Malware Analysis Report

2024-11-16 15:46

Sample ID 240219-abqcwsgb84
Target 9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38
SHA256 9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38

Threat Level: Known bad

The file 9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Modifies data under HKEY_USERS

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 00:02

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 00:02

Reported

2024-02-19 00:07

Platform

win7-20231215-en

Max time kernel

65s

Max time network

276s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000d86d9a496e4fdc7272d0bd0d4c2284c1d684e5b8adb2da9032f145999c7e82cf000000000e80000000020000200000007154c799b90f4043272c86427ebd1348ba68ebcb7fa0f0e4b47ec8c1350564cc20000000989cab66885ba54934adf37976f0900855e2a15ee388e397c7c84a4585a78875400000005994f701498dd4a07f59be5ee18b5d10dd724a29816a6ad0b90ffaea688dada3ec07860beba5c87af4c0e4ae159f11ee51587aa6f5ca26918f5dca16c60526dd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FB2F401-CEBA-11EE-91A3-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FAE3141-CEBA-11EE-91A3-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000a944751968ac6db71275851f6c0ca0e4e4371e5cbb3aafe627024640fa23c4b5000000000e800000000200002000000025681f99916dafd6fc86ecec52a4182b4075652808949237d4a096c6ea482b91900000002e4114b88a8ec32ce7d6d66af1e9ff0a8cc5d8bfcb450e0b6cfbc18d70d3be0399f318ee7b6a06cc82ae38922e0c3e1566f6cc395d5513b9a381e5a56cae90d515690a250476636d2003329340031045e149621b4a5292013e8a7e3c63a20c552a222f35235a859055baffe0b5cd24546bcc74e93b8f98026f46a1c6a98bcf15fd24ba1ccea748afb860be7419176926400000008b67e24d37c79784040b9a98b6950226ccf11effdeb3452af9062299a7e1862a1071f9fbdf4edb618a857e5eb313d4625f7525e99422cf3700a42f4c80a02d22 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FB092A1-CEBA-11EE-91A3-4AE60EE50717} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1776 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1652 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1652 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1652 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1652 wrote to memory of 2756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2084 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2084 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2084 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2084 wrote to memory of 2780 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2128 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2128 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2128 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2128 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1776 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2132 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2132 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 280 wrote to memory of 3012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 280 wrote to memory of 3012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 280 wrote to memory of 3012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1776 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1776 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1592 wrote to memory of 1524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1592 wrote to memory of 1524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1592 wrote to memory of 1524 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe

"C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6719758,0x7fef6719768,0x7fef6719778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6719758,0x7fef6719768,0x7fef6719778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6719758,0x7fef6719768,0x7fef6719778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.0.749907264\1973797151" -parentBuildID 20221007134813 -prefsHandle 1188 -prefMapHandle 1116 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24f4e0a6-8155-44cd-9f9c-504d40087cf4} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 1296 10ed6f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.1.144034080\1992639647" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d98ac99-bec4-41de-a478-3e04c0c5fbc0} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 1512 fdef258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.2.75858971\2121343009" -childID 1 -isForBrowser -prefsHandle 1744 -prefMapHandle 1796 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d596940a-1f30-4931-bf31-96d0b9c3eb68} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 2008 1898e258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1176,i,6597107820882737819,2824847892039705175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1176,i,6597107820882737819,2824847892039705175,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2680 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1328,i,1134537622268819484,9519156927204613136,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1328,i,1134537622268819484,9519156927204613136,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2940 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.3.1246263542\385137419" -childID 2 -isForBrowser -prefsHandle 2740 -prefMapHandle 2736 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {163e8f1d-3eb1-4da7-a0f0-24f1c977a383} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 2752 e69558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3364 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3564 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3840 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.4.1017230235\1163276084" -childID 3 -isForBrowser -prefsHandle 2892 -prefMapHandle 3668 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2634d4f-059d-46f0-8d16-fbc43e2ffd60} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3676 1eecc558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.5.893905478\802040257" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2158cbd-1c84-47c8-ac8e-7a557855924e} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3776 1f209a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.6.623572253\770136829" -childID 5 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfbf538b-7f0c-4ea1-a45e-4fa5e535a96a} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 3888 1f20bb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2244 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2228 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.8.1920187315\17357126" -childID 7 -isForBrowser -prefsHandle 4284 -prefMapHandle 3932 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3619e33d-3e89-427b-813a-bb55fae2e551} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4260 212a6658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.7.1922670116\1837829704" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aaeb7e1-6980-4697-a393-b3c34fc3e762} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4244 211de858 tab

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.9.798799838\1983179118" -parentBuildID 20221007134813 -prefsHandle 4368 -prefMapHandle 4552 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68daa356-24bd-408b-81fd-2d431ba67620} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4624 18af4e58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.10.1388004709\84868033" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4732 -prefMapHandle 3380 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {315e9e70-c435-4168-9640-4f2534ee700f} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4748 1cd25558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1524.11.427977167\698434576" -childID 8 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30303ed3-d0a1-4052-b3ac-263bd6472fc8} 1524 "\\.\pipe\gecko-crash-server-pipe.1524" 4924 1eecc258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1268,i,14169624307688856548,13755427117640751965,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.239.198.133:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
N/A 127.0.0.1:50170 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:50182 tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6z.googlevideo.com udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr1---sn-ntqe6nes.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-ntqe6nes.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-ntqe6nes.googlevideo.com udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-ntqe6nes.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-ntqe6nes.googlevideo.com udp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-ntqe6nes.googlevideo.com udp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp

Files

memory/1776-0-0x0000000000850000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2FAE3141-CEBA-11EE-91A3-4AE60EE50717}.dat

MD5 fc9a35132f89304b10753ada1ae4e260
SHA1 4242ddc0c9bc2258f086a9d09c4fed42d6fb97b9
SHA256 f37eda26333d571dd1ac940b6b26e2e71dc39374a9c048daf283a40d8e6d5a0e
SHA512 316b2cbcf7e8cc4a55e345c20540f18ddb75919fbb11e24d4da2ff7644f30a5887d99bedfa495d7dcc1a1126266012901f35bedfe866807569f692b9ed99fd1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2FB2F401-CEBA-11EE-91A3-4AE60EE50717}.dat

MD5 2c3454236066e320d31c40275d76e948
SHA1 9b488a9cb5d50b1be160dd8dd1f430a8a0e79bf4
SHA256 0e7c09987a7e09e90ad1b12c44a408a472181afd7edc3feb2278c2dc20ceb497
SHA512 d9d70bd4eaa228531593bcd747caf5e0097cf676736d838f8b3f4d864c3575c595cbdd4c1f22bf5730d3b7fadc85a90cdf44a3efbd96b61cd5972a160a18414a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2FAE5851-CEBA-11EE-91A3-4AE60EE50717}.dat

MD5 e0a11ea2a2b2b1af3f2cbeedc6e1c1b8
SHA1 80dde5f6cada0027d3bff2c401e34d883fcd53eb
SHA256 446fe8835b0edcfe2a481fdae2bde3c911b51812e0a6c65bbfd43a4e1a4c7061
SHA512 6d3657e1bee0b6c620dc360a9b3cf312432c1e84c62301fa0373351dd90e75513fb2de2df353831219eade29856ef21fe673c96b237f7583b8d9d5d66d66e0fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2FB092A1-CEBA-11EE-91A3-4AE60EE50717}.dat

MD5 f7a5e0deeaf24a310b89a64aee9e70e6
SHA1 d047770d2aacb60d5c784864c649a08c5ce9e4fb
SHA256 8c74208bf881fe9d06c50967736eb8f172da02546199feadad443bbe5d6cd029
SHA512 305352665f791a8a8b79851baceff73d1f05917639941780882aeb0ac9af2572e5381bf08214a125b5dc5a201e4f110a0608038f1b426512c2a5f2f9d44c1096

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3159271dd729177343d08a637f9431b9
SHA1 61227975fb436d3c96bad6d0916c2fd6c0768b1d
SHA256 e4df094981fa3673af16d27c96815f6cebf9f93422aad8966fd942020510f32e
SHA512 3cce92943e44ee8d18d0231c34737b62eb717f93d71b11ff4d97a6111cd435c1d1ef7c2a8c9fa5b45a93928ae5b9c514e5fbfb510865b6d019e53fcfae0f4c46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 aa44b4649eae80b4c847ad7a31f8d872
SHA1 a3d4fffa16b724a2952fd34715a81ec9b256a6e1
SHA256 3ac68df4a92bba5f62e8f76a9b8188ba935c82bc6b296754d8ca741ed242f349
SHA512 f7657c7c309c7f9072adfe95f0e1e38e36844d13ed693c2aab47a9193f94876b3783fd4ba04e8384026ed90179e1095dc6fa6b5ec70351c2958849fb16d4f40c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c17936332aece7720ad913632b10c068
SHA1 9597f62dc94de781e93b2ef74bf2b7e76b0b97f0
SHA256 a1525257f1b7fa6dd5a055b6a6a9f33e819e97041c33bfd5602d4c0028b44d9a
SHA512 1d9f500ba09c8819a3fadd7fa620e549c7b9984f21287fe9576b43e0857d40450b80465b2d188b9639ca9e79700bc842c4c785aef64f372134f2da9955de9509

C:\Users\Admin\AppData\Local\Temp\Cab24CF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar254D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 78836c955b364896ba2b5c7a134d038b
SHA1 0068458757871a70f56aab772429cfb49cb128bc
SHA256 332d547ab33f3a4ac80a332bc1e5e3c98f35026ba9768052c6553dc2237b511a
SHA512 d74a69f22ae9079237369999e861979919eaeb565478b27f80eb7958c0cbabdc1f41bd71b7f7dfa20bc3c5b65f0fa84d7b94fcc2b64270d6869a6e5836fc72d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a90f2a433f334a81f5affd3c6f9b416
SHA1 dc4a6a607060178c11f7b2b388744c00974e0272
SHA256 e74711874450277222b4ab3f8784ae688ae0cbe19d1bcb0dcf66dc31d0d49a12
SHA512 ac1ecead289e7bbea050fd6ea26062757d90b3e6253b6cfd72d2526fd68061fed8ebe69efe2273031052c2d47ff23e2659a8158fd46581227a7c1e2b0f2c2ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f256bbc55df39eb34b378ad54e54eb08
SHA1 95a40ab4a4a043683e85aded9573820b73472fd4
SHA256 d58cb2a7dabbc873adab9ce5ce92faa610b2bccae1c15a32362018a1e4f2827a
SHA512 4113a788125a48da59c163ede7ab05405b98bb44e9222942165ba5fbb768d8a7a304a9c99c7431434143d7156ebd4592a6732d5cda20a1828ecc3cf893877722

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 a6f983ae15a872f51f69e417eebe9f4c
SHA1 e916f88def38ee2a74a840e751b9bffb781e1953
SHA256 a9fe412a251a955b2daeae5327b7d1478891b2f47357ebdb662b1cc2d3b7e8e1
SHA512 f2ac1c7edf97bf2ed9fe933dbd6267755dd3d3159f4272f2bf31b6d17b97c24cc3507cbd81525970c0e71a43234e6cd4c40d4858de718052d3de0b139ec6210e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V9KI732I\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2O4J375F.txt

MD5 6013a0fe758707f03413b8d76ade962b
SHA1 e48c8d1552eb1ebf5da9d25a1c4a8bbc99934c5c
SHA256 1858dcc3aea2c0c80736b5b3ba2993f98c6eaf8870bcc7735201ca60274bb29f
SHA512 14822844594333521ec7d3b8f0f4fe0e2ff97e2d04a1770ae6f183ee277fe6f6b97cba7cc5c4b83c836e63f198e9112349045526b1fa34fa27d28b33ec01fafa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 922c69ce0f205f729e5a43c956f31d68
SHA1 ef7532272ca1120bb746fc2e11cc0813fb6fff01
SHA256 1921710ca504beb00956233cacebf1b0a3c5379e41b5e5ded5511ccf53fb0239
SHA512 7e322720d9ab05a84fa01e36847b04f2bc0b514bfe44b56d2ee3ebf653a1ab38d7f3bca64525898a4caa0d6c11c1d4f0b886980e000fc74b3688507c395ce55c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a0b39b4c23dded0df59306e0393f84a
SHA1 c69d4a4416b556d74b53c18ac976f71046a59bcd
SHA256 3f879db6498145eac2d101b84305307a1a5a306ac940706fcad0c48ca6b8fdc2
SHA512 85d53effb0c5ebbedcd78c4e2273bf7ac4c3c7b53787a15a110c9a6905263ddc67ff13954ba808cad57ec00b437811c88fdc43230cbcc529a159ca150e792df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 dc6bb980bd25f50550680e92a3a64923
SHA1 f8012b8601671ecb4bb0b4c81a897518daa8a7a7
SHA256 5fa63cc49e8302a641d9e9be43ffadb90b0cc04dd8469f7e37c87e40744802fc
SHA512 f73e37affb9641942f0475ceee804be25dfab6b9d3bb4add90dfdbce437b1eb30e17ec4fa1ddbcd5fae09505710e1a03e90687881b3d575d729651a66e089c14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 979baa50dec09db3be5c115001e503c5
SHA1 bf4ac17e275e27cec1cfb9076859fecc64f50a91
SHA256 d6cda68982be1aed15d5a65cbbdd7c5478e3719ff85e4ad2ebbb9311aa3f1759
SHA512 73a7154f5d603bf3fceb8fcda7b7e375dd811329fc532e99f04b439a25634a1657f52a84475c278bc145fc6873b8443bed725d488e33e99e456c711732505ded

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 6d0d8a3a287849c5f34e808a483ba26e
SHA1 518ad0b0aac1987d18f1895299db3357be581000
SHA256 a44e50809ad6db6de28fcbb7210ee609df9eac38255951fcd68e1987406cecbd
SHA512 27ba72b21a50d187e97964c168d4b4e642f00a3cdb29ccba38999ebd3c22255b28dff2e4638c090fb9c278e75cd136748652e07ce7a573be83b72bd102ff368e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 c11e287c3ace92927881a22e514af922
SHA1 cf56496200daa5f2f2b68c09558c37864ee18ab8
SHA256 971f220c0128322b78b80ba954f498c2ab88c5ee035b0cb02453a6ad55d71e60
SHA512 a18fa38047e2f74fea7f6c68d8a6c0d273842cca98bedb24a8e797c70e935e345bcb452e03da43f056689d1077e1cdb7992d4f6386a894a3e859c78112be8eba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9770901f93cb5a17a7e01ceaa57b8e39
SHA1 b753bd4848ab02cc29eefb374ec90bc48c9ba992
SHA256 f682cb8ac711e4aad49ed477c9fc10230af23222505fe240173bcf16ae670b63
SHA512 d56733e0bc30f4acd5bc3f77bc6184619e9710f79c21d3a1a0f5788770542752ff19e4ce155e188ca9829b00b6f65aeb51c1fa9797989f74301e5001e95e3a05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee29227b26e32957826ea158c0433ac7
SHA1 fb810aa5e36170d6773b354db6e7929939251d55
SHA256 f1c6db1dc7d841e9f186eb67dfa2c3921ead8740b8bd8acc41de2174aa3bae65
SHA512 66fd72bd5d8ca9840772766b76fb9dc9dfd898cf449f110df1485afe091745abd2641f95b0e7e4cd6d8a915a55246de8abb10192b9b22a0022afa8122f247ca0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8269d1e22fc860fff1fb9fbeb6480844
SHA1 6cee30a726dd13d099a87179b1df52d624e08542
SHA256 80a0d78d4ef1693022036fb5943b5754c8f9b20fad5ed137261a3b47032c5ecb
SHA512 a9af49ea86b6f5e08b912df7e55d1c319243760664cd2d8149a6ef26ce1202cf89d7b7b2891621e7a2960702af1cfd0e421a4b646aa872d32d8000919a8b6813

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cda2393a06be99d052e22da1af21636
SHA1 2eca5e7d9afb92cd62ec1987d591a54644b4913c
SHA256 50bdafefa159f0e984d34775a23c9431b30f3dc8515ea393ea98a0b53f286e52
SHA512 b87157d4518e10c5f1fb491bdb45cfee5f1363321d67c5f0f3c105b5bad3211579a9da37ac261eca327adfc21d998b472c53f41cdf9d4dff7e7c89a8a91c365d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ef58e97e530dd3b29281f68d0f8ffe5
SHA1 ea7fbff43ca8297fd5bb6bfde857f9fffc79b5c5
SHA256 d60627d280bacfa40fcc2bea46bc08dac6d703e0a5be1e32eb5c9cf9b5aa6d03
SHA512 87a107c4a4d02400b3a2a73879df7bd9e4a6dec21a5ea0dbc52df6d4890ef52ba582c3f020f491bd8190f5b9f5a1a41c7e5137fded3e4ca91ad1f46abd2110d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aaa3b4af3e79574e54903f2c8b75ca2
SHA1 79cb13e7d8509a961d9ff9ff72e482af0168e8dc
SHA256 23e8e7ed087edcb7ccf3fe5896c25b16993aae03358441e62088b1b328d15b28
SHA512 5a279bfd524c9a1689f860f74b3d805553d11171e21212fda69f6acc3ecc5b1b389dadec1baf8af7ee06a11abef1e6bb040cf7d42cb6d4474db0674c6f538632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c530d0355c28b70b886cc82601e4b811
SHA1 b3eb730f438c690e501f272e40a0bd37e9d359ec
SHA256 7fa8a57751f64b121e6919da22a09b5c82ae5dfdfba54bd2b4352c6b29388191
SHA512 8532c1fc047bcd0cabc5172f0ac8c068adc61d7df6c8fba164f6417cefe2477dc415601496b927ef204c25abe8c1874af70ae547faa6aa47d32df6f2cb89eb52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36e7cd3363b1b7964e29b217971503c5
SHA1 14f9fdd7222db193dce2eac110d14c6e9eb01d15
SHA256 b2df8079b9fb56906e8447dfc77dc7a5b2e321bc4f83513859255e271ed1951f
SHA512 56d4c2057a8e491aa708bb0e8f96180a8f9d07e5885d0fa9899e2aadcbe2993b05c5de22ae52143c33997fa94edccf181bc0d20023d09ad94239324eadb21ac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebe5ea2dc632e5248c41f71ef05ec9b1
SHA1 f0e04e5f310a138954c6717ca775f9df6c0bcd43
SHA256 4912615be05bb6a5c6506653396b88ab605b387e488b770692b102fa656397ce
SHA512 659e9bb1f65c3087ca94f12529dff591df22875d260e3246a33815cd2df5e169517563ec3ff034a7623dc5b1d89a0462f995da85efdbb408f1ceee7570caeb35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c75f8ddc68a9c675dffd3dea7af94734
SHA1 b8eef6e7bd5c2b177c4d99ec140a57407a9065ff
SHA256 a5688f87f1c656a1d92dc255448d58cc9be829fe411931017230ed0c1c56c02f
SHA512 cc884b0348f8feee0d10a19aef9bfd06c798934088eef757fd4834e885ef78dfe6625d6ebc2b705ef3aa555443815dc56275ee2bd17f1f522a20b858035f2ef4

memory/1776-895-0x0000000000850000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f47e890b4447a4ffaef3ea52bdcd0bd7
SHA1 9ee3172de76a6579b4392c1d8e2162ce1f6d12b0
SHA256 993cb26ddcb4f560d0192a962cd11edc0298dbc861b5944961acfc587a991565
SHA512 b827ea7d27d114112ea927bafd81f2c2b5b35c17ba1872091c1f0d8f5e46d245dcb45e436b9bcea42a7f8e8ebc5dcdaa56a2620ee51b36d189cbe028a85da9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2132_EJJBFSQWGXHSBGDI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf768739.TMP

MD5 844f975b15fda9e12f6eeffefdca0b20
SHA1 c75eed7e49d96b9b4942abca3695b293acd2a42b
SHA256 c7fe0f56dced04ac7944818bc6754dcd1f4bd5b52ed5e560022f0ad5da995141
SHA512 6eebb167aedec5787d38a3a0732e23891e6ac4433cd6a90083d0cb1e63efa74936310c825f288fb5d80b1035b7ea474a8c6111e5f2726106229e34ac80f7996a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f615d185e073f1100f8be8f6f24898e2
SHA1 0a0ca40e7429e53f7b2e0343690adc0396127d7d
SHA256 fbfc9fde680720edbde4b273647db32fa9db14a1c7c94c92fb7418d5664efd2c
SHA512 bb332c0b78005d42d99dc499feb27cd2e10ee583d1a7c3f713a37fcfd63ee94c5a012fec168a3b21a00febfd762707d753aefd1e0f6d6f85b4072b9ba63dee34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 54fc23f7a7128a40072f468ec8dfd50c
SHA1 88fce28a1c584dd559ab071b5789a26db1a4c4e5
SHA256 b9aca2002a0ec2333328a411c3b00a26fcec29b0a27c82f351f227728a62e560
SHA512 2bc3b2eeee8ffe8a4435bdcfaea9fde234c2e51b7fa9c009439f13dc93f8e22695e52c48fccb2c5531785431fd55dee46a62ee09ec3ebf605a7ff2e1c6e27275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 0c775cdab0b027ad439761a5ddefdcc6
SHA1 99d26fdde922ccdab7dd6a01b8f35930d574f274
SHA256 fc1dc11221e57a97c4544568eeb3d4fdeceb386c8a945bd7e33bab0c375f291c
SHA512 a595bb229d1ea6d58494ad30283310b0e6da964f22404e1c9bfc89c22b79196600808cba0ac4a6988c05734a71ceaf1c6726109165dc55c1021626a445e9551f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 9ef0555fac1d720d888a9a0fb7139b72
SHA1 87d12ef06b7a698ef78fff9c6f38493da54af45d
SHA256 cea5277ac0cdda9a3a2f5d410905b542ecb76b8a39b414d258e842e605f9627c
SHA512 4b2ec458614cab4da94b588a30baa4921160cf2aa551c977bf484600616c8b6381a80462df33db908efd6c7e57f9bd1e1edf0f6aba97cd25f8d5ddbfbf16699a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 9f6aa8a0886bbdfd18f5cedbcb7772da
SHA1 01ead72648a0ca4bc8f363946ebfe7a5bff7a146
SHA256 97df3fa25e4027a19d0a211dbdf44b72c96188aba7e4f9f60b5b5bc4ef05cdfa
SHA512 73c795e1021b4947972686068a778d9560231bbb104396a1ba829f4a2240aea296f540ee2f56143f56cd30e969f7d5743cde7ad60ddaa663d427c5c6c54d7162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 b58d8030a77fb05679b44d218c548aac
SHA1 9b2e43703da0508d357aa92b26e48ca738c50feb
SHA256 8280f086bda718c4066843f0c0cad909d10e75b9cd310ae9fcddd1e3d5264eb2
SHA512 964441b05a3479958d342415926b5e128897ae9dc659354f47d543473b60df8d6118fd01102486a57a527cb7ad2bb3d0c9189fdda5bae691c72ba0a514927f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 23cbcfade6951d2eaab11218723ef740
SHA1 7a010360553a36d257ca541769938216fb786a24
SHA256 cba121e560831689f438de23ab762dbd53bc1bbad08c50a84fc9afb945b94c65
SHA512 996c4549f10d8c3b9d4009a42e3d9b78fbc8934ebf18fd1929694a041ec16784a21cf7b92a58a0155bdf539a685924f457d1a988472647b4ae099ce4ddd03669

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\0a9db4c8-ae30-485c-867d-d0704ad7082e

MD5 682ed9e662c12b6d2062412f95dc2557
SHA1 089f615815316e15de7a0e2ca464cf7ffd5d8428
SHA256 0ade90d48fe99f96a028c20b7a4bd5943085e936de9b876190019a8bfc85f9e9
SHA512 a8306e86c016de00a5097ceac021d7787be6c6886e25d389a4d48d6778e2b5c5fe491de87d795e288f448ac0bab41a775574b67fdc5af89fbf3eab23fa01a9cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

MD5 aa7aeab2cd13df86fc18132921dd97e9
SHA1 ef17bbcf5f19e1590acfcd9f90a3d820a35eff81
SHA256 921155f51d743399f319f7a11eedabe0922bdf9e4675eb222b77ef9053ac35a1
SHA512 9de6bfce3b6d148bba0df67feab3d2347cb8c9ae57e647c1831ce6380e24b1d0b46090f168c9ee802b8927ddc296adc3a5844cbf5624b11c226dae8d0e9b86fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs.js

MD5 25a5e60accea029674c7150d02f35353
SHA1 65468df55430630992d45877bf580ce2d72b985a
SHA256 fd76571e04a0018377ef6752b387c16457a72f33d18710f00e509869d931f855
SHA512 afd40f76435d0f1688f0b1b1261e20572c3f45f42909d0946d200d170d6277eb24b00b5d553e8a0ef91849e59f13771fbc752582f4a8e293db6d748f8b58f26b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs.js

MD5 bd5becb1582dc1c9814829126fb943e4
SHA1 7562696172d17e87d2062683743ae3b7202c4729
SHA256 64d5f04c4d9f39892e84587899be2a3ff37b19c37a42bb93111f1badb805372d
SHA512 08ac5a5c899c0e3c4ef67e9c4a39c503ba8ba967f5d9901ec9d5e7f0b3ebad407e8765cb139faf6ba249d7fca0eb42b949138cd84431914a6edcbe91b8b182e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 621013c533c172792186b4adb62e2174
SHA1 42e7e5b7273bc7f47320d769638fe5a643fc5d11
SHA256 faf20769a7e9b15fc246ab94f0edacf44cb0093de2388e5ea3ee3fda53ab03c0
SHA512 81bbb0460dc3397f15e5647d5e51feed7976d5600f0ff77299f77efa2c43c173589c1d6dc50a67da57134a8ce3cd90a3a6c82d32f155914a80ab43ced495f9db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 8aa3286a88d48ccc45576533229bcad1
SHA1 5e541d0aff81e3d1607a9bc27fde6e8073f07081
SHA256 f0bfefa37f909be3a5e2c565dd09ca1593c9a9a2bf5f9ea06f67fc20034ac01d
SHA512 cc2417ab2547f1bcfc054319852409e23e841e89ab4b49b53da090baa6c7db5c0c82c14b0e1b95c4a83866f77f388799f43576c62aa602955112f8f010204738

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76ac17.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 5d21e711c84d0751f6e9136f90f04f22
SHA1 0db60ae02ed9b82e5436c761e9e026240f2cb7d7
SHA256 406c47a4ddd69b22c58c0d477379b0da8c87657b4210a3fc66f0982eb4766f87
SHA512 43925737581bac306cd94c17b2a2dd7ed77c3665949f6d70e59aaa31f4b11459e051e23da2d053bba08ab2d5bf1bf9396435569ed7dd55b8822b846e82d5547f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 2ee5015f6c1c3e9b3cd5ef8a4fe84e86
SHA1 b1b992c526bfcaea900523541c5dfdde223fb65e
SHA256 36c61df25b708574cd7f780493b062b9ab34376571745226d7470531fb2e8480
SHA512 a5c52af7c7dc477b6122b1aec870249f7066e083b251802876f871d92fd6e633fd6cbfc3b3b1b529e754f7fcf2e32f6a27a46011b45e61b8151a3bf9ccb61990

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3020_653642517\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f6e2fa3781bd59f6e2309e38e8255775
SHA1 2b8ee3545674d8a296d627bdcf46d2a67aebbf2b
SHA256 5219df8f4869c44762ef64407541ccdf24a59ed1268b8f8157143993f389cd1a
SHA512 6e08fa2e964815e2bad4dac83398defa41570ab9cfac0421066014417fe67451c74f0b15040280a06af0aef74ef352cd0b35c704464959f937f52de520abb2fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\70\{f825faf3-a4ea-428e-95e5-1a856917f046}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\idb\1964708771yCt7-%iCt7-%r9e9s1p3o.sqlite

MD5 f76a2f44159d3efcbd57335d41d02f01
SHA1 f3116ac9c0974807235f11c01c9bde09b4220a84
SHA256 030fe935a792c9713cef91994cedec078f77d2d144e227fa705c63091900a228
SHA512 871015e6e45accd008487880f968789a29f32e5d451352de5d6a17f518a08c5f967814dc8972d8456dfdee6881f5142c3f5b26e9820642ec1caa3d7709f4be6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 648391e198eb82f23cb85f3e308ca3ae
SHA1 9fc48672329c6b5827121565b7e67241ab5ae35f
SHA256 8247f9464ef491d3954ac91bf7b219d0cff0cdba357aa6a9c83952241b804bca
SHA512 272164695f95892cae6cb93990af92dd0d9434a6674be50776d7d0df37c333fd6494c65f87ffa406657870de4c9c0163ad80da8bd04060a2d47c50add5ff3f3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3ee1aad1f856f328d2bc6d943c378175
SHA1 abebd2a95171f5a7a810687dcc4b8e70ab676e1d
SHA256 0b6a91256e3daed246e08816d23ec66c392cb3df185ffa05c1990f067d33ea8e
SHA512 155db88a56e24d207195c5c8acd126ffdec0408907da51a64c162ce6889545bc0fb4bec040f52ccfad50fb26fe871c450f03c76c5f9e6122fa944c69b1bdb56f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 2a4635da92b7d9fdee59350175ac4bb4
SHA1 ccc7e2379883dec79a12c5f91e9ecfe836b63f23
SHA256 60fcfc543d66e08dc0d4852cd884355b727dae308f62dbb0f5b816cb30f68a92
SHA512 a872a68888cfdc878b4d1a4146efc4f71a28ed49dbf5162d577ddc81c74d8c2eebdd566ee7e2509a1f08cdfbffd103d6b82f2db5be6bdb5698d2bf68a3ecb08f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ea970b441b4cde1fdc31a420360959d
SHA1 d05b6db9894362877be511746562c81261ae9abb
SHA256 75e7a25f0a5aff936d35ac335d69b15a006366f1ae8b6e52a9814276c786fc14
SHA512 38732894a6da78c12488e12f0bf4e2eaf443e2e396b0145978a85cab2641409ffdd91c27191063a49b5eb4c91fee3304a82bb384f225621329a1ccfd91069146

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbce73d0ef1349878106e01d97586d48
SHA1 2f6513d30c5ed21029aad5861c4e38a2220ed6a3
SHA256 b5e3c7a13f9a627d248f0ceefcf6c3b40caf1a3821fe16ae71c2d94aefcb43cd
SHA512 c8b55f9ceb6f6222f6cf5b6029ad65d3e4519e6858305710a68c655772c3f18b00e438ae3f6692ff332435ff7b092d8e179e575ea3a0b545aaa23a39a214ae72

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 23723a219ae62a04231bc76e829969b1
SHA1 a6c6d2437af63d2abc201fd106050eee6c9e7791
SHA256 5b85dd0469f097dc6ab51a4414886b5e6d824bed1eab4b0d47c268fe370aae09
SHA512 886abd128be885ce5d0d346fbbb6c3abf1f643fa0b52662013af817730c66fd4032a2021e4fc989a01a76fc83fcc5e37c0499b4d693606bad31881a1dce2da08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 810f3601ec7a83d95f245c81a0e81c95
SHA1 a56e0339e2b60d455267d1861f060e0407476125
SHA256 ca5bb660bd894ae3bb35a618a2ea28085206d92445f37be6462a95a34589c474
SHA512 1515eed80fa02e6822c90db72eedca0263dde8b922586f9c65fc79250f16bf95e27c0d278ee30e02c335a2422b536960527209edc97664f0ea3236e4a342ca54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 502396b2b5c6ff51b9b94c2381d89043
SHA1 3f8aa1affb1246efb0112623c03df18d89fa23a9
SHA256 6e2119c33c3df40ffa6448c8501f888ac2a6c337cdd1463a48a31ec51311ca79
SHA512 7f4136793847340cf8643542f7723d23a444a758bc32b9ffa17db79ad7713c7a3233b16120a0701013f7980b075aaa000a0c173629bbb1c0bb555cbbf42f0e28

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 ac640361b17eb5d8e946b99b200dd417
SHA1 d79d7b017bb7a222f76696a64e21f324e0c959aa
SHA256 5a51305cc499577852df0ef841fdc5e4c392c0946f1652c99e7a50ae8f53c1b4
SHA512 8ff298611e859d9979e2451a96474ace289b1be7f6638841c9fcd0d23b22e8c8ecdccb082ec864912a909d0ebf1a3a5789e1824c28cf2323a9a6ae005bba6184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bebc0da0ab99e911995fdf26647deed2
SHA1 96f469a5c4d3a08b34092171dc507e6497445335
SHA256 a63a6ab9410112011b2dae4342d6809b25e1ceb126f9e9ff742ec2c2630e9346
SHA512 38522ef38f5f1dd5ce018755456f760d2142e4cd147fe414f4010024cd475ef9d65c4f908bcf22ca62979ec575ab8aa01f6025e545bff9a87e241fea483e50b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8560f6fb-fcc9-4509-878c-4dc1421ff4e2.tmp

MD5 a2c8046e19916296f9d1e1872fdd59d4
SHA1 3657a4c77aa93439e518a785cdcf04105f05ce5d
SHA256 273f7e8e99d5a90884242fd2d6c120e3addb17969b9ecebc3e7d4c762fea39be
SHA512 73298e4b5699bd16cd546ed9e1b4e0eb83512e9c86c4b874f7e26ef9802937ddbe654e44b9f125efb91bec5dd1f7d4a8c9371bc117a89061ca5e5b1b1af33445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ef72c0f048f57cc4e8d466aa08330098
SHA1 5070432dcc68fac08a0022f21f47f3254d032c21
SHA256 2fab720ba103278e10f79864186af46d59152d6eb05842b22c93f86e176e23cf
SHA512 758e8012a413ae2a43c920dd00b207afeb95f673cdcda54dee7fbe5a2cd461959e48c30383be2228fac148b7bd47c32d2320edee38099384da09a732a992cdd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1ec51f52019fdff3ca8a5e76c690fce
SHA1 6c7ccf412123440ece3543cb5d5ba1437ede07c2
SHA256 4be907a36a7620f07aa8806b9ec46cce6954d46324c334f75161ba0d3815a48a
SHA512 981433dcbc0381778c35cc9ef39c052534d2dc8c48ab887f3ef078c6e3488b7daa62936ea0695e3de561b7109317c0d6d111290503d38deffede8889ae1bf6e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa84a5682adb7ec7ce09083e669cdf8c
SHA1 37b298b7c4ac8cfb0a0f938e072d9141be9b5b08
SHA256 94f487e03c061fa8978fdf34184231d452a035011bb644de52a2d813f21cbde4
SHA512 040f02c5817369bc75dcdf95012a7e12b54904e86e1ce9d687f3883e828e4a4d43557a8a7db0f35da8fd182f2543445b711ddcc46ba76df5c97196351e1a5fd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2530195153772ef89bb7c51fe0ebaec
SHA1 6b95229a6c76aa769a8175e4fa34ac2e64a5473d
SHA256 1bff3f24c9f29b0717935e00cdaafb458ae6dcec16837a65344c52421d5dc055
SHA512 dc6d3f7a1390c0caaed7d8825b91ee3ddc43683422e38b19c6783118e9bfc26ef1e7a5161ada1e9a59d4577851437f45ba83db62e3246a41b5dd1eec090638d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31954fbdd50ba85248c91f21b2cb278c
SHA1 44ad98bfc84754f2b760b46a44635b4961778e74
SHA256 30560c512e4f05ee8b0254460ccee73c8ada5a6c8e788f58ca42ba4cea97b669
SHA512 a11305f3b50c7975579f7996d53d72d52b7cc935d7a4b402278a6432f0aee2d5f0ec894f443f8ea2b7f50a27caad85a0f8d77bfa3c63af42bbc7b91005dc1d9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a360693b98e4c8fdcb6f3761f241501d
SHA1 49681a88d842145d900afdca14de76cdf33f06cf
SHA256 6f87992226be58255fba84e27bca9af8d726de4c053f4befafbf9e09be882c6f
SHA512 74802c0cf3773d9c23bc7aa1e5c87c7d4e663fd3c73f2c0388896172e9a08ac9c741b60bf6a68d29bc6847fb08d48f56ef16b8636eabee3dda60ff06b5f9db9b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 537b5eede760aa8dd5a1d59ce80a34dd
SHA1 2adc86b73d0b7ab845ddcde21573ed743b993578
SHA256 51f9acc8aa5a7e9b1fe20d813b637749d7bbdc08328f2e25a27d42c90fa3e477
SHA512 2b0822e74f7af4c582efd4f6afb12f858bd8ee745c0d1a8bb2a512aadd3c93fe11fdb6fc1c218e97e14623e26855bedd12d48e67f5ae72864f2e004bf2123ed6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 102cb9ab55ee4ab1d46cde317ba6d441
SHA1 322d53396b7f829f615f78d37b0b537a3699661e
SHA256 8a2350c3826f86b36574ab413c912858624ff2131e70e9e051e5a87412283fb4
SHA512 e496516370a75c678c53a2a45968071b697f6a10a48315ee405b02187b0f0b7168e13b7ac2683c3ba6dd5d4019750954a5339f4e674eed14de547d3d0e6e1467

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbc905ae6b48bfb187f40b1385d111f7
SHA1 613d44c8e85cd7ab8027dcf09587df35bebdd560
SHA256 f820ef42c5e0f43d6cb83048944285eb7fa545333d3f957d18fa42471d4ea9d9
SHA512 2ef31ccd90ad6604359e2870b837f87101f39ee48195ed6b7e093f65b4f74dfc494451879c565b223be6902ae724b80bf26dbb9e8c2f5d615254c1b549fb2f1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ff638816d015b71abe39b4ab4c733753
SHA1 838513f8fda8cf8181f6e1202a69076e3de67b00
SHA256 2fe586bbfe043e92d48c6fa9bf661f5a694ce8b4bdc27dc00956c29782fa6c4f
SHA512 ab7dae9c513af73e166af24cd4fdd584a4b2f3e315a67057165d6290f3aef715b2baeb1b76935cd2bd33384d465887bbd5ee53a7fccb31e807f915a8de3b60cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a22003c00fd4fc8e4700bd3ce7188837
SHA1 d549e9bbc1f210031c26b977468645cdcd14e216
SHA256 9e18d8c8257ddd3b32c8856e64626512857ea9af24c5855c0309d61933a30b86
SHA512 81875d957fd561ee45044c072968636c6de96320f26e143a2ce687a524448e2ec926144e0c26f2044dd471c4743577f7573714bb2a8498510a168c6b815bfadb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d224edc8cbbe82ecb1558316f5c9ca3
SHA1 43cf5275992701b13a08abb1cf98718e5d9e7dfa
SHA256 4933fc271c28d56fb9edbba4c328bda95ca975791caf955cc5bc34d2df441cfc
SHA512 ccb4d7db0ae8cc5165fa67b5b7edde8643d24dd86de81c5a23db1037e48f8a8b655ce708cac99250d314225c04228bc568da057d8a11ed29f67fda391fee41e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9ca6ad58c1982b42a07dfe976bf8f229
SHA1 78556d0f656ee1b75912fb9fd023b04f9b5d3d04
SHA256 ce89dd79c0f5b088e8ddb6d6cfce22023762e4c241cee0b1e6b0d1eb3fe28095
SHA512 cc82c44b38b8eb9b0455ed8003941ee05a91beaf9201cea721c75e483b3c44e5025969a06a5d57b41628eb51566da383df8ab1625cc7c2ec611bac8ea4283569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6606f3f4cff8f1d28b820d1ba29b22c2
SHA1 37dee1f335ac182ba4857dd83b81a7cde0e3ded7
SHA256 b8127790ab1d68a89dfb27dfe03ab47d086e651531fb7105bdda6de4b9df36a3
SHA512 a6f13fb237e1be3b2d588a4b23b66aacd75c8df02450ad438f9a3db65e61d57f7d818d842a1a5fe317c58f4e94d0bf39e1f35eff7a289716a422b338f448ab0f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 347d83d725d85420096a25701c6d56cf
SHA1 5b12e4f2fb89db84a0f9e3e13a384efdc62c6464
SHA256 be3bc04f12106eee372c5ec8333c41b6e92a4f562c7f4a9a03897b0a2dd3a4fa
SHA512 507157eebb72744e4c80baa3d1a89c34726c5619c4cc22f3efd57819c7cec96c5ca6d2b9e4a610a37d6e949ff2586de49accee7d6ec84f1f74fc486624ad5be9

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 00:02

Reported

2024-02-19 00:07

Platform

win10-20240214-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527747629984136" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 997e00f3c662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 6097b808c762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "415114516" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4392 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 4040 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 5012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3056 wrote to memory of 5012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5412 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5412 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5472 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5472 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5484 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5484 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5412 wrote to memory of 5496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5412 wrote to memory of 5496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5472 wrote to memory of 5504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5472 wrote to memory of 5504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5484 wrote to memory of 5540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5484 wrote to memory of 5540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3296 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3296 wrote to memory of 5572 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5572 wrote to memory of 5644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3296 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3296 wrote to memory of 5660 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3296 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3296 wrote to memory of 5680 N/A C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5680 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5680 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5680 wrote to memory of 5704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe

"C:\Users\Admin\AppData\Local\Temp\9965d08414b15b3a409f42cc10fa092a03b015fcb1a2e9f7a63711a52cc3ef38.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd0b839758,0x7ffd0b839768,0x7ffd0b839778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd0b839758,0x7ffd0b839768,0x7ffd0b839778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd0b839758,0x7ffd0b839768,0x7ffd0b839778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.0.264580120\840136681" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {037dae5a-f975-455c-b0fd-e011396ed60d} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 1800 2d8d8fd7558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.1.1526320644\515981612" -parentBuildID 20221007134813 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5159178e-7b20-47e1-972b-ab7a93127905} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 2284 2d8d8efc258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1836,i,10887212779017845932,18013818594786261180,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1836,i,10887212779017845932,18013818594786261180,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.2.1535154230\503780131" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 3008 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9f75ce3-b14b-4c69-88b4-5e9683ce9d9a} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 2984 2d8d8f62458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3804 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,4108321877471067486,6942883032423280658,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1844,i,4108321877471067486,6942883032423280658,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4728 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.3.1862411599\2146629448" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db6e793e-2772-49a1-b9f7-ee9ac9e8a9d6} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 3416 2d8dd4aaf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.5.446851421\889844292" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45e6e721-b526-430e-aff8-94799939661a} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 3748 2d8dd4a9458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.4.1793686631\796897978" -childID 3 -isForBrowser -prefsHandle 3552 -prefMapHandle 3556 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dfff601-e5d0-461e-890f-8f5c54e44406} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 3636 2d8dd4a8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.6.1678518720\1465668350" -childID 5 -isForBrowser -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b05b002-e93a-4280-9287-0b674f5fd687} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 4604 2d8de7e1b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.8.1905973802\1375202249" -childID 7 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {717dd0f4-aa60-4755-9345-0752a33b1620} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 5368 2d8dfcf1158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.7.1731156590\956649241" -childID 6 -isForBrowser -prefsHandle 5248 -prefMapHandle 5256 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4312ad4e-99e7-4082-ac44-75120b3cf70e} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 5336 2d8e043e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.9.1384103464\1392765327" -childID 8 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5be92745-d968-47d6-b456-2f05a2ecb8fb} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 5644 2d8dfcf2658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.10.2057891220\1956865312" -childID 9 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfeecf40-418b-4396-984e-6b727d6d471d} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 6036 2d8e092c258 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.11.564309737\2095943231" -parentBuildID 20221007134813 -prefsHandle 2840 -prefMapHandle 3000 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0837e3-6461-482e-be91-40f435bef762} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 3952 2d8da87f858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.12.722629581\1934235002" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3696 -prefMapHandle 3668 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3e22aa2-57e5-4cde-bd2d-62ce8e50f389} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 6152 2d8db3b8e58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5660.13.1840901248\531932213" -childID 10 -isForBrowser -prefsHandle 6416 -prefMapHandle 6420 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dee70e3-0ccf-4760-9c40-8dd72136777d} 5660 "\\.\pipe\gecko-crash-server-pipe.5660" 6428 2d8dfcf2058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=2036,i,3342603821773509728,12234697128781281031,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 72.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 201.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
N/A 127.0.0.1:51070 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 172.217.169.54:443 i.ytimg.com udp
N/A 127.0.0.1:51079 tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6z.googlevideo.com udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6n6z.googlevideo.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3.sn-q4fl6n6z.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6z.googlevideo.com udp
US 8.8.8.8:53 200.24.194.173.in-addr.arpa udp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 173.194.24.200:443 rr3---sn-q4fl6n6z.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.133:443 www.bing.com tcp
GB 92.123.128.133:443 www.bing.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp

Files

memory/2816-0-0x0000022D9B020000-0x0000022D9B030000-memory.dmp

memory/2816-16-0x0000022D9B900000-0x0000022D9B910000-memory.dmp

memory/2816-35-0x0000022D9B3F0000-0x0000022D9B3F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 72959b1d6847760fd9b25285e74bbcad
SHA1 ad4010bfe531606e16cfd14ed99525333795b3c0
SHA256 25417737638de41bd1251d808c9d344ada7493843364cb11cb58b33fafa18091
SHA512 d5736ad6de4a66e26201426dfd41aea193ff4b5e0600a13c82bb2619e6a3f7440fb8185ef85b6eaa7e4b680b9407b4e7b98f29b77b1e9447636510748350c009

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7aa4fc16f1e76ed3264ce889633799a5
SHA1 927767c7c5ceefa907a584d9d6b90e62adf26c35
SHA256 1269fb40ee4be1fda2d94114fe8392fdf3bd7e4ead084786305921450badc8f1
SHA512 01314124c0a62b3f4c80c369f8bfd7abcf3906b43704ef27acc10f351db00e699eb8773b5ace764a2ad0e265c9aeb8774b8436d26fdea398116fe06761d552fc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 50490213b2f32bf426f3f6ed6032e7ca
SHA1 a3fbde2fb348cb73239e0de3f0ed01e7676075d2
SHA256 969fe01f22025d86b00e362205dfd7691169991e423b543d24a5b7fa6f004b01
SHA512 f9a571a970432cd96b97a6388dcbd610d2a4dfb2fb21d4d2a0227e5c9614fe5a608024c7e6233b547a4ec97dc728281fed473f06e565d4ba3a69abbf637ddd7e

memory/4480-111-0x000002496B360000-0x000002496B380000-memory.dmp

memory/4480-133-0x000002496ABD0000-0x000002496ABF0000-memory.dmp

memory/928-168-0x000001F1347E0000-0x000001F134800000-memory.dmp

memory/928-172-0x000001F135020000-0x000001F135022000-memory.dmp

memory/928-174-0x000001F135040000-0x000001F135042000-memory.dmp

memory/928-176-0x000001F135050000-0x000001F135052000-memory.dmp

memory/928-180-0x000001F135070000-0x000001F135072000-memory.dmp

memory/928-186-0x000001F1350C0000-0x000001F1350C2000-memory.dmp

memory/928-188-0x000001F1350E0000-0x000001F1350E2000-memory.dmp

memory/928-190-0x000001F1354A0000-0x000001F1354A2000-memory.dmp

memory/928-192-0x000001F1354C0000-0x000001F1354C2000-memory.dmp

memory/928-196-0x000001F135600000-0x000001F135602000-memory.dmp

memory/4040-252-0x0000019052900000-0x0000019052A00000-memory.dmp

memory/4392-253-0x000001FA2A7D0000-0x000001FA2A7F0000-memory.dmp

memory/4040-256-0x0000019052AE0000-0x0000019052BE0000-memory.dmp

memory/928-268-0x000001F1365C0000-0x000001F1366C0000-memory.dmp

memory/928-276-0x000001F135620000-0x000001F135720000-memory.dmp

memory/4040-306-0x0000019052AE0000-0x0000019052BE0000-memory.dmp

memory/4392-422-0x000001FB2B5C0000-0x000001FB2B5C2000-memory.dmp

memory/928-439-0x000001F1394E0000-0x000001F139500000-memory.dmp

memory/928-441-0x000001F139D40000-0x000001F139D60000-memory.dmp

memory/4392-444-0x000001FB2B5F0000-0x000001FB2B5F2000-memory.dmp

memory/928-442-0x000001F139D60000-0x000001F139D80000-memory.dmp

memory/4392-435-0x000001FA2A890000-0x000001FA2A892000-memory.dmp

memory/4392-449-0x000001FB2BCC0000-0x000001FB2BCC2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 7d7b7cc93be79e50101f2871a61727ab
SHA1 8ab93b94db7b6dfb824cbac5b025ec1a748bbf2d
SHA256 718b5783d87ade4df70d8216b116ed0a56da5fa952072327dc693990f5905bca
SHA512 f21c8f847de8a05d5952b452f84dd369c14da991c1fe250dc4afb294e6c29536066358044dd6192af4478319a506e37c65ff1725679b3662ad85466ee8144948

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a307c4d10deef58f68f1bf9c62c0af5a
SHA1 237334e2678c6b160ec527faf24043383d301ebb
SHA256 29b2abda311bcae1c8b6adafffd75284bd06dd44195420cf9540804f62923a24
SHA512 172d197a72f0d4e4ca371d7125dda2918cb9d3a743919b31527300afa7a272092074bd023c5319ab994221e44f1f47f477efdbdbc467e5e53065f984206e7b95

memory/4392-526-0x000001FA2A590000-0x000001FA2A690000-memory.dmp

memory/4040-532-0x0000019052100000-0x0000019052120000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\74GQBLXK\accounts.google[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 253df5f0fa9d316bc984fe64498f7dd4
SHA1 74e1a85025594292ae781bcfda81e3a6c4427c66
SHA256 3e04851f5d5428ba5e30682e0b6385d210ef30cb0023003131fb63544659e5ad
SHA512 f535aa0d4b43e6434941482566b0a17eb1a5bbfbe3856627b1380470a6fcf78871ef82ed782c26b3455479f6153db9cd2fdbb8396e6af0299a83f6d2a796a25b

memory/928-624-0x000001F137180000-0x000001F137280000-memory.dmp

memory/928-648-0x000001F1237F0000-0x000001F123800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M32SEJ06\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 f99073a902798fd84be760a58f75d1be
SHA1 5f92eb22da33b1decee029e4cfaf7dfa4281ea82
SHA256 29e58232891f79fbf64ed8b563b7b73ac17de110c3a5dff5a0beb4723acba8f8
SHA512 f03eae5f18ac86807ff7a2ba6214eefef050e827f35a6d5f09057d56ca1693e5b84b121d26e9e841f267ae108289ba889297403e1e523ecacf20f93c95d6fb62

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ULUR8W39\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\sjr3w1h\imagestore.dat

MD5 e482ba657984fd1ac6ae656aec40fa74
SHA1 a54c3ab6c1def9e59ccaadb17abe28028f4641e0
SHA256 2a0828014a8e097b55d569a21e97c39021f932cc85ebe5fffef7e42baa345524
SHA512 34abcc31bb640e2b8cc1abf17f399d92ad212414e81dea7121bfbdd15539b3f9ef8f68351aa2e249bb7551e3c41114243c53463abd54d16244cc060296d0175c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G0BANT93\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXNK040U\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXNK040U\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\333JXU7Q\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\333JXU7Q\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\33TRR9P4\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\33TRR9P4\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXNK040U\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\333JXU7Q\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\33TRR9P4\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\333JXU7Q\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXNK040U\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXNK040U\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4b11f7dc446e3661eb9b58bba44ca5e6
SHA1 3d53554a3ca71b98e24591094c22bd85535d13a3
SHA256 5d0115a1d1b3f14794d198b2c6c4934c90720f98f8d73ac304aeffc347738441
SHA512 003ed225f6bc32859fa8babbdef39a8903b8e0692ebaf4db40cf60001d7ad4975cc07c90662a8923750d16ab5dc004a97d42f58982f9728dd46cc24e04e3e3a5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 ec2f01d9aca3196e5c73994be11d0003
SHA1 13dd2d06e6ef8965101c855c8017dbc9b6ec5e3d
SHA256 c30def0e854f389216f15ad27a62968d269994053067e2327f721f37b026a618
SHA512 db13f3492435fc295f7ada0c852711b6849a598f337720f1ae32c56b34e861079eb402185ed2f5edb0025213f6021e813def55b22e7fb6ad5a2e7e09302222ea

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6A5QS8X1\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6A5QS8X1\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2e72627e1b89d6c01130a4b317dd85b0
SHA1 240fa07775543ff9534bcf7ff03191c4365cedf2
SHA256 00949c5290c9d6ade7c60a66f14a42e9848851248a737e1457b9ce295b5ba6de
SHA512 66f6b6bfc17b295848a8ef9104f1653fe79b4ac70132aa1f9b3ec9d677f582672f2ffe08aa293eaecdafd2657d19efa27e89a549234eb046db4f9ad5446ee090

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_5484_GLTFCPKEJRAXVIZR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aeb9a38b355c5467613d48e220c4dab9
SHA1 b0d861cb8335013a3f9b74d9ec98f5d5385d256d
SHA256 c573a8890259df25f68be3eabd49a8dec3f64bf349c3693d43f497750a307430
SHA512 d3731a62b239ac378cb3b2ffa8b7301a329124aa7e194459fac23a587fb0f0ccdf5ed521f75b5a3ee0c57e792ec0079a533c468a442b65b6354a1e6c77a5d2f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f2714ec18256e853e8d876d5bb9f5da4
SHA1 6338ec70a3fca803599e90be3d25256bba2d3ab6
SHA256 2b2d09bc8e8454524e3625f95e7b1f752d3a3035839856f35939b907fb45d1d0
SHA512 74b7197a1753e5c01b8f8ab191ed533ddaa285b0c8cf9828db38bbc3237d60048e44722781b6189b7e29f8dcb88bc8ae73a9b00eebe04dd2a15b07623c6e708f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 403bcd4b6666ceca2f03e7df5c72b6f8
SHA1 18425a3f94a7ee4ce9b6c7da356a56d2084a3f1e
SHA256 3d2dfb87380eed8b4f9369cdd6ab2a49e547986b5a05f765770b3687425a7094
SHA512 1e4011ba968a65c46c09989d474dffe8909c81e7cc628af5b272ed7538710cac594aed88160f15208d3f1bf985477e341cb698794320b03fe3fa2af77cba6ee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 75389e1fc505803d0bdcda09250f280a
SHA1 fa0e30c8a279573af8404902ed0932d8b6450d7c
SHA256 ac4db6ddb48fd91cb050ad996000be4f5ae0d073257df2d8d888e36a1896665c
SHA512 143cfd496860edbaa516761218ce5f58b2c662649981c0365624affeb7db89ab7de0c4168485a76f55522cd5e20b42bb8a98cafb7cc9e18a98468df10790384b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ea60.TMP

MD5 c485d98e61e3a763cecf2a4197bfb995
SHA1 2f6703e65a2d2ceb75e0e3ad78aff8b0127668da
SHA256 45c2b2745d6e8f53a6132c1e01015185e31105c9ab7d79c7fecef8f77ff36798
SHA512 c8a10e9d0b1efcfc6cab720aac6316dbe2d7ffb5496755878039e85323a04ec03ca1c33fc42b1614bf849a56259768b5c91fd4bb0e9fa1115a08c23115e15f90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5472_2135592916\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\db\data.safe.bin

MD5 05d8f102d274ced7de261bcd90ae9ea7
SHA1 f5578c72b0f927b465352251e17b488e17cf17cc
SHA256 3a32d19405d0da2f215820549e67af9b5ae37a50e1667a2bcb336044c571010d
SHA512 b6328d34b69af7f9584fe4adf302c60cf73ab83eec0baca432e9b21a9bd6f9047237ab7a74a084a9a766db6e357040d312d20edaf57b51078bde03de59ce3ab0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\datareporting\glean\pending_pings\c3e7f8b1-2eae-46af-b006-d88f57d15a18

MD5 e1e80765cb63a0a91f0a53c5f0a85426
SHA1 d1e01aec80a66bfdfbf3439c240579497c7d9121
SHA256 f424ee3bc68a8d5dbfeac00b3636af3b3398fa86ee299befc1b8ef5544bc5833
SHA512 c9f964362581268be8b83b68d8b85f9ad02c8d2d9da006beade2e07e2b8cd37a897d83e64aad1913802b11ec509d55cc966bc563a600436d669322e2485f5926

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs.js

MD5 daee4a1bb732c7d729a81fd956a186cc
SHA1 1038263651b182afd71aedaabb81f11b96ef4add
SHA256 76d41dced5ab51eaf7aae74a195eabf93ca13f8fbf996a3b7766ac41a10560ca
SHA512 2b421f0fc7025b1e2b2022faf9200c3b88d7672a34922834434714550620da96f89af39a5006037e193932dda311b7bf652fcce9239e657e4f000159c0000459

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1615e83b7f0144f0968e99a479e8c349
SHA1 314cd7368d02ee1daa47ac89cacddb7e97b15e3c
SHA256 e32412d4da764df2fd875e6fa8e98d4b0c8754ed52ad162ebb6ae7bcc865bf03
SHA512 dd1bca79b95e9388ebb5cf6caaa819a69fadd66ff7e0755ced98b145c9e3b850377a25ae9ad32a61f5d6663ba00a840c9bc19607f0d7da2a355b1c099f6df138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c0d3debbfa08f2215bd5cdfd43a51a7
SHA1 8e0c39064d6382a0182ee5ec76c1b6fa963d21be
SHA256 43275a025706227a9b687dff6afce1d7d6c4c751b4e00189427a7303a7da3ace
SHA512 9806d1817d1138851d750fda2a8ec5fd3dc112587fd3fa7feb3fcf23626a2f47688b5ffce4ed8aa3145a1a7cbc9436086b3edf945df2a3bfda7da7e6437ac639

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1898fa0e106ef6e19153e5a0b774dac
SHA1 b4684bee86a1114c370147e578e921dd134685b3
SHA256 8e8096178301698a914c37388423da9e92ee3e448efade07a0a02b8b90c4b8d3
SHA512 ca436309a3c94fe23f7bcf92612107b6aa0ab50ac54a90220ab5efa97bf6f64f5ad909ba83f6ae102b134a3bc46807b0e32ae59f923e43a9d6020478db35cdc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5VM7C5G7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0695c37668319d9def11c5fbe3fc403d
SHA1 fcbe272b2a8f6d68c11d5fb6da5dc84adfc6d108
SHA256 d38bed086db0e6c969cc0aee99d8cb8793e64f9dc18bab1df55410cba388cf0e
SHA512 5751ef01e9ef07e032be569bd90f61eb92b9deeef87b783b0f95bc38cac6bac703deaa317928d9b7375f848ed4e9e763e446a9a8e3745176abfb1f515ac2b224

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\cache\morgue\138\{f1a92e42-34af-4261-9be0-cbca1097678a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\idb\3681744724yCt7-%iCt7-%r5e7s2p6o.sqlite

MD5 867dcc9dfc9dcf746ab21a8d34f44160
SHA1 f0512ec1aae6b3f60d5df8cf5f3ff4fa49ac6086
SHA256 b47a79b3ffb54fe8921750d0768384b46e38f894901aa1cba28f5f03c3e59f1b
SHA512 3b04fd5fb5562dbb913afa562dad8dff5bf3e8bf53dd94f0bad0118da9d417b7435ae5c77c247cdef2318e97aba174cb50d1a0f731019da15e4a0073caa1c67d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\26ddf3bf-3fc9-42aa-a270-e4db4a80da89.tmp

MD5 8b42c712051503981fce9f067e008124
SHA1 5d3193b62adcc95edc1dd311654f5304d80b5602
SHA256 8988a5f2f47296be1c6c944ddbd085786184dbb8575c2325cf8ca0e284aa379f
SHA512 fa9870839a898549a25a7fb7a295b4aa3563b78234e9afa7a7ee21356b9922e4899fa6b50a7270081ffb0f9df2bbdbaeed40ec1819fa9c240b605e293b8f7742

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a7114757cb1ca23bbd1c9b9f24340ac9
SHA1 f3784a4005253688b135c3e58133661f722130e3
SHA256 377ea6f62c40b5c08d53d74e6719ae4bcb5b808545b7566c3cfbe765fd59d861
SHA512 2007a8a57317b1af3f9df08064bd8ebc76e5fabea357ae2444f2271f000fb8f83d006ddcd6b76e5e5198206a88fc6794d1889aa75819e2346482f3783d5e0209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58391c.TMP

MD5 3f5826fbf1a23c5b5c950bd69d0dc0d9
SHA1 d91c684765264e05e4d2c575e0ac53d2050935b6
SHA256 1024d325c85ababc6f0e1afda2dccc35ac10b3354bf451fcf6a06e9c98360d26
SHA512 d59800704640459ab969797f48b791673175627d4060c55b5482104da4a86599a189ca8050d83e565c0f2b9fda02e9f562d5e26f3349e61bb28b7ccf2d3e7609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f75793b26c74c7811ab7f91b940edfdb
SHA1 5af3f48ebfee4450171a4f5a70b629543e87f18e
SHA256 f3844b4ce78d496e4366cecba49f0a80a8834235f8a38a7e56b4c87511a14c24
SHA512 f17ab2e6b5c51cf4490b64ac55ce21d7d15b5548604daee4f01f1764f285b1644055308a3889a8a80e2eb81b23a0535d70876e3bddd71bcc70fd6d7654492520

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2d7eefb0-075c-4af2-bbff-18bd29806ed0\index-dir\the-real-index~RFe583e8b.TMP

MD5 d800b6b70900d348f2177da69dd5acb1
SHA1 4a710e47fd2689a47f22cafa51cbea8127a25e83
SHA256 11cf54e6b98ba6a2976072fafacbd5d939942c22b4e94e5b5e00af082da39c9e
SHA512 eba06e1c66d2c8d6adb5d8420d9fba0ba165243ab1742996c4f4057179d02e0eb575e4ba404ea6bfc4cbb58b2eac098c350166fbdb39ae808026696d131f51d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2d7eefb0-075c-4af2-bbff-18bd29806ed0\index-dir\the-real-index

MD5 51c15d4e65cbf05c27dd072863d0c534
SHA1 9cf80a87eefcd6ad1f488fdf54babb5830f4696f
SHA256 72170dac7cd88289a9e21a773ed0f7c2226ad593b90c2412e60891fe24e1023e
SHA512 36ba51dd053cdd460b7af9d18892b379326b63b4df5dab15fb0219fa060c80a0a28c1917c9744b0d7504e3f700d7e389ee4af0593ffd598f8b072bb1721a77cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 692d856a4aa7d45efaad9f41314fafed
SHA1 55c9b33dc787060b334fefb9401fccece5d206f8
SHA256 93606fe685b2e04fb2bd1de0f8e7e26cb0e7a489539b7d1a5699f45919ce850e
SHA512 e0c848603280b0b9f769bd341b566eea7f18cc43216b94c33088574c038856a1be948d62717dff9efcfd53d3db46a2490e28e3fc8fc8be42875b0637b8e50de4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\cache\morgue\219\{550bb4cf-91b2-4410-8a57-756e973ecfdb}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\storage\default\https+++www.youtube.com\cache\morgue\52\{f8418a34-b16b-43e7-98bf-172e182e3f34}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 94a4af22ba543d84e8201b573b04780c
SHA1 cab4684881deb65a38f0d15edec865bfb02900a6
SHA256 4f4076349d943aaedaef09d287994991f7d768cc5f7c677f5de624033d81dc93
SHA512 788154f7d81444bfff939a3902e3b86f344b6afa5ec1f3d0f4441becbc28ae49a63300c80cc7d819fbb390495cef0b2141efbf8e9a2ad1e4d104dcc07cfe1a52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 92276fd8909ba8382ca770a8a9e28f1b
SHA1 5df6847c2f811b73e99346df17d5812cad9a2e91
SHA256 5641f10b51eaac88baba3e18046d43cab111a9fa32302019f54b8fa4fee1bdcf
SHA512 a5267b915e4424148a7eb500f03038400d03cb2301e9875d5dda80d9455b49520c3d1f7027d24c2849f14d29a79358b0c2da679444f4c81fed1835c51daa9a8f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9ef0fe9c59c7693c0c38906ecba41ca6
SHA1 f1fd0ce111fd5694faf812c4576142f77a3eb30a
SHA256 8ebbbd78f8d641bb521bd14ef8bf608603ae2038ae0036c81b45d5ff1ee05db6
SHA512 c5c54825d22c5418745574f040ea0cb25bc87c6d61c779d6d497584668f3f6ef7b7d2342a806021a14d4aaa5efc098181db909852b54e39b820d36a7f7702460

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PY5RQW3D\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\prefs-1.js

MD5 0f35fd71392f7adad66c045cbce8f880
SHA1 4c2da6fb1dbfbcac8ad058d6c33d9a5a8fc3dc11
SHA256 f82383fbe202bad3084ecce2cc25a7a4723953ec1da07f1cf287b6902cf8fa19
SHA512 0d09bc06ecd442749e3e497f63a827034090a12bc2f57145a4dc0a8337a7a1617c488a63d4cb8fffb637fef9258ab8a5635878179947be81a4ef23babb85d1e1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 85ac1555e4a270c85a5cb2e0e1c99cae
SHA1 5fa87cf6e7a2333d2e3fe1de406695bb58e5e9b5
SHA256 2d043c1042b0ce3da7a4c2eae51a52ad75fa0c231e67e1e205694da73305b01e
SHA512 b9e70270559d53ae117a4bd02544da4f2d7079e0ce3ee6960835ea0ecea595d8df3d06092dc2c9bb01f2e6cf0f8d45c4233c5840dc889be515530c1487c57410

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r2ik7u9z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e0f79f41d33de2a5a82099d60dd476ab
SHA1 b3498c98a9dfa6f18219724c6c2213a2f5935a77
SHA256 6b70039d35b43b71bddde8f6a1bffc33341d76b243b42fb31e51585d5d8a5c18
SHA512 553767abb5763ac27dc54c15e66dace58f173ad1f0b8ee022744a5f8b4673537afceb0793586d0d0e872746cd856b00b5d4b9394b0004d4406b56e93ad8a5797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d2b29fdad5c9000ec9d7e1af881613ad
SHA1 542fbe05f80e198dd49847f4828164af06a4eab8
SHA256 a8d088be8727dd159b5d7640e961234222a198e7160356d54aa94e2a5399e629
SHA512 97358531869324c2e5d79f8f089d8d374d7b18f76be5a342fbfe188f125da49beb1301c17ea733eecb5729e322c4b6cfef3b035526900f68d4663ff16db2487c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 745c93caa5d91019c15e2ca7769db81b
SHA1 55a75eb9e52968340423861d844cea59dc348cae
SHA256 d705374f3ba2a5173a0fa667c98bae3204bd8d01434d086f4328457e83b3ab70
SHA512 d5d5bc1214fa221af9464d120f660f49e16e993d17783517814f26268ff2835d626cf4643cf3e74623f066f8968638a51fc4acf7f8c9d1b6eded79b6f6db8db4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87171e2ddecfbd434799247a63f19701
SHA1 84cc65d0a018fef18fd3f3f8b543ce5a2151cf80
SHA256 22e3d415e85694667b1c64e89417b151396a4ce02da720bf90665505bb01c100
SHA512 0d9e5d2615e6e31462139ed1c944adfa123a107ec51f883e45ec22318f2f1bb81822b682903915a2555c4b5bfec441a2f0c8b1085af46c6eb9535e1d55e3668e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 08d10586876b05b6ae8b2271aea1487c
SHA1 2c25d27197fe99d449a8b3d7a6c3a13feb656dab
SHA256 0d35f9fc037a2c772bfe3ad27e1e0d8284372c55490a49722dab3e96726bdc12
SHA512 6ad5ba07197e3f82ea13434b70ce6a95af3f1f6ec718e73de13550a10b426208d6e3069bf0717a8645680cf86563b84c914575dbbb5517e57a2d77aced0134eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f01196a39a9f11f10c6a3ebe3b61b933
SHA1 bf73a5f464d587932ff08ba309fb2607c51b871e
SHA256 3c7802970e3a84f9723cde14dadf77bbab689eb03179e602c2b3ef3a73ee1783
SHA512 858bc6aa47e071bf3b5113a0be9af669a5e8803bcc5c8521a1f9dacb8376513c34870f1d856f4ecf4e0018477ed9123d6f5d006ef09b2d835907408fc25e7c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 81ba4ccc2256f364328978398b5fc01c
SHA1 109ed314cd09a910f21da9bd1f10c3d8f6665f49
SHA256 ea39ad25a4119ad19840093051fdd06032ef8fcaa17d6c972b64d8c18ccdc0c5
SHA512 6882c343682865d23428ade7a77047b6855a1f3a10187d4c785c6f71258e20adea22e3938acc46099ecb8e74f4d83bce5fbb115bed4962993555f7a7010facf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5d74d8f0c62b286b3dc983a5dac3d4b2
SHA1 f20d302b1ab37259d232e76f42b51c382bd0e8f5
SHA256 ba1d97b8b879eac133ac513826cf3750cfd5766452e6f89ac47b7078ffcb2e7d
SHA512 5bdb80bc142a641ca3d7e5d14afcc2cc71e4dd3279c8ce22bdb31b528b5a33bb737cd835db59674b0cd009d7c737ff2aab89a2f3c4b70f8e61254483c85c3a3d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b2ee14413b4733b8115c6c7d369c6410
SHA1 0266c129c0ac80dac7cb90989901cf9a9fe9f228
SHA256 c9cf9d6a911eb308be4383df3f8b08d3f4f373a9b20837c1e19b2f5ac818961f
SHA512 1558ca8c520b660cbb9cc05a0a973ba3a00b51feca0148e0d6aad8b2df83c08752f466b4ddf10e5a5725649acb0e28da86afd97ed7692bb7681647ded2e3be64