae911dd517
SHA256 a5d0b2256409601e39e4ab6e27afde4eac75f45ff655fec2c45e34a7ab325cf5
SHA512 e5c19124654fa21ddc9d64af0730e88d7729c1cec2dcb99f403c1dda77fcae16289afc1dae5e3b1a0ce6654e10eecc052dec02e8a90a25215da5e60415a003c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b6b7wqyr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c96462a9df2c0a51398508d01743820
SHA1 d4f3d9041714676427dab5d5aba930ce7a6d671c
SHA256 f42dc849c7d8598a90372f52dbada377b673cefbb834450db46e4e496889c203
SHA512 296b36f8471dbd2ca47e632ce3d78393f6f7ed5a9aad56f46f067bfe7bdccbcd7b4bce9e449984621091785c73e2a0ee77c6b5b4006978ece62fc4b0863e646d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 276465d309ee3ea4b94c077b3cd0ef72
SHA1 d7521ebbf3784f53695ac68f56874169fae7c3a4
SHA256 6416d1ec54b585c9743a052fc55284e97e840c067c34ffadfe8521424222ce97
SHA512 d0964347982c7588f9b562f057b78d95dac0d4ba38751c9464f51ba864e0cdd4cdb8c825badab449ea63f70fb060d3f16061dd32b866cce8f5ae1e5ed8c577a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df12582af713b786a6f4b99b6612a565
SHA1 b2200163678c2f327bf1ad3532df2fa183be5098
SHA256 727aebfc5dcbd8b47d126ccf8ca8a53ed5d7410e68bf68837620a19575021320
SHA512 7ff612767599cc535073bde170de746e90a5eaba4657a0cce9d0458b188ef8312dfcf36cccbd423a4a27b37286d75c09ee0190f1558b5a1fa403d8d2aef63b78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3372606ee95339294e9306afdc8271f
SHA1 a552905f4b56829709a7f1f165f328d2c7131d67
SHA256 101f8c7298fcea9a8e7b75597ee6429c7a4525659db53b5f8e504cb904955d95
SHA512 d18b496b5068821c63847687d226d29a32319716505d267dafe5a98d0c5fa16dcc7e207abfa30ee7c7670c8fd0e70234a04873f73f6692869aec246667c2c54b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f2a5db4ad6371f1986a1d0bc4f88e827
SHA1 686561caba077f78ca5e0c31e01fe6beca0f69f7
SHA256 eda495c68ce8a9d07089a1e806bd66cd2bacf56115158a1e13f8205e30f41bbc
SHA512 4553e31505773d343f3ffd62707f2b3db6b44220744f4e2957b5faa24569f3eba985f4a2aa9fe14b1e728bfb056700bba83d6242deecaa137350dda89614a9d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35035ef2f350b7e968c3e22999a315a5
SHA1 bcb11dae51cea644a646653a0a8fc200d7425b0c
SHA256 41909ff1f809e65d4a0ca4c5a4d69f9dffd989459eefb53c12a68cc134945871
SHA512 7451d2615398dd16ddfa3ebf00d4cb5a3bacad08051ac0c8881bc55ef9607a8ab3b8c7cc968da0f2256c3ede509a574435531b03b9ef347b9d4dcc5fa1870120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a3936fe8dc89fb404126c7fac8e6480f
SHA1 2ea553a4cac8acec35fd6f58c9e59bbe5adeeab8
SHA256 9d14aa20fde56d8483cc61fe4b1e7e18269c9f8efc4552bc0c98f07e440b1506
SHA512 5d9bdbf4b6e286c64e9aa4ac361b2af4c0f9bd0ead1fe33ed20fd7efc777698877a0989174bc298e1357a5b7d7f5701f3e3318f6a60ed5610ff5350f22c652da

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0e52527c45ca9bdd451fd432e99c0cc7
SHA1 83452a3a97cfbd19160bb34200a64463fe0b64a6
SHA256 84a21bd6a09d726c417e63b0fdcd243c5504397f784dfdc9b8d0ef493e422ec6
SHA512 2b72f3e339b80cfaa0346b307074afecf4ebd0c19d6c55e3b4439669da75ce8d1515a77414dc76244d9e4d297424bfffc081742d01da476c4bca1fd9a3378de4