Malware Analysis Report

2024-11-16 15:45

Sample ID 240218-31hcssfg5t
Target 2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89
SHA256 2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89

Threat Level: Known bad

The file 2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-18 23:58

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-18 23:58

Reported

2024-02-19 00:03

Platform

win10-20240214-en

Max time kernel

299s

Max time network

285s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527743544307768" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{CE0C36A8-CDBF-448D-B498-DA960DF94F56} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e513d368c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = b02c1c42336ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 24ba7373c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a201c068c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubdo = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1380226425-3283293370-545244236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2980 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 4260 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 5832 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4800 wrote to memory of 5832 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 212 wrote to memory of 6004 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6004 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6084 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6084 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6096 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6096 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6004 wrote to memory of 6112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6004 wrote to memory of 6112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6084 wrote to memory of 6128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6084 wrote to memory of 6128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6096 wrote to memory of 6132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6096 wrote to memory of 6132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 212 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 212 wrote to memory of 6124 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6124 wrote to memory of 5172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 212 wrote to memory of 5188 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 212 wrote to memory of 5188 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 212 wrote to memory of 5176 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 212 wrote to memory of 5176 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5176 wrote to memory of 5228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5176 wrote to memory of 5228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5176 wrote to memory of 5228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe

"C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb35a09758,0x7ffb35a09768,0x7ffb35a09778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffb35a09758,0x7ffb35a09768,0x7ffb35a09778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb35a09758,0x7ffb35a09768,0x7ffb35a09778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.0.1513977919\348596375" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3c441e4-a84f-462c-98eb-4d76d94d0a39} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 1816 1f4569d4858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.1.601854311\1646888965" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b11dbc5c-498e-436b-a69c-c60964e404f2} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 2220 1f4441e5458 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,3892235195061975206,11998585888830429983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1828,i,3892235195061975206,11998585888830429983,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1836,i,12393446959906212173,17438427607952280276,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1836,i,12393446959906212173,17438427607952280276,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3956 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3716 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.2.327919486\1247832806" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2888 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95ad1bec-ed82-4c67-a060-e5cb575cc304} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 2924 1f45a4d3858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.3.970803287\856471528" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91959dad-e781-4fb0-a4f2-cada2e573c47} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 3708 1f444160a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4792 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.4.893341439\229559680" -childID 3 -isForBrowser -prefsHandle 4788 -prefMapHandle 4780 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f9e287-ad2b-4dd8-bd3c-deae8570dd56} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 4704 1f45ce35f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.6.1050837464\575954914" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6e7929a-3a1e-471d-9043-cb115199e7a3} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 5092 1f45cedad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.5.402041016\113741678" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42fc6f10-5212-4894-948b-c2404d1d0cb5} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 4916 1f45ce84e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5624 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.7.262519137\1118192189" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5284 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f0c80e-7f93-405d-aacb-e733ed4d82d1} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 5156 1f45d476658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.8.1105401553\388749963" -childID 7 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb8fb7a-7af5-46d1-9881-ae5f88a6625e} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 5488 1f45d475458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.9.23042683\1827147497" -parentBuildID 20221007134813 -prefsHandle 5508 -prefMapHandle 5564 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a2f7468-ab48-4fa4-a73f-e24b7620ace3} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 5720 1f45aaa7758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.10.1596013305\1022014677" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5724 -prefMapHandle 5948 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {512e4971-9862-475c-9db6-5025941fe065} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 6040 1f45db6da58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5188.11.1234182776\260897910" -childID 8 -isForBrowser -prefsHandle 6320 -prefMapHandle 6256 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ccf31be-e35f-49b3-aa5a-5d316665f0f4} 5188 "\\.\pipe\gecko-crash-server-pipe.5188" 6328 1f45d4d4658 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 --field-trial-handle=1856,i,15491746337400375119,13746008253519205162,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 m.facebook.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 216.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.239.198.133:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 133.198.239.44.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
N/A 127.0.0.1:51061 tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 rr5---sn-q4flrnlz.googlevideo.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 138.3.125.74.in-addr.arpa udp
N/A 127.0.0.1:51071 tcp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.138:443 rr5---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 201.135.221.88.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.146:443 www.bing.com tcp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.204.78:443 google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c41.gcp.gvt2.com udp
GB 35.214.42.68:443 e2c41.gcp.gvt2.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 68.42.214.35.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 56.134.221.88.in-addr.arpa udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp

Files

memory/4840-0-0x0000022652520000-0x0000022652530000-memory.dmp

memory/4840-16-0x0000022652D00000-0x0000022652D10000-memory.dmp

memory/4840-35-0x00000226517E0000-0x00000226517E2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ab792caa051f8e9380d291508584430e
SHA1 1f2f01c78a5a441a3aa86e1b00dd2078bf9332a4
SHA256 05b1206d935d65a523e247564ddc874b0a9e51a8c2b3e670ec604de5010c4c6c
SHA512 ada4b61dad3071fe39c1c8b1065306092fbe9d90ea3ef3a571ad9b27bee3162c62cb176ce04c2f7554606a6f695cbca72e298bf8f9686446994c6e734eaf3492

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 38214bd8ab8dff038f0d9aaf9d62593b
SHA1 61f4dae3ab96930be4293a54ce54fa455226e267
SHA256 7549d68f8e6c11500a8754ab35bee32ca45cb91e136ccc86508608711af6d576
SHA512 0db6a0a3cc694bf0bc3473f678c7320885c78c0da018ec0510adfe5ada9001bf0b261b97bb95369a73812e927a462c2eb1fd2f4f2c2aea8e2904b4a48c6d873f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f16d48057d5e88870db708dc5dc806d5
SHA1 223cd0a7a25fb071ca181e28a2a893140b3b9a23
SHA256 269909db7305f1c16fd4492294c3461db817d5d2a19c890f4e143378790d9e42
SHA512 cd76897a12f4f63e51f9be2fbcd0e2bfb7d6632358efe4077e3c859d82e23e59a98df21ea323adc1d00d6cfff274216c1655da480a33ee178cf3f58de4901807

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a6fff7b27ecf5d3de7bdd2797288f0b5
SHA1 29817824dc937c8edaaeba754cef6a8ab821601d
SHA256 43d53012e1652757690b78ef31566d92bc68f58b00a6275a36017a45ecdc4ce7
SHA512 5dcd019fbd594abb2b7457541c8171202e4405e50d5e580b9cdf39dd117d5ad59205eb264d45f16e485c7537cfa713ef22f03a4ba27b1fe2d16d44805eafc943

memory/4852-133-0x0000022EF6020000-0x0000022EF6040000-memory.dmp

memory/4852-178-0x0000022EF58B0000-0x0000022EF58D0000-memory.dmp

memory/2980-214-0x000001CDD9D10000-0x000001CDD9D30000-memory.dmp

memory/2736-217-0x000001539CB40000-0x000001539CB60000-memory.dmp

memory/2736-222-0x000001549D200000-0x000001549D300000-memory.dmp

memory/2980-266-0x000001CDDA630000-0x000001CDDA632000-memory.dmp

memory/2980-279-0x000001CDDA650000-0x000001CDDA652000-memory.dmp

memory/4260-276-0x000001A9FC100000-0x000001A9FC200000-memory.dmp

memory/4260-295-0x000001A9FC2E0000-0x000001A9FC3E0000-memory.dmp

memory/2980-299-0x000001CDD9BA0000-0x000001CDD9BA2000-memory.dmp

memory/2736-320-0x000001549DC90000-0x000001549DC92000-memory.dmp

memory/4260-323-0x000001A9FC2E0000-0x000001A9FC3E0000-memory.dmp

memory/2980-315-0x000001CDD9B90000-0x000001CDD9B92000-memory.dmp

memory/2980-334-0x000001CDD9BC0000-0x000001CDD9BC2000-memory.dmp

memory/2980-347-0x000001CDDA6E0000-0x000001CDDA6E2000-memory.dmp

memory/2980-355-0x000001CDDE4C0000-0x000001CDDE4E0000-memory.dmp

memory/2736-374-0x000001549DF00000-0x000001549DF02000-memory.dmp

memory/2980-373-0x000001CDDED00000-0x000001CDDED20000-memory.dmp

memory/2980-371-0x000001CDDED30000-0x000001CDDED32000-memory.dmp

memory/2980-379-0x000001CDD9570000-0x000001CDD9572000-memory.dmp

memory/2736-383-0x000001549DF20000-0x000001549DF22000-memory.dmp

memory/2980-388-0x000001CDD9590000-0x000001CDD9592000-memory.dmp

memory/2736-390-0x000001539CD30000-0x000001539CD32000-memory.dmp

memory/2980-368-0x000001CDDED00000-0x000001CDDED20000-memory.dmp

memory/4840-434-0x0000022658D00000-0x0000022658D01000-memory.dmp

memory/4840-437-0x0000022658D10000-0x0000022658D11000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YGW1X44U\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FL3TPHEW\accounts.google[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

memory/2980-574-0x000001CDDCD00000-0x000001CDDCE00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 fba0e15164ac2ab3ccce34e6f7c648c0
SHA1 c16f74550dc0c9c22e02d2652de32a9bc1ad78f1
SHA256 3f88819bf4cfba2f257c24bc259f55a3f08073c62f6568e80ac175970d13d18d
SHA512 0fa22539e11e64e2572c0156f6b9f4c91e4d727a40ea11a70587de05c3ab840f0a2fa0b63e53d0cd7d6b8704ab5e3f4ae4206efb74b2c830d3ca3115a754e16d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O6O4Y4DM\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\zuex3k9\imagestore.dat

MD5 5dd9f5cb0eea195b0d39f94e8dafb118
SHA1 f11f1810bee57b44c47614127f7beff63798ff35
SHA256 6578dab3986e0b5ec67a7e75bf77441403e4bb2c374088148f33d1f1fc455c9e
SHA512 40d86eb02f3e63ee9c58679e8e1cbbe800904ebaf59487d06d5c6f5ea8180c1deb005c52f158d248896f2731de3f1c673ccccbbcb3a5f7e681ea63b47957ae17

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 63a6a6a80c7f74463ee22e1742dfecb3
SHA1 8cabe8d19b3f1dd0b1a5405abfe1cd9400ba3dbc
SHA256 dd4722251c918eb4c5991a997de7e481652e3d469b3dbdc586c7bddbdad35692
SHA512 862b31c27a2f18cb0879c0686570676d836eb83d98164aa1005f96f2e9d2ce95f164b3ab1b7721f1a4028f9d4104cbaa2a4bab8a4f5cfbe1a8565139235eea88

memory/2980-700-0x000001CDC8CF0000-0x000001CDC8D00000-memory.dmp

memory/2980-701-0x000001CDC8CF0000-0x000001CDC8D00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 18dfe76c7ec186b321a47b435675ef86
SHA1 c9d19b44e28e882a95cb2ff8895892e52aafc316
SHA256 e6f7e7953e566e53a5a4d1fbe995a2794ae878ac404b42baa10c154270147e14
SHA512 5964e01ddc7fdba3d57ea1af85063229d1a219ad3c5a80ec8f96d1cddf75c3d75b24761eaabd558d3b49b31e6464fa1409fa6fa0c5278d934adb5d71dcce3a14

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KTLYRBGG\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UYCEK1LL\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BFYYPKFS\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UYCEK1LL\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BFYYPKFS\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JW7262ID\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BFYYPKFS\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UYCEK1LL\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UYCEK1LL\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 56a3605b84c1b5d7b2b2cc57c18f7c94
SHA1 b8e2ee057aaab5d5f51977967367065a9f285cfa
SHA256 08351ef7e3f449d092a80c0b75674248c1dda2fff9ab770c3c836d51ada5efdf
SHA512 334fd7ed973be08d2c98ee980c582e44a8bb76b65b2d12d8d2d7272bf813425b7b440cdd0d817f580fe356ab00557c1651cd8c58f5d28c5fb4fdf2407845f7ed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4b11f7dc446e3661eb9b58bba44ca5e6
SHA1 3d53554a3ca71b98e24591094c22bd85535d13a3
SHA256 5d0115a1d1b3f14794d198b2c6c4934c90720f98f8d73ac304aeffc347738441
SHA512 003ed225f6bc32859fa8babbdef39a8903b8e0692ebaf4db40cf60001d7ad4975cc07c90662a8923750d16ab5dc004a97d42f58982f9728dd46cc24e04e3e3a5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 3fb5a3a7dd5ad073bac16311d267246c
SHA1 b1354728afc36c4c84404544f4406790574dbcdd
SHA256 f3eaa19f39ab18741b73c46da34cbd2975358af71c1fab51f8f09e4ed87394ee
SHA512 bab61707823f8a5a4b011a20a232db340087eae0a49c6ca2206ea2fd141c5016d0cc14b69cfc2be60a77f8f6b88e2e4a9fa5baadff67f6c6696a1618e27820d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A8PY1EDG\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 54235279447d7181e3acba0161a78dfc
SHA1 ef99dc31acbbb31719b7a1a477ba07c7c64c2789
SHA256 f2a290b53fd46249bc2fff927444f42298f5fe3969d8734871abba8c6bc2015f
SHA512 b21a5d6be7eee58d9b1a1b82ed24109a3ffc2df7b0683e8fdcafa472d6c4c5d7f752c73c7a680aef78ec86d983dc8be42794e09df345f6896b57b088098ba784

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_6084_IDQUEZYFGZBSMQSI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6698d4a8413f6bd114674230565a5135
SHA1 dd9146674b6c79dc297d81c60918e6acda10022b
SHA256 74cdd3bf837e16d42cdc52cbeec129ec60cdddcb6b8cd62f0bfdcd6c2e0d6d79
SHA512 22e21adbd7a43de8321321114fdfcf3dd163af2f73d45ce69e2f3a9a9149a6737aec82973c75b933e133a9590f5e4ba3155c13a702f98af64f644f8410058371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d0beb2cbe4ced73b2b277356b108e9d8
SHA1 9805e01fcf15678972d23f9ae4940b187681434a
SHA256 f23cf3454452e4b87881229a640601ae7a26eb38edf6e0f6dea994fee8161775
SHA512 daa2bf04e7527ea45a55161b2ef31760dd04d4191899705ff47fd3089a03c25e53c302b0371d7df3825dc056ccf7ebad307f6690d92dd6015dcf82f37defcdf3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\db\data.safe.bin

MD5 3a3890da33f7fa4a1152caa15c6948b8
SHA1 85d24c448e0ac3bb0e88d916a97e01621f9d02c6
SHA256 2503a009d4aadd31fad09d9a4130134f92b9dbdb1f6eee270e2b4f0c8ad594da
SHA512 c594cf1ac37d70feda59f188373dd636cb49eae27b1841f7f2a965b2683b402bdc8b80f6d35e110412be71da9cc71951612eaec81eda17243bae7be1c2b2fc50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\db\data.safe.bin

MD5 cb13668bc52f3380fe4ca6a4917ae3cb
SHA1 46a744550948f2c658afb3806a3aa18a5065d35e
SHA256 eca56250008f7539718aa66044297270d511dd93f19cc5c2581b3b4ed472744d
SHA512 909736477e5970d8ff83f68bdba129247c6bcc5fdd121142b5512b156739bbfbad4be4e812fb18fcf170711645a5477cab8461be377a76a21995c431424737ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\pending_pings\4be41026-4779-4dbe-ac42-e74ac79b15e8

MD5 504bddfefbf422235d77f189afd16ce5
SHA1 6a2987d27826a2e0e43ee8951434f3cc5933f6f2
SHA256 45b48efcf94543179171d2860be800000897388d71d5de74a1f091a038ef614f
SHA512 035fa192700aeee8d8acc13ef1dfc2dabb27c322ca33fa37270ba5c552e17d25e78b0862b0f014976e9be8b93d88a882ced40221e6b8d2f60f21845484247ced

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\pending_pings\ef11c2b3-b7b3-4fd6-8415-702169c3c663

MD5 85dec3d800bcc1e82e59126a14206349
SHA1 248c295f3cc10fbec8dfeb9b29741bb898047729
SHA256 c751325064661514f8638aefaccb8ad29e70060a0d230b664531474b1c67063c
SHA512 7046b5b3b8e08eea2b7b83eaf3495b11e05675b5decf9223964928ac92799af76bceca1c0092e83c9d918881b426fe1594ca9072c4670b7dbf5f4cbe988f0470

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs.js

MD5 3fd2dc4e673323600df7eaa7eb729d34
SHA1 5908279001280a1f39d1913d5efac3ba0c64ad0b
SHA256 bf6a3943769ae9da485745023f171506648f824ff25e92c1be54ff86f5239fa6
SHA512 bc49e072feab7a5418d3c9ef6a6765a9b76c075f05344f271b52997de9a36c88d87bcd7baf2144a6cf355adf148b6488c8de6fd38ae542f9e84559ec9efe3b6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\171b3484-f324-4faa-89cb-1a5c632357c5.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f30e71c0a800c0057f8bdcc749d4ebb
SHA1 341d92906bfbd2c4643ae00a68b79078ee9863f1
SHA256 ba81a9feaec8d496c9245200fc3b7b2b82ac64e44b8ac2d00fb90311fd6a4087
SHA512 1549c65d4a1f64ffcb7aa04c5a515579cca47b3b6330b58c3b9f01b16f0a624a390d056345325f43ec46f6d9952792338969f2d26d6092ea465ac3d82d76483e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 61752a9e81f74f1ce1167c481cd33396
SHA1 9695435d0aaf401433a53ce599762efbb6f7879b
SHA256 932803303c59773a3cb937faef102bb534437f1f1e3420006a741dcb462af065
SHA512 07d99316e6c77121d2f6515fb0d04eb8abec1f1ea6c903b37e68a4bf1d85da4bee18e800e4c5802ad891603007b18487736bd77d8d228140d0a40d6992f5cf57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 92abe6d4608cd5b7bd45f44d1e08979f
SHA1 4784448d6858cd09207ed336f0e0c838cfce5dfc
SHA256 3b33923d5f49b663a4da11d4c065884fcb5d71f5c2ed16e7ed848fca9dc20ac3
SHA512 39d6cfce6c23990586e7b84d41421d1e72e11c495650b4ef6e0675942e848206a54341ab839438cfd3c64445ef49f9b6336b422e6ed07f5f7dd05fcbd8bc409b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\cache\morgue\246\{827a035b-9481-4fcc-8245-6100c6c54ef6}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\idb\382115963yCt7-%iCt7-%r5e8sdpbo.sqlite

MD5 c21434258cfa9be1bbd88aa85724e121
SHA1 739357f4cdf828684feb5b966176e4b50bbfe9bd
SHA256 81b6f5455eea7e445f585f98ab7180a869b068e2debbe7e0e33e45e10c291e4e
SHA512 bfbbeae8da5d53e568b13d29149779dd33ec9da75d03f4f6fba043fee9191c0e1c7bc4d73009cfb676740a383f554046489c8423895dcafee88376e8fe92b1d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 3db8d9bd5ad85f66e0c64eae41c7efdf
SHA1 77ace364d7e9cbb7f692dd6e7f574848f4afe57a
SHA256 2c1e3878ff8b79d1f6b4fb6633b6a8d25e0d2852c59df6978a66b3d788907476
SHA512 84df0206676d86a98d9458a4894eaa21eddbbd6d5270c42d652a70eb9b5f64dd6ff49822e2ce502111ace16837bcbbaafab8faa812efdf3c9890f5c802d7ac8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f1bda3faba570de593c8911b689d88aa
SHA1 882dce61e1b4b3716bcde9d865acee9c1fa0b26a
SHA256 5da319975d66d519cf09de6a4ed700832cdf34fea4e4c39486d89c7296a61f94
SHA512 dc9c56e34de6e9293b73b52f97c6d13f9f6c4bd2ede1cb034d4e5a57c20e28204dac1a00d565bb30c6583e6c74733af3ec181be114814495cccfefa7f4ddb3da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2aab12f26de2f0d75c7dedb71fb22c81
SHA1 058cb2a96b4f8978e6fddb92b591d7a50e17edc8
SHA256 a3aab5accb01c4653be375d3377c148c7362e21bb590e53252d87cf62d304d01
SHA512 3637d95701b4d56de0e98d4b25cacc5c3e15822d99c8ffee672213e129d9776c4249c6cccc4835f2ed2aad34fecc44bc9b0d39203f83ea19ca6a59572e7df38f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57fadb.TMP

MD5 b2fdf9df2a2adb28266e6d39890a8f1a
SHA1 eb070bd0af526b43f4f97938bc1a36ac559ab066
SHA256 8427042a72c462c6ea9ffc9d471407f81c213c991175fa87e819a37c01a85d40
SHA512 ce6dd487a36d10507a6102c3cd64fd8d7d354a34856ba0d9b7c04fd6199bf9864fa2e6a26a5e9023f69345824717fb178ed9d7f3207a674bc55c5dcd0394e202

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cf41fbcc8fbcd5f376244289992cb1d
SHA1 abbec435c841889caec579b7e37a12cd9241ad96
SHA256 2e89e313245e4d26509a42e4d84647b49f83bbce56fe339128c1441a16463d80
SHA512 3f6de42f091aa7944b521566b5ed8d2b299d33a33a6f3915af7bac9b50075d2414f6016ab6618b06a053732318a568f9dc81b04a70a095b1548f3d23104534eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir6004_1301053045\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dfd95fbf39cd82b9b4bd0db4807bea77
SHA1 33a5e3daa87bdda98f57f32a7c9a1008fda98626
SHA256 4bd8498a1000ba014f72490ea9ef2f19d3e530c506614b3becfb71d584a30e2d
SHA512 2ca47be19d4817bfe130e80caf007f0ad30cc9e3ded89a4808a3738970e47be481bedd7bc63c0af201725917d42041f8475d8583c909b7ccef3867cbddeddf6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc72a881688c49f262e5e42db1ac60d6
SHA1 c3b35b050ba8769a372c5450f9c10ebbeab29d65
SHA256 d1ad26076d303682b9f53205a8cf380c1256f7f031fcdfa682177deaf906b616
SHA512 dbe5a461d27f5449d5a8282d713969f09f410e573799aca2ac61fe3308abdfc79f9e4f37d04c96b0645821725a630aeb236afa9432229297a88859da774771d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JVDIEK69\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 367fd8035fc810610be74cb36fd987fb
SHA1 da1f6b156571db583804de89386065a77a7dc2ae
SHA256 afb12cb3da167c605d3a98143b9508c201a11c72a7133bd2b7e0d8e6ae9b74f7
SHA512 6a972743b5eefa7ae9ba63ee47b332091626b17503792ac061efec5a93bfc7dd8a5f8b5e0d94b257d8707baae811020b01553b347d6ba7c329aa6ce2650233f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 2892db5d246e35f1b65862a3525833f6
SHA1 47939fe073b0dba88010a6356c58459d7e036a82
SHA256 75cbd5975625a0ac3256c7fdd79cad73569e88d18bfa92e30e97bcc46e160023
SHA512 6ea4176dd3f09900b58dd131f2d0d942e9687a5cb1321cb57dcaa168b1cf81be8b6e5bee985a27a18325f41576a223c0d3e7c2e95b552fcd72e8c50d5b0a674f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 e851350bdc55ce4792355a38db94c4c7
SHA1 788d2541663dbc63bff0410a400f867a0adb1944
SHA256 82f5ae76d6e263e8ebb32bf6c7e87d071292d256f89233caa2dd54afdfbc4a1f
SHA512 df6adf63183db024b5ac05f80bf9afe43d515526d532e9489a0888fc33bbb5a58bcfca9e7da84ef1bca507912472ba8198fdb7c4c15542706fcce8e0763aeb42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 650ad200fe0be2e0ad7f145aaee7178c
SHA1 39c212fd354f3c17872062b85d43af2f14439fa1
SHA256 106c138e423b0c8d415485336f28a7312cd737226a27704887228100a249bee0
SHA512 4ce18fc797e4a1daaa5ec80bb42a8ec1bd69c70396c39a94ab9e4f889c2709982a4410898136c323507fd5d7d967a546f7dea689765602434be265d49582b106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ac4aabc0a7f16898ad85743f1029cd98
SHA1 c116f3524c90af40517f7d0edea13082bb4b12ad
SHA256 5b1baf8c20ffb09bbc2cc6db1c7a00f709cd9d2b299cfa4e1ff86d05f1ec3032
SHA512 5ce91c080156f97d7a98ce59a7423e626b39a36eccbf73a6f14e0857286f1da97ba69818e8e530136ea9cad789d29afc3181438f2e889c28590537e705266d73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69a582b2e86479d110cddf9f44b0e6de
SHA1 8e4820f3ddc4a075c1e48c51d4114e8d7fbd004f
SHA256 c9a3b449d253d8f2825ab521e1c1c1074b7470149eb302eaef5e14fa28e0a0db
SHA512 77cc16f7dda7ad2fefa728aaf951de5388dfc2214656c2a949db9d318fa7d03132378e593e40027ac5550b9511519f57b9bfe45e47e37ef748326f6b0c9b702e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0e0a6a4f2a063cc07ddfe5da85fff4a5
SHA1 4930f657d3abfb65657826630b9ae8004ca18007
SHA256 6412cf2851ccc7d34555505a94230a563f11a498b87107854b973eee6545fb1b
SHA512 8648b4084560918b217469d0b44aa101566e3c9109e9d85e53a0415b8750aa028ae12a55e54f31b706028169eedc98b6cd9ee96a11573ae0167093d94642c2c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 7e5ba6b0c57874f5ff59552570f36e0b
SHA1 f455384d1dad50691bc085516bad06c5124a0683
SHA256 bd41c8e508c0810767849c14b034c0d21365fddb6ccf4dcac4f9dcee81a57b5b
SHA512 05be8ac323b3b27363d43bdbcfac87b025830ba1296034bf8fd02cebf5303a97849469a2536fa466a4eedc503c8f6c0302b9317707f4ea095f422b0e124435eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 269cc12b5f572fb54ac7041d43c738c0
SHA1 f098d61ac08f312870bc3d5679d1f3326990fad3
SHA256 9d6aab65757fa8b549a865b4a46441d8c62fe8300656d12c3dc354769cfa177b
SHA512 b996cdbadd720cab338b76ce34d67284d58882abcc07b5cbd3d9245aa9e5b517910e8b334d4e5ca98a2bdb5f85146e512a3e4383843dcecba2c7a29975ad6df4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5850ea.TMP

MD5 7d254d66e2c38d384618eed48b7fed7a
SHA1 18c59a6ddeb647c1d52e30c006dd0d9543bd41d8
SHA256 782631dff5a288b99869665f10286a236ccfb4395a4c28096a4e43f35d675c68
SHA512 f29e774260ef6bd43f53a7865c78d214b00cb364100590fb7d36b3e60a0f80e09049be56ac38dea5b5583424cb001b126da2c8d3eb2721437e42b35f817f172f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c4307433dffbb961f79bad1e5202f948
SHA1 da512fa66e150cbc59a8f0d8915ef37b098701ba
SHA256 0cad1fae8748ec399d8a29bb366f6174d7b71c8158f9fc92053443513b677987
SHA512 cc9e0f7fbbdea9930a4835bb64ae320ccc4c4d1779f40996c27f192dd6b485c7402b35aba4dfc3c65615d38b21992b3129c190b4e9345274f3ad6a79ea64114b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0QLZFZI0\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 eb768dc5036542429f62c23e5be66a47
SHA1 ff78fa75098fc280e3eae9d1fe88e3256f3eb6ad
SHA256 ceeb008fe8030533fd03c649ce9e4f7205716f2329fdfc0a995090dffc379325
SHA512 e2114dd9c6d80fc3e5dbba0acb4d32b7a4ff8dfe8cd1ddb8a3d8223f137c8105f369a5c74cad9b7b27f9e8944409d81ab12f7292e577da0bd8902d875e7dff15

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 bea7560a646b4bb01aa04c31ff99b767
SHA1 fa0845d99b2cb49cba91a7565ce971c161cf3644
SHA256 3998b49a97e43b109d343424f6a9fc23b4fecd4fa3d0f4725cb87b4a8af05e81
SHA512 7c02d0d2156b9aa39f12fa009c0275ea59cc1e56cf7261e9be98067290bb7e2d50a3567d624a69f629633b00c8c332afef6a66f307a000411371b1ef2cd3094d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 b057d5a967cac5d60c5b995c993f1013
SHA1 3cb5a0fa1f84de1c0c40bad1c10b67cbfd974504
SHA256 2d4edb7152c82496be7a0fd0918eb4d04b3aca1264257c2a0360e44253e0546c
SHA512 ecad53c581543d9143203f14dcee78dbb713e55b1746e5a0037b351838e6cd419afd86f4e1ea12059174c264e02ad1d6267074699fd39341739958cd722e3b3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87d1691c2b96ae9cb56a10ba99ada4eb
SHA1 01c8e3a90f9d50afb11b720f900f3dd772c64990
SHA256 17cf6a95cf6d038d9a13204093d80712ccc573933d5f4c3054c0aab0739a5e6e
SHA512 b13a9685d47e3cb56d90fc5b9b9764e2845a5f82915c638c1e080bf8b9ae3f59c33f79387fe9ad9a8c324044f3376ff0302243ff35527068a75e288f02bb77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7bdd81d56d85b9ac7e4cf6dd9998637a
SHA1 dbf225148c9c4a780a3de715a484e635150feba7
SHA256 7bf18d1a7a0964d93f39bb16c5f85f342406b9693376333a2c919019e606befb
SHA512 6a13f82711d077bf07db95424fe66e6f2a06b4c27ab5f6efa9aa1bfea244a0d8ce5d17467788d1504dd86dc02cd86e056ca81c0ed53ae8de1585da9b5b01b61d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 270a7f292590278493cd0514c7cea971
SHA1 a5ab9a8713386d52025685e3d99a95313610c26a
SHA256 c40fd087a9da3ae160d8fa198a2b6094576977afc140342afdb8aa890510a8d2
SHA512 8e7a7f69ad913ed6f26770700d4b7a4e3bf359b826a399a5f590df8292223b2603c715645da7d1f3ec8b965a7be474b14e1318f66b5a4bf01d6ca5c28632796a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ba6ee139b0b55562b6752690dc9b8393
SHA1 84855ac2bdc0cc9f702b2663e470fabd399cbc78
SHA256 91dc0a5252e4679c88f023d0ce30cc9c52873600d3b554e2451504fe1a9b3d84
SHA512 d267dfe57345b37d19414ade9d369cf2f041ccbbfca55233914a8a6a769a92413ed86f1bdc32c087e27f9870fb2705e63755f4f6c318572e7003404779c46a46

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c1deb737202c31583862b9257f98c38b
SHA1 4405ad027db07fac5fdf3b7e57b2eb6e50d463ce
SHA256 56b213bb6c56bad015ba3c233a3248d5ae24be4f11f92366691887c3eb3c705b
SHA512 908606e17052473a3d2e000695c9c9e7fefc4a87697f89c71acc911b4ea6b81eef6ff58ff36d0b9730d01316e5a1db05e52fa9fee1530430105648ad9ea38df8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

MD5 903d666db0d1d2430f5a3f365e3860f3
SHA1 20729aa648ee1865c108284310dc8213acb7a116
SHA256 876a8c6202cd666291b3b4be93be6d2e17d89c7545a003dc5227ae7455ee41b9
SHA512 0d5387c6a39a8f2174f35d10d600885657ae1029d559b96fee707b3b7f176583bdd9a9394862cb16df369ff0d69a38dcb6ded0ac74feb4ddc22032455201b21d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\C01425A73E10884AEF7072E5F96EAC6DE8E38E78

MD5 d6d905e73f23f94944381763e8afe2a9
SHA1 d53a5263330a4c0c6adfb355f6a61aaaff077add
SHA256 313f5327e7014b35409fc9eb0834e0e93173b7f49aa4dfb3f76fc20db7ae43ce
SHA512 ef513fa0d541acfbe5ec7c95c5c15f741521875486955edbeaed41d53ae80c7f9d4bfeb7920837f85f6fbd85f1b72693ca33fcfe7f294ed160b36a6b9185a9a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\A858259C15269B8488E8006F0D0609FF19960C81

MD5 a952f1aceab2c821c452739cdb020dbb
SHA1 8ed089bb903f9cc035e2e23cb04588152257be91
SHA256 2767285f9511902a84614509e43f8b55765ce5c5cef5f4dbd4960e795c562307
SHA512 d6f21b5959d493ae1fb4f1e4066e52afe7b688dc9c818f4d4b02ec7face3c6c0b8c38411cc236f1b09e1a2432d64a88f5543978af137b7ebc3215d9b67e773f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\E76FD7CD12C9FF691C8EBCE71B3F71D1A3DE1AAE

MD5 3de2760527faf33f7c64feee320985dd
SHA1 5da2d494a48b5d2ebd6ea325818d2602799ce4d7
SHA256 c5dc84212947e0d6a3e15f5d83198a65a9c0dac8d0cb2fe01489cd39e9115be1
SHA512 b1e4d1880c67425dd03f2f2d9bd752da631ac7163e6a4f32b6948c42230914fb3b66400ccdead1fb323fbfcfe81c445427a5d0f5b968b30bb9bdc9e4b3825ab0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\03658C4EDAC1F91F015B90400D1BEBB97C097333

MD5 5b664daeb59b7e0c67881f07d992628d
SHA1 755c0738c81f68a8d9fe7277fe20e2a35ed4bc36
SHA256 074e890b19759f4a579e90de137236184bb5ed6a9b21029718be0fc25dfcc4d0
SHA512 4ae49cfe535f816587ab8f1cd8e3efc83ce779cc6046560d1d01c258599f4ddb3451d9d4e89b43195ec8ab77364fb667760ca76c247277953f7146a35bfdc4ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\BF82884BFDEB030A321F706507399E7727CD350D

MD5 8d0c3dc5e9da2d8b35179d83ef9c36a4
SHA1 e596cdc9567b4d1dc9704a47596a69ba33986748
SHA256 e56fd8112006bbbf4e970f3489a4b4ac850671be73453d13b1fc3fb076442127
SHA512 3d5edaf0f90aac5dbc67f383e3aedb422a63c16431b15610bda815af421061a250c18c940ffbb1d0f463c093d7f938bd66b0256a7437d25c48f161c25efcc606

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\683CA43433CEFCC5CC18B5213DE25553D89C3D65

MD5 b1dd16a663ed968dde63f295e96a4e9c
SHA1 1ab2a4e610c0db2f64b0e681b17071a2b4058aef
SHA256 27eaab85acfd0e9f436655bb31791ce825b1838c7613b87b8955a937648acb2a
SHA512 b64ce754b0fec196cffcc20606366bad498607698f2682256e4e9cee5b51a664527143506bc300a78008239ff9fe7c0b38eb6c970080b5d09b7b057ad740c1ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\212943DB0F1CBD6F3B5EA0D484B83361DD1A20DF

MD5 24648ee4c08057facf8a8e89f14c10e6
SHA1 f76e318947712349f8c17573b87c7dd797627f79
SHA256 043d70b360ce522009dddcfa188675434f0dcd1edcfac538a1cfdd14b19a950f
SHA512 4b7fc35a84f6bf235e100879a208335941c20d06fe9041fd4e4c27ab2a9f5b27e6fe43e38b0b93e37262856ce3cbdea470571b1e3ba17c6e748763c1d959234d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00

MD5 943fddc6071c83a000c8622d98957cd8
SHA1 78b3401a0119c1d5083e68bb9247acc1df3ee97e
SHA256 e3ee0b77a1752a951e462026dc951e8a95bf1d29a7885ef46a977d0229757090
SHA512 4f72998f653ddd0fd169166e441df083ea54ed17b5afc983bc945d5d0e5fc8b23a830511e8cc44511dabe12ee1e4bf16b498dddb427883224b348ffb78b70226

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\targeting.snapshot.json

MD5 28ddbd676426a1ab9eb68519d8aec88a
SHA1 c8038cd88f6e8b85a17c770cc7cec258007b0948
SHA256 d3b609c13ba3e0e793cdbc4b0bcf791283e590c92778cc5dde50a7a94d862d77
SHA512 0fed61c69369e8ccb0071a5eb9e616dae2f009a21723cc29ab4526d3a0801955edbdf510c87d2f4716c9551e9b18575692aacfe7f26d2110136ba698f6ba6a02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 814e6b96869051001ed4b091f254a04c
SHA1 3c2899c1b1572c3e7abca02278db2ed9c4270845
SHA256 7ba5c2fdff0cdc9e89872d614e8f586afc975753f6a54455d6efa8680f7e3c45
SHA512 3775ea2c6467fc7ef2e07fb1f868133e4bb274facb64eafcb700f9d228ab47f1bdc905a10e5823ff3a05b01bec0a6acb5f58a218831ca5a56bdfab305c1c0ff9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 d3c0f31ef7d83fa5009405f80dc69aef
SHA1 932fda82d67b069327b96ee4166ef9d1ba067f85
SHA256 600149f056e3849f7fbc3ce2fd6f4eca6e0c483d0f39c475a6f6c2de8fc6b77a
SHA512 b30fbad1c25f130e5c7880cf643538767f7e34db087d932a1824315c51495622cbb3346675ac7df2dfbb4257a471bfd094ed1ae9a2387b57999e3473efcdd06a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 77a0a5a337104d24e7206472f40aa65a
SHA1 df09c0459eeb4a141e3cab695b554ed13c440e90
SHA256 261831e9eae5d21145078cb8fd66c3429deb7d2032c841e3a05a14f39c705b03
SHA512 e1d46df0157a620015db3926c7535f7841831cce66427aac024f32c66eca0ec22bdaf780aec4956811ed19c77285cbb924f4ab5bbdc0444e83f74e7b2c77d28c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 55c066db479169a181e1bf0f1c1b8486
SHA1 1de0caa38871c94f1ee160a2fcaf061a6443186c
SHA256 b5a86f9bf23c2c643c9f7766a55535e3987eaf2e2fe823e8f4c717ec108bf2b9
SHA512 669455d9fbe5463a5373c19988ebdb4d3d27402a0d1951bafa645598edd287bb20e8585cc0d0dbd13e24d99270f5ba4750acde963479efa11f8172364b20307f

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-18 23:58

Reported

2024-02-19 00:03

Platform

win7-20231215-en

Max time kernel

55s

Max time network

273s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A57025B1-CEB9-11EE-A5E0-76D8C56D161B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A572AE21-CEB9-11EE-A5E0-76D8C56D161B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000007d8800c2d84d80737532b8b5e8028fe088e6c9209114052250fd63af19d209c6000000000e8000000002000020000000de9f481292969c718da3b6524d9dec94594d60b27f1154fadd61aa23ed01b08190000000090588772ad7ac97741fed93a17c77bef39f9dc871509fb809978b9361e15655b85927af1efac71779e5a7e0de68cd25203969eb828a1245f00d284f807974a8229f6a54d2619a2baaeaee7b4129fd5e6e0af0ebc1ebedf263308be583b786a890aa12ea5d075c97bd363d14a1032273acd9a0ae3387dd7832f13444aa1f1f658fb8fec21b172f49f327647d40bc2e2c40000000ae41dbf7680273467584f694ad158d080af261ca5d829284f43eb8042b4eb077d9eb5904ebd3edb1ee46d077b2326c34aff6f70497a0ac4d8e19623dd6c2a2a7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dafe7ac662da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1944 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1944 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3068 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3068 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3068 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3068 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2736 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1944 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 1600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1628 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1628 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1628 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1944 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1944 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1944 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2832 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe

"C:\Users\Admin\AppData\Local\Temp\2bb36620acf15261962936d9d55b31e3afdc63061ff2259353deaebe3ee5fe89.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.0.1345809967\1253160382" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1176 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cfe742f-d674-47ad-8f05-50022ac28185} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 1320 101f0e58 gpu

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1152,i,10806776370388237050,15954102552075268869,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1308,i,10957605691271056521,11618009765529613903,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1152,i,10806776370388237050,15954102552075268869,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2772 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1308,i,10957605691271056521,11618009765529613903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2888 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.1.1132608334\1654776143" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9979f73-ec07-4f86-b406-e332bb66cda5} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 1500 d71958 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.2.465628455\1517922926" -childID 1 -isForBrowser -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a6ead1b-38ca-48f1-99d3-0eeb722ca007} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 2220 19493a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3224 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.3.345725568\247765121" -childID 2 -isForBrowser -prefsHandle 2288 -prefMapHandle 2304 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f1e8f6-bb76-47a5-a737-2c8f80664a4a} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 1804 1c254958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.4.1048227004\1525326565" -childID 3 -isForBrowser -prefsHandle 3444 -prefMapHandle 3448 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07a3baec-2b60-4541-bd23-c791d63c0126} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 3260 1b9f0c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.6.404685785\1866456756" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {081ba187-5c55-45fa-95ad-e9f6910ba7f6} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 3848 1ef69a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.5.1022549029\907444177" -childID 4 -isForBrowser -prefsHandle 3712 -prefMapHandle 3716 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {272a5604-f0a9-4ee4-9246-4e13c3a484fc} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 3700 1d9e3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.8.690600558\687449258" -childID 7 -isForBrowser -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65bf0e5b-9d3f-4eaf-943b-56b2d3e7df4e} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4288 20de2d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.7.1248469190\186685172" -childID 6 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a557de-bbd2-4a74-8fe0-6df8fa80ff00} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4192 1ebbb558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4244 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.9.1610394655\1868577874" -parentBuildID 20221007134813 -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d836815-347a-4c61-92ec-002b3c1329e5} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4640 22aeec58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.10.424047116\1852346633" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3967f26-5ce8-4a82-a138-74f586a5f0c2} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4756 22bedb58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4344 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.11.1277872769\1993481111" -childID 8 -isForBrowser -prefsHandle 4964 -prefMapHandle 5040 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0dd57d1-ad9c-4d1c-a2b3-8e154a2a70c1} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4980 21ef8758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1296,i,3853030306121485436,18428870500930889884,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50177 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
N/A 127.0.0.1:50283 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
DE 216.58.206.35:443 beacons.gvt2.com udp

Files

memory/1944-0-0x00000000009E0000-0x00000000009E1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A572AE21-CEB9-11EE-A5E0-76D8C56D161B}.dat

MD5 46150dffb19ab4c2b9b0bff2fb18d7ff
SHA1 d122cecf5bc0cef67ae0fc531a0de3bc55eb73dd
SHA256 9ad3c4802608caf99de27010cb79610bdf07540ee63f7827c55fcc9ba6bf2ad1
SHA512 5ef89720cfdbab9202c7cea381eab09cc07b44f890cd1936cb0220b6e82747aac2c23f4ed2f69216f5b36a7ce0699f72ac68b3e73c8ab209bafd20816bb96740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5728711-CEB9-11EE-A5E0-76D8C56D161B}.dat

MD5 bb19898624aa573d96fc3ade72972216
SHA1 5f64a1af93ae629e2337cd5fb32b53fc817f3f66
SHA256 020dafa3ead537715657e909794a22c6474dad33753893bd972e4dc397f8db5f
SHA512 270ee302fb04191e2684a9ad8548751f8d84c6f10f836fa65058b3f9c060c3e4feaa21fca19c2cfc8eca27aeb110e45aa8e286f12a52c3b8ebd9e4e28e567af9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A572AE21-CEB9-11EE-A5E0-76D8C56D161B}.dat

MD5 c8071ae55a57f07aa4307724f5910fa5
SHA1 151ceb4e066e14efb7ded888530e47c11c65df78
SHA256 6bda22d877ed5aa84a218168b90bdde15cf8a34cc06d4a7dc1e7be176b4ad17c
SHA512 faf200eb82ec2db329528e19b9f86abb32154fb242b603746b89dac5b49fd3b05d8bbe88be362f8a5d60570c814724e2c5d65b71a5cfb73e1283d98a5a79e667

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A572AE21-CEB9-11EE-A5E0-76D8C56D161B}.dat

MD5 750f76a5c66711bf6801f42cb3fcaaad
SHA1 ccd29bca5fb93f8135644dd972de28953461f9c1
SHA256 5290473da7531396ee81012c1590227290c2f08fe4e0db6ee112cb9992090edf
SHA512 dc577241e7585527c0962a6b12041c7a4bf9fdc74beaeed1f65abe9cabc9ef79a31fb8db693781f69d667ea235b1667c25e93f1f4f08bfa142f9064cd714c77f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b529d58202c61c9697a1d10a3da5489
SHA1 5ee503e12a24ca44b6595d6b46b50a503e930246
SHA256 a24e74d74c864bbc8438ab9096d2c40208ac0666bdec813db1ad958b875b1179
SHA512 2460af6612e571f2eab35e4535cdfee9f308b840d377519eb3dcaa2c0da0766fd173551f6219211d8240915f96c0e3b4b270dbb33909f75d450d11e8de4a3522

C:\Users\Admin\AppData\Local\Temp\Cab227E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2280.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 73d33ca445e7699df2c05fa3cabdf118
SHA1 7c62bf16df73590ff5832d1674d9028cdffea927
SHA256 807d5bd847913f41b20bcf74f3f37cae09cf6b6917d0b8482ec43927df7d2714
SHA512 872ef2afc30bce4eef20e8ecf9cb7849ff93449e47455afae51e8b0de773b7dca45636bfe5dc646c98c10ed694e68a0a03c700bbc2c4d9996870337e4561d39d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b05c9ac0ba204011302558516f589d27
SHA1 c0f01ce30a1178c0bdf4bf3f0d4bc649584d26d9
SHA256 d6469c65270605718119a1b1af1c880bbd0ca879451676e5b27257a180355409
SHA512 a32a6912dcb4f77cbdea59b47dd2c747385bbb533da1e857192ab96ffd74878829e43c92caf4866642a689a81bbc00248c1788aa9b7c37118f0772ea41a5e72d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c8fff26d0d1e7f597c8fbee2936f31b
SHA1 49078d0ca39136334be60550487025bd1a996905
SHA256 e0bc97a428fc22b511883a467d2f222db38cb6ece0bd6483b53ab001925f9688
SHA512 0feb39d436cc402ac40fd0a496e3dbf6a7cb52a1ef04ca5d4e13c9862d87c0874d9b766ae5ed39803a25808f84e11cc4c3fd725f4a2ebb6a2d0d32c9ece544bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 8d580e7eab069fddd896195696ceef3d
SHA1 f2db56fa68c727367711f5841baed3a553eaf477
SHA256 3ab081e043b553e9a9ffff4d0213f0fafa81a6c2cc4f5c4ef4ea302c59486cd1
SHA512 e931635b065f462be89fdb6444751183ca96e06c7d35bd83dd5bb239d04a05eeda84198e363c5c7c6f52ec78b7f510d1502e55b2647e37d320095fc50e52e915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 439979f4451895c290515f431441d5ec
SHA1 7bce483c0e0afd41b6bf7233392fa648ccd25a23
SHA256 ca182c4a0afe1f1107e813aee16d0a94f06b03b7ef2c397eeee95447beafe76f
SHA512 4cc5cace25a377b749c60f45040eb3e89cad91be2cf66eb0571e65f5454db6d596917b4e624a15718070439fb7edd200ec17f4c9912bd559a6410439debb6142

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8cc945cd4f37a464b8d964055aa5086
SHA1 85f711a4d2afdc654d4a7c7a9695369389e4a439
SHA256 a41c3693a2969c1646f2eab736d8a406e2904150ba8be3f8844fd98263c9b7f3
SHA512 b2b76b9e120f46b8a6677ea10203ce9cb3ae714f112cea2c9f656e05858923a6a130a5ca9ffb7fec6fe6c720d91214016fc829455a0bdbc0726a44eeeb99b7be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eda42de90770a5032e6dc1df1a080bc0
SHA1 c699a26dc7840bb34c27ad503eba4e62de3f3635
SHA256 c7cdc0bcb80924eae40a62b3216ea1cf4ee7634ca271ca4f04dcb9ace1af42de
SHA512 19c1deeea2780f08a8e7818b6cf6c4fc907ac028b80bb10779dbdd80bc1dad21aeb9c0dbc6ce3b2a9fa9e1a3e2b2ecebf5bd0d7ebe6979314289463f3732a0a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bd29ab73e8129d3b353fcc071bb9223
SHA1 3386284d96c743df07c21fb5bfe96e7366ffbc8c
SHA256 4735fdc7cadad96637003a56e389d86d525aa4006ccc9f765a9add26562c9a88
SHA512 3a62e081ef573b8491fb4330bd3f3fa6a2fc0d7a59cb7874fc7985288f2b3ae7f6dabe3970ecf3b934a307f2a336d25c1b99bc4b0899197de8fd9d9f5a832803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 c971af0cbdd67ffceb6fd9b91e8ab56f
SHA1 9e1274b21bbfa36198eb044de18ccdc6ee41689a
SHA256 eafd3e9236996329431dcdbc18b2eadbcc05ffe59f1cc7af725fc7f6ae0dd03f
SHA512 4870016818ada22228cb491c83d9e2a35482305b97eda82009aa3a9dafa208caee1416e03c7240cd438d9ad64c554d4250a7482a4d1d83d7266da72ff6383fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 21a1e6f27dca753659dff35274c0621d
SHA1 5918a7d158d5952edf4bfb700a4cf27aeaf7767e
SHA256 5e07f9df413ac3ed892b268ceed53fe61198c141fcd02a6ab476771a61b0a1a2
SHA512 ee4fc415f0393752ea5aaab89c460114ca5e06839ca909e353eee99b7b480672c3e76fc2a5c12e25bc4c0eb964c7e83d54f7964bd99cacdd058508d053b3f102

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L4XA931\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7Q9AAUO1.txt

MD5 dff5af1d616d00cc956407b125df486b
SHA1 feafcbc74beb1cfe3fbf58168420f5a8f20ae056
SHA256 3abb56f24b06bbbac7c32c64fa3bf9b8b8731097ced441cbbb32c30d4c195c23
SHA512 4f390b51cd61dbf84b2ebba845e1b05e790cecae7eb5233b1b7e5d3b173c6abb282213fd0d1d68732d840ed2bff859e3ecba70c8c6cb97528667b20b54967187

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 e7d3220989f91cec07635dd633c06235
SHA1 189c6f67f0dce611571e536271cbbfd359c54392
SHA256 00af310d387bea48adcfddc16a817c2692f95bacc6c85973f62be5e6199c4a6c
SHA512 e6be4e641484e558f1513a140235e2008700369719f2288e83a94d563944277b4d7e827947096ed42dfdef96eea7e105c94d92706125f45c0ae11a256f9e84b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 d72ed71545979ab8149afca0bdd6585e
SHA1 0b1c1b422bff51156ca128696ddcb81dc18c9765
SHA256 06d0fc18232ce76cab0498bb89838f50d773dca55435f9ae2d4861031cb9406c
SHA512 2e5ac7380cd6c6b9dd55d6706e7208f47976d417eb722889673ab57c7b57fd3cd80d04d9b3defab5fea4aa53573f0fae683f8c45439e7513fea247d6d506b3f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 b4e089b5ae5073f7969206360ed2ea61
SHA1 43751ddcaffecdd3021f031cc34e14dcc483b4dc
SHA256 ee0e2a04dcb1c69e97ee0c549181ecb2e0fd28b2ca16cbedf0516e6793f10080
SHA512 b978fd8e49b58678990fccc02ec08dc6627c5dce773d5b295346bff597dffe1141f1fac9fae125e5633b75b5e76f548801420eecc0e70dc24c8b1d6f76b81c51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1f314cc6d7a65de14c083b687dc525f
SHA1 a8fefd7825a6e2a89d14382f8f43fa25c0bbd53d
SHA256 99c92ec55a8e15015e759373fbf7e1d6d5b511514b81ef0f49c64188de713de1
SHA512 8ce2195309a3b36f4c2ddb111ee1dc216d0908170e701f8d843d202421d473678472891af0ece29c796a7992db054157daeed4deefe89b62d40db1912e03231b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d252b67722bf41891102abacabc2c835
SHA1 387d92710fe1c5dfb386aa7f8daf57df9ae8f361
SHA256 59afba9b213a409694bdb0e2e44661c260df703433007ca6831d98bc6922bd85
SHA512 a4015da8e3199de8746093872a80f21c699fd4c17d3f4f4e9f56622ab3e03fb437ccebbcd75ef1db824831a6908264a262b277524b2e4d16f5b77f87d5a455bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0938f72cce9af1fdeea495c69038ffb
SHA1 3e326816b0dcedc61123600779ccbb7c289505c1
SHA256 2bc77efa6649b6d6a11cc91480e6796c6fe33e9443fdf798e9aec9feb19a5ad7
SHA512 0056b035cc810406e8981dd5f024fd0006c75e26aafde2d8bd46021b290f314e4716e941da875d36aa64289964b9db3d5b3094eb700b9beae872970f6112537d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3718e98115e228089d5ff36935270a19
SHA1 828be85e2639f5e402439f3158e9115ce8ff7bd1
SHA256 825b0e43528bad264b5c7fd5af65974f7909728ba0a4065c0be8816d448fc19f
SHA512 9944e3f26350369e15fde6e1f5727c1ef33b59338e6799a0e2f2eb71dfa27270bfa6a6bbb9cf30e4da2e45b919ac4674e233c8be96778abf6b16a8e363b17228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21e363568c7cf2ff0ad9e7775a8b83be
SHA1 7b44fd7cba208d7cb6ab07a4f6bf3cee7fdfa3db
SHA256 bc09804c468c3603f2f65cb3000881a70057582be195bfc59462b5e04c3b7600
SHA512 da16814496dccce91a3756c76b3e1ff15b306d0ad3ebae0da36e8266572c009fa67659eb2113bbf474d7e2ac4f6eded38cd3c3ae253805e183b5261443bf22df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33bb33d7dac23390c903b2b01e73aa3d
SHA1 167dce27f3f8816711fdb044baea8f4bb6396944
SHA256 4986aa3b97e41138440a8cc7ec0457cc1aa1c47e29efb8221e1eda34d136e578
SHA512 de564a57d50594503a7f2db5a251f5778a5350ee9a554c31e974cd78a704f6abbb13b24c752af53846db43b6b72ed792ae161ca74c8ead7c56ea783cc8a3c19c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c6633fe42f3353deb76096417ffcd9b
SHA1 ee341b9a4bc0244b79223846f4de986f2e032a0b
SHA256 323653a63e6066e9247b6b1b4a4dd388839d13466b75a66237b7f531205371cf
SHA512 0731447d3b995d7698e830777bdce864979eb3f4bf3bcfb1b0f474ef2d6a10af73f120b87ca081601a34970d6c460e0c53294fced55efe8a1baec792b2b6a7fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac08b1bc03d7eb0331432cfcfda157ff
SHA1 9c90800d574b0f28b0906a925a78e1a4aeb67f52
SHA256 8595330af043db23f37c7ecb0dede7c9be5829e478f5fb9b99870bbb55625fd6
SHA512 e4347216430f965f78786c7bd167dbfeb1b809786af17be716b1aba4044b0117f3232436c2410a2ce41586014309cf193c2215e5930bed6236d71afc53aada7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64ce4e5369e88939a3c5046a9a0e19f8
SHA1 8e994aa01ccd592766c0dd42f991913310477a53
SHA256 c2ff6b68356e669ded8b5e478b510384fb52ce3f311d0982a2bfd90a8d9c3a1a
SHA512 5ae65ec426ddd08808258186712ef73b6a5b949edff8c98f8dc0eb9f24a782699167e3112fb7c02ff9b8b1b9da909c30af7ce30f87e0b483bd57f3eb8482d26e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fed410cb9fbc6b08e91f9fec1dac5cbd
SHA1 9bf2a7e318f1b5f76e94ae32bf5804c2107cca27
SHA256 60d8f5663a613701a0f41d780b995b8f7473deaab936e2f1b32bb2d36ca488d5
SHA512 3eae60816628307bd4a322dd1f5e003b2543f717e249f53ebbd2e73a0713cb115300b5ca0c0342146a84920282ba7b016b87d1c6831693378205ef952134e17a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c7c2e850ff3ef70ab8222b9ac4d65d3
SHA1 945b238ac1abe3f610555e1b019db31c62fb798d
SHA256 4bf7c8a3ba943412f74f683f66c93a81e2f204f19478680c12f20913e2673022
SHA512 ad5ca7788b01e08c1f4d67b885a40a0661b4ab5bf72f3ddef853cec5777778e8672abdf832bf525a078dac87c94efdb27fa052f857a3af1ceb0998a9346b3c39

memory/1944-901-0x00000000009E0000-0x00000000009E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1628_CAQKLMBFVQZOITHV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\91ab3ae0-2bdb-4e4c-b1bf-9bc78fe9169d.tmp

MD5 5ecfd9853e8408e97e1a4987c95fd90a
SHA1 912a01c737d605be631e3177f393bd2e47529293
SHA256 e3308430cbf3f06d8d8a8d53639ca6ed3d099b8c8cb6aa67ab50c77c8617ba54
SHA512 1c9a7e4f04eff5324ce206db1fa20a6df9481ccb4d320fe9d163278f31ec85affaf1734d6dbdc2d3f6f20006c0bac5c5500e3531eb0475290ec40dd33e61ba22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\aafa54a0-7bbc-480a-8819-41fa968dd718.tmp

MD5 fdb4d7d4d665eb08b83b5b7e60802e78
SHA1 6d0e071903007de277b51023e7eaf4ccf8199f04
SHA256 a05cd551561e7dc868e52a977751a49f60861b065211535d75c287eb5fd71bb1
SHA512 802180ba983c86b9d99b4b79f9d19d6be3f86e857311995a92e49075b92f87208eb0103353386ad2d0134bc8420f813a825079cd6ef04c71f0d3e1b56014815d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 1a1250af265e91009d758b5191c4abd3
SHA1 3db0731f8581aa58ea4b0aa0ae5881b94fcb3ad2
SHA256 cf6ffc34998a823b5e737d496960f24ab4f03b7e3ae2db2f08d589a8781d6732
SHA512 9c0f3c31ffe4927db483f6a14038fa5931b84ab4646055f2719c094dc6ec900623aae40dfb5e625055d5cf30ef36eaccd33985d175c51ce10d63f658113f8a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 0c775cdab0b027ad439761a5ddefdcc6
SHA1 99d26fdde922ccdab7dd6a01b8f35930d574f274
SHA256 fc1dc11221e57a97c4544568eeb3d4fdeceb386c8a945bd7e33bab0c375f291c
SHA512 a595bb229d1ea6d58494ad30283310b0e6da964f22404e1c9bfc89c22b79196600808cba0ac4a6988c05734a71ceaf1c6726109165dc55c1021626a445e9551f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 77356cd789adcef59151613cfe8ef4e2
SHA1 b30096fb7678b89057bded4064544be04ceeae22
SHA256 29bf0bf3058bf9a3f71a7c942adb95aa9ab0d8e1fd0b16cafba28cee910a6ec6
SHA512 4bab02f9ec779f4104a2c18a8730746db63ad1ce231911f8f2adbc1b305cc1813e395f67a8ceadf25eff01a228ca280bbc06a1d611298cb34266e14acaccc678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 6a47e9f4403f2705c49cfd40103890df
SHA1 e071dc95bae2c759f0a3f76f96bcd8ab7d836ee8
SHA256 24b2725f8a5dc139f681d67d9ed908f0ba74b91e09e968064544509819d1f49e
SHA512 0343ae0d01d1c755f0e79c12f23e4ca2222ca830749a5bc99b7638d29dada8e8db1f0f4695c3947539b0d90b3a96874b2a8ba9dea5c07a6953529fc340bd4804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 9f6aa8a0886bbdfd18f5cedbcb7772da
SHA1 01ead72648a0ca4bc8f363946ebfe7a5bff7a146
SHA256 97df3fa25e4027a19d0a211dbdf44b72c96188aba7e4f9f60b5b5bc4ef05cdfa
SHA512 73c795e1021b4947972686068a778d9560231bbb104396a1ba829f4a2240aea296f540ee2f56143f56cd30e969f7d5743cde7ad60ddaa663d427c5c6c54d7162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 ecfc569be6c12782df8306b2884ae95f
SHA1 79f64a2c638ce3cfcbfb8a24e1653b7bd657daf1
SHA256 05d5af8386384f0fc536914a47eadb1bd93549be2948e8426b4b126cbb457d2f
SHA512 7d420da08a8de143b996ba116698ead7874ddcbcfe17039c8cb939e5eef2974f33430cc695123596703abb2370a34004024cfeb32e1253a55c6cc5191225ab46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 5a250e3d0a5e3e5ccbf2f2724cf8a75f
SHA1 c93ab9558806d8564396f0cbc3a5f072267d2eb2
SHA256 625c97d5e3bdbe72813933ec83f1971a23935f2fb517f660421c283abb63fe65
SHA512 d1cc727459642b8525e9ec195bf15dc92daf4b4734e61d218fd3cf2253b2f2de9489d80ca025096acf4b1bdb131b0321ec51017ccdf5fa65a1d34a6b0a4915f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\f88c6e76-61da-44f2-8e8c-38f51bb1afac

MD5 af4ba88585d14426860e2dc8a1b3756a
SHA1 b653bee388d82d7c80a41113c6cfbd3a1cf605ce
SHA256 00989a8a93c62eb4fba7bfaae56609c6e2e657134a0ad6cc02bc3ce62fe065cf
SHA512 1bbad8da1df9efce6f871a608dde558e8ba12664912722accfbd360bfa3df921723abb1a2f6f653e228f186a8df17d2badce578f902e737f31a5827c6ccdec14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\c1f85592-b266-4b54-acdb-504e69e5f0bf

MD5 61779a438ce947bc400a01899daa175f
SHA1 8cec59d70a9a9013efcc882db81a8714c79089f0
SHA256 6f09cd68e70bfa3ba2ca90fbb22e55f862670140231a5a97c3d4ab435a917c36
SHA512 41b93501acc7e6510c8ebc5753ab37db06843bf408bf6188e844f4d5130a2543fcc9ce2285f35e284545628dfa673256e6b3965268675278312ef7b05c2c5dfd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 eb96ddd69a8192392789856ac020be11
SHA1 7f9248f4918da400e77a0c40bd00c7710f92b704
SHA256 64dcc946a58ab521c26c20b246a8bac4276a99d3d9edcf82a75e29a90c2a739c
SHA512 84c1a7aeedbd7e9d6ec2cef641dcc39f4f991188d64a10dca060d796d5d30226db0655e178bfd630527d62baead4402e19631d9a73a876052586aea012baa69a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 61e83be2f70fc7656ed422cf4b048514
SHA1 659f095baaf1ecc3a9de731110c5879ecf750a92
SHA256 f4620a2892b7070c98daf47256330fe499584c8b97b0b5d3f90cdf63fb78948e
SHA512 e8645aae8419118edb61224c85fd218f383e4c6dc942e5f82d73fe4b46d6d218445c07023215e426706ddf006606bf04142e04f4c72de019a6c2404dd2a38abd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 07ff38ed48a1b6a2923483a54d2013e3
SHA1 970af19e675d41b9a6cdbf2eef6776e053e35359
SHA256 87016d13b60d3a2bb49272ec7fb7f2c38b7a5b2aad912dd0e049a00c6dc17069
SHA512 52f3dc0ada915d7b36264a38832be619f7a78fff3863bcb2f3fb9715733025fd7f95e5fc8f7dd6e5fddf2e6e3cc04e321d331f0db071d7852fe3d3aff8213fde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769e13.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{8c6d51c8-f56f-4acb-8255-6171453ecf14}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8411a078075eae0b7d2d0dfb5703d0b0
SHA1 d501b214fbfe04833586795eb4e5161f65292b0b
SHA256 543b457b9829facafa977e2c7e0c06357d158a198296dfc6c889ecc7a3de9008
SHA512 24f95dc27024d97ba8fb9af94ecd2ec48d808efc1fc5eb02f633380ffcf23f169ada68e7f8d5108d7852becc701bbc31055506df2c17c48811abe5e7351fd31b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\3639349060yCt7-%iCt7-%r9e9s6peo.sqlite

MD5 e04f4438f5a1ceba5182098c296831ad
SHA1 650cbe44480c2937eba4ad9c6d6a6626cbbc7f9e
SHA256 0cbdd44bff56c8fd3f10235c62d4faebf6b05146a045e5767ec2fa3583fb042c
SHA512 fc4cb1e6f6fdb8e81e93c8aafb87b10cdb197dda4df0766276e765ec79ffea734336920c775f004e66edd12516d2ca0e1bfeaa0d9e63cec190b22c2f960b6448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 016d1a84a8ffb3dab9a10288cbbc0c78
SHA1 9c8ae59e073e74d9c23b7ff6b06606f167079fc7
SHA256 d1a7a82772269f5d1bebbcf5a8fd9a4a03881401fb3b02dfdeb9060a7d8d86b0
SHA512 d0efd9f801ddb5ac89718ca634ce6fb91a725fd5c249dc35f750ef1b6910ef68f6d0abd3c276bf2094586d846a17c6548a20554427d1a49cc333638e3c08d010

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 aa36dbc0a24cae74f4cba17301a13a53
SHA1 278cdd47abc4e64b171083aca18a755b297ad795
SHA256 db50bffb6588e5af84599456b69ac97e59099a2006ee8b9578494349b2d4181b
SHA512 48dba1197180bca6a6f99105a8b3a9495f3a476cf314e2644d8816377fae96a917f1d9e6377cb6e82b1ba94f3c0f04de469bb908782930c3c7b49af12a13f99b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 7bf3cc1ac81fe881c2dbc695f12dd259
SHA1 e99c8e845eb3338dff17449b9f62ba2d9fde3834
SHA256 d548d631addd72703a943d72ddf3b3c2d39d0e0ea3097a5d8dc4057c78c9c04f
SHA512 a3bcb3d058fda0a293030eb4f6c8c812a7976ab1b2d21713e9c73f23bef1a9291c4dcf47cbc8b9db8d5fa7f8407534ac649e40c71dfa421f3ee938dd4ac1a4f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 a5bea9a9e17ca12a1f8e2f503a5a712a
SHA1 8a3d01a25b216e399e7389cb6a6dc55b0ead87d1
SHA256 a8d6805abc59b3a7f11187708abe38321e6b70de5040ee2d64d8ac3fb669123f
SHA512 dfc4947b1c49f2caf6095597e8395b41fd05b0d9d9869987a3634700e6f01f0947d3008b2ae6bb0c9b2ac913609551545773f9512319da5efb6cdd153ecf2a98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8327f4f7cdc9df1d19361a262933ff2a
SHA1 21a7dca12644a6e502c875ed71cc87ddd016ce0a
SHA256 96561e28c79f2f08a93417562013b601ac38de519b607293cc04687c76fe932d
SHA512 8e764e0a833f310d006da390b22cd1564af5c403e8e51bffe0eaee682721c1ae2bf3402b30405c4329971b0ff06f7ce7f4573019c1b2c696157f4d9cd844745b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a45b0c50aa1318cd484350d75ad592fe
SHA1 9c5ee25823204c5b0f1ed81e77168adfa0a132b1
SHA256 fb2e1788053addced266aae2eecac5e70fe5c0dbff3a9c1208347d2a09ab6a65
SHA512 cd1268d20af857f6f878a22b151e076cd19f54306589c30b514f142c7d6bbb3ef2332fa247bc3fb49c6217d968f91b798028308e784f4b410899fc729410e2e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 4443b6607668703dff04b2feef4507fc
SHA1 a41f22e43dea4340e435584e96a2d2e2d3f61dbd
SHA256 8480fdaab7e6614fc36497049b0f862728d46bf530606a09a2cd546b16f18bd8
SHA512 a5d1cfb2635842312bcf18a8de0426672ca414599d048a641bc807346628b2152b9b4d7014479ab5b9ca1d14224b8129dc0c6d9f4c61ea78692fd9e4287c89cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 124d3a966ee7aa9e4b5232bb736aff97
SHA1 4ab29814e445b693df1e3f8aef31942b00ba772d
SHA256 81bfc60a553935a5ad278b4849e468e08003e95c6e940a49f33da294342a8cd3
SHA512 1c5df0926f3b54820e84bd6bae0362caa38ae1116c6b03268082d7725ff36724fdc595b470daa83dae6b717866889e185cb1853973c41e656c4492c48103e80d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64b1ee4fe44a0fc40b610ce2fb316edf
SHA1 bce080f6b95e5cb0afaeb1585889a8066c236339
SHA256 9f70270caaa253a834dd47af6e0ad100aabca2f686f8489e74aa9bfe716250bc
SHA512 7692cf6fdb2078b7c5d7501afe1707d2c2c3b182eeea6afc93194deeb72f25742c9fa8d234d6474bb3d5aa648ab1daba4478bb56f03d62db25753aa0028d9728

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13d4ded799291ad266b77aed64fedd5e
SHA1 81a906b5872188ae26e3dcd1046b8c666ce8278d
SHA256 be54091e82308d5f6d6350ac8c052cde7462a43f5899c5ef960905d838c9e6d7
SHA512 b18da2027cc44a56e5d8bf3ebb5f38cdb5310b738a1f1bac2d63bc0d0dea153b8cbc01403f1762bffb8a979f30f1054f7dd480cfb707a7918d48477920066b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6c9e0b33be47b0ff9e542d8e0efa67b5
SHA1 9764b4355f0b4f1f5f4a1ff1a04aa561e7c972a9
SHA256 bd2ae2398d369df7b4a6f8a44fbcbaf77b82bbd6e920d86fddec11e877d34f18
SHA512 c5921660fafbf720646a1f13169aed2d077e8319fcb947101a5d01c89d03c28a6844679c871c4de58057ff5e980c94460fb940ad9f6f66e5b83a680d95f5f7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e126fd45308a93267ac6092335f36f03
SHA1 8bc32f52983ab85e5ac718eab1103d66f67b80a5
SHA256 1cfbd7e3ba0086993952e403e53007eaa26c475f047ad9c47407ce9cd6f7499e
SHA512 9cecd8ad1fb0226bdcf7865af8b7fd9d6d39f95f87fb2d1eabea5c04bfe04012cae688e01be693a1bdbd7945b9e855485f1415b452bcd622391435a7b91dcc43

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbe0d6a52b5ff9425af325d53ca7fdf3
SHA1 6594003908f44d88d9611b61d5122dcc2372b4bb
SHA256 e6b9fddeaad459d1d111e0787082cb8149578414db51cbfb6023609ffc04e289
SHA512 fc24592fa1be32ddcd02b4325922d69c5bbfccce704e27b555a8d31f0ffb56a2cdd23c227dc3fccc24c02054b8d7d87b2fb3224cd025aecd67abb3ece4d3873b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3116eb42ad80c1d1f6899ea8d0f6401a
SHA1 fb58e2be1e8c252fd0962860d1e9ce6d6dbfda74
SHA256 e04896b2adfe98c4da4a104fefd82165675ef2d372c8b7ed125eccd6d4839f5c
SHA512 a4f1c644f26885838b66c62420a02e40c9a9fa04446809a2c264e9d44fccc3965dec9c6a318c17d264824aa51a281a95c409fa2ed88cefec26329b6c4fb1e86b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\402e944b-764b-4b86-b9b8-2a4f8a036cd2.tmp

MD5 fa47aff9938e8ea174096f2b071095c6
SHA1 5d3d1e76d181458255ff668b23a38dedb2968b86
SHA256 e13ddf5883436c28d3fde092c74917ab9cf197afdf44c90913393eba232bb36c
SHA512 b9f8f2196fb7e673dbb838d0f232a4dbd62f907f1a2115e9684efe59d166502e456dd4c975107efaeb0aa5f65677f512a223ac46cc21f4f7a4c7244fa3b9891b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e9fcf6b770134e216879e5a5574fee6
SHA1 6352f32cd2d8680f341824939c1f1078cf02a222
SHA256 70ee53e922c9e501fcdb30324c7f4faa1dd5c188e83f6e81d02d30718c211498
SHA512 af6e43077657fde5bc0260e95343d50c0a67aa3e36cb4162195fd9e2f44d4ebbe82e4c4be571ae50703abd7682603feac85f9bf55ecab4354fedc77bfb535c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99c76a2be7db3a334e3de678c0a35adf
SHA1 be50f1c9a1e9d342a1e471d8d9a3356863a9bfec
SHA256 5c56a748c151be0d513fdb0dff7ef039034fd1b5800accc5f547537eb401603e
SHA512 0bc61c0f222ddd1ea2c16a5f84ce5f8c212c592789e4674a6fc0c3728985d285caefc613b49e0e2ee5dad7554cd2ba0900b12a840c0464fe2a8beb898000127c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 638ffa33dca046c16d121e6575a814ad
SHA1 0f423b941425e3de9f5111bc0265190bc98cb2c5
SHA256 4a43baee6a2e9d3f86199f52fd61883d80c2e2a4926e784eb1bdd1fa555afd7a
SHA512 5cbdc7b11dbfd910ce25bafb0b06528306826e9c83ad533380e8ffdd577e5644dd7b0fa4552471d1c1330bc5d8893856d028aa17d6a6c7540672989157e48bc3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 74099acffb0f552b590cf14f82c1f75a
SHA1 6936ba759fe4bb4fa0ac87d291a2bcd10d00214b
SHA256 9cac4cda783b97fc8b699212b81c2d53c72fef0dcb7133898e532aea8c60a6b8
SHA512 038c7b638e7094d65384091e2261f3d0631ac96da6478e0e991a96f25cc0c0805fb11b52df738e16d9e7bb0bd18cc2ed7f3435a0c142731a9715636bbb03c679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b387eb191aa38e2a28e1b2b16e4a91a
SHA1 7ec9003d3225e9b10357d44d0fd7f198ebe0df9c
SHA256 1de54696b8f418ac8ecbed80728a3b80d85b836e180cb1318c3bcc8861b535cf
SHA512 c3547fd1df6173ea59c5511ad3006911bea1b0054bbba4442be8523dfe16259c3b55fe33033aff346fefde4a9f293d99f5873affc13efe9800243c0265dee8e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4c8c200adc66669ebc70ef929b5fb23
SHA1 ddf805ff46dc9da131f48e283f1ee3bb049ed7ae
SHA256 b6cd926d3eeedf1ed889dad0f5b885e5a1dbb102e6cb683e277a185a7ccb5836
SHA512 7c24b9d883ab3e8ce48cbc6c3d61697ba526a0f9a39f4d1cdf8236023af70017126cf70bac47a628ba522c6e9f72f17f2ce61cdd8bdcba8358591c3b791831ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9b3b8d98e0bbe9f8d8a9cc4604c1e3a
SHA1 c855a0b8f8939d2e33448368dd351503901ad3e5
SHA256 9e5daef42109c22dd681975e49690f1c525aaa7401c16e133b6a7ebd33b24c0b
SHA512 31b6839cbf5567c1f53e8e2d5ec95d199012b8d685302046b3a23f4f94f49363f0db775719afbb70de29b3d74053b78fe0f0b6634afcbfb4eb68bbe7f73f154b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 3b1ed5fdcad3b761edf318bad653146f
SHA1 b790d239f600c35e6f9d936890103ce335bd075f
SHA256 ee5be749adaca72caffece75558e1372e09e1d69115fb7eb3052da64c782ff6c
SHA512 deb247122ee0a56daa9d1473c016ec8929907bd00d1189eaad519bb2b7afd64dae7f3410884ae69246747c67970b6bdbc6f2a1b91a3956347ef785df843f7a5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 bfb66ecf7ae463495c1ea200710c02e3
SHA1 05fcf96e99e0d006229b560fd06987693666518c
SHA256 442f2a7a1dc433d315357526bd07a1ffd6ca70d375f86aa85b9a985b9fdfa481
SHA512 c56b03e88c5d8b50a016793b6fa07c74fd531a2feaa7802512b6087c33616bf7014273ee16b12640e8f29aa64b73a87a4e6008269d61a0a73fadac128777aee7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 79770d0bb32ccd2500b240353d2ef968
SHA1 d78bac928b7d0ac83896f6e896c0b02fa8c1f14c
SHA256 8202d62193fbe7da46ef42b754f93902deeb2e99f342b76e595a39453a1f39d8
SHA512 15d45be89a73508f2eacf2a8873d589e5d8fd7dc58baceced18e65a19959053e43851eee3a310888871a6b74a30075b009da106d3ea08043de001b9789ce1f67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5420258f565a6bc14d39287be7e17df2
SHA1 c863c71135e70eec692626f57c8472bab76c9321
SHA256 5617a8e4d043b3f727e4a6ed2182686464f2bc4f41bd54f42cca6179e490dd7c
SHA512 e764bf9ae5cf720165ab6ab3435fe82f502f8037dc458b7aa37562ab3c61c426e53daf8f227db72c6bbbe32264f6e5d00fed90de98b1affb5c7548187cf99d22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d744b6e5ec96ae148bfacb1058677a05
SHA1 6ae6a53e01d16a6f6a0c3247afd65e7cafc2a12b
SHA256 94562dc09f087ccb481b5213957eeadae535b0524106e4bef159dc8490bb2a9e
SHA512 a8340f048fab37b2b5f05fc8157db2a275a66ddae447b9030ad6e8928774f92d37105543f89278f3dc1e54ddc42eefdc4c32c978a8fffcbb5435abb69bc5cd0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4a92752aa96e26599c44f42f2788904f
SHA1 b1c9b1de98600bb5953e599b1836e47f6ba10694
SHA256 c017921917a586c41dba3bf7f29c1bd574b128246b843e23bf789d5984972410
SHA512 d257fb59110bcf46954e5f9ff7c2edc5f7d93ab7da7bbc5cbdfba6d3502e9182ce8e5a7e1d46fd16e377e57d131a15d6dea14cfa42d34543d49404899fe06341

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 820a0c9630460d86879b14526bd85113
SHA1 d46d333fd3cfe9bfd4a067942d98938faf7d53fe
SHA256 f022aa18963522947f2cced83f12e1dcaa03911bb6333bfa34dc49e87ae4cab5
SHA512 0950e11e8ab0f2f4052c0f35347802aff6b1e05a2491416feb8a206f6d798c8069b8693fef6755b8d5edddebb4f906d741277b8d1ea17a7d3dcd8e615edaef5a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 117832628ca29ac20db6a78b590609e5
SHA1 a3c594cb92e5c18d30628b80dd6c552c8e76b234
SHA256 171f317b0290ff884dc2501868c8a406395cd236902f79ba91c49c44a4a7e4ce
SHA512 ce900f51e2a2d5cfb2a9798486dd72e241d93ce78257e8d1ea49018777498fa05242cad2a8facc2c353644764c63f5ba56a0c8d469c76b975488f69ba78a1808