Malware Analysis Report

2024-11-16 15:46

Sample ID 240219-abtejsgb85
Target 9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22
SHA256 9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22

Threat Level: Known bad

The file 9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 00:02

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 00:02

Reported

2024-02-19 00:07

Platform

win7-20231215-en

Max time kernel

128s

Max time network

280s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414462832" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c003450ac762da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000019854fe810cf74a84e44b555160cdb4fd7216b50b6ca16344dd9e3bdf5799cd4000000000e8000000002000020000000fd2cebff2ae67b5e11a36d09ed70d6f0c10c682956b1af9fd46c59e8fb575a0a900000006583fca4b3dc97186cafd3e763e47417c4bd1c3302b30bc014b40c29c056e6a78f11a43eafac390676791488676d0cac4b36ed9fdea7085878907f8030d4f6036c28843a4c63725d8afc9812273a135452887d70a264787a69b8b346cd4c6e71e5c19c1adb7c9d94fb5b8332c6d32ba1ddcd39eb482e7380c2d09911c5eac442c72ce048171eb202f3339aa069cbfd79400000005ff21ee5ee1eb55305421eecb1c70412e98a92384b38c37ce62ae3641d634a25cc88cc2ee554547aa02c226773a5e0e57242fc7d8d514966e6588e9759aaef9b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3476D511-CEBA-11EE-8E99-56B3956C75C7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2420 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2420 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2616 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2616 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2616 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2616 wrote to memory of 1520 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2708 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2344 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2344 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2344 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2344 wrote to memory of 2516 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2564 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2420 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1964 wrote to memory of 2464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1964 wrote to memory of 2464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1964 wrote to memory of 2464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2620 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2620 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2620 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2420 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2420 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1588 wrote to memory of 268 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe

"C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6539758,0x7fef6539768,0x7fef6539778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6539758,0x7fef6539768,0x7fef6539778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6539758,0x7fef6539768,0x7fef6539778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.0.638662016\1527804689" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ada8324-3f3a-44aa-92e9-12809f96ebf8} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1296 117eb158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.1.1518196782\1997336265" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02b45415-880e-422e-a4c7-9ffc67e96747} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1492 1170c958 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1296,i,8028250116660118000,17397033983760134563,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1336 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1296,i,8028250116660118000,17397033983760134563,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1344,i,6913705187950104235,2112854367750539950,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1344,i,6913705187950104235,2112854367750539950,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2612 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.2.1498383947\707771973" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 1936 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7744e7-7e06-493a-be9a-205ab53ac1d2} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1912 19dd4f58 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2648 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.3.693757696\456166116" -childID 2 -isForBrowser -prefsHandle 2592 -prefMapHandle 2576 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcd700c-93e1-4820-bfae-2d013a46146c} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 2604 e62258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3420 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3424 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3744 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.4.1848943390\1750688207" -childID 3 -isForBrowser -prefsHandle 3616 -prefMapHandle 1108 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97d6168f-4f37-4234-a09c-760ab3d0cc84} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3756 1f321e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.6.1683332823\1980534082" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9391116-3eb7-4f7c-9968-2e1b900f4be9} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4016 1f322458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.5.354262481\2071097201" -childID 4 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff7bf47-1059-4b64-9a74-86f066717fad} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3852 1f322758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2264 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.7.21343502\394952548" -childID 6 -isForBrowser -prefsHandle 3900 -prefMapHandle 3920 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db229c0e-0fe6-44c6-8787-8d9a0c9901e9} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4272 1ea98858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.8.1130466704\98421604" -childID 7 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff9d111e-817b-46b4-bb16-fc7dfecdd9a6} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4288 1ea99158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.9.847123651\264474548" -parentBuildID 20221007134813 -prefsHandle 4664 -prefMapHandle 4648 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c94fad2c-27ce-4f1c-b1ff-99e2a4370162} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4676 1ead7a58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.10.346217597\2059206423" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28573fae-a221-49dc-8f99-6068348dca16} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4804 1f1bd058 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.11.320909150\1893377011" -childID 8 -isForBrowser -prefsHandle 5080 -prefMapHandle 4496 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54acd6ec-6013-4b84-ac70-b8360a481b31} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5076 2278a858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x498

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1220,i,8434177316629643646,5777472337515999670,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:50127 tcp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 rr2---sn-q4fzen7l.googlevideo.com udp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 173.194.140.7:443 rr2---sn-q4fzen7l.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
N/A 127.0.0.1:50151 tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 172.217.169.35:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp

Files

memory/2420-0-0x0000000000300000-0x0000000000301000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3476D511-CEBA-11EE-8E99-56B3956C75C7}.dat

MD5 e751a5999d8d29fa48a07554777d3ccb
SHA1 9ecdb13c2fb59b265d9c492aa55e6732ad1e67cd
SHA256 914ecbe70be92ca93983a5b55f429c8fa210019348d592583047d9634aa75fed
SHA512 134d3e2821056bce7aee3d1f097f9b9adb11baa749573322c4865d2bb765608c41ae4972a5ab5c7e2b230b762613b49457459e59f6af8ebc59a86b0f46511811

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34744CA1-CEBA-11EE-8E99-56B3956C75C7}.dat

MD5 d2a3ee6f32bcdf78eb4ced756935f340
SHA1 c1a5fe054a771926acd8b36aab794d6e42f3a0fe
SHA256 c312437306bb696df90d507c392c92daa216ab57b0893af5164d6215584c8e1a
SHA512 a69064b59a59148adc6f8d7da27d8f528f85e1c58e4c8621cdb5b58386cee5b2dcbe520ed4227c5d956ec14099c3a8ea58313f0fe070602e4ca152e3c2c3d267

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3476AE01-CEBA-11EE-8E99-56B3956C75C7}.dat

MD5 11d06fee1ec501317201b102e6c249b0
SHA1 8e95344d84d59174081a33c2a097a42a5a6cd97f
SHA256 998dc8d52fe2193b6c5422cfbec81fff85abe8e5b9b5bea58aa388faccf6f779
SHA512 d0e2ecc0fa434d18d30e2cfebb613b8fba874841c838ef024c3158157b114750b65cf3c42d0151f55fb2ac7aa72652ad6d3176eb3e4c415487a39a9461f21cce

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{347473B1-CEBA-11EE-8E99-56B3956C75C7}.dat

MD5 3abaf9371ea10b8c82443dad9cf26b7a
SHA1 ac2323e95226b72779129cfc390249b4a65a3e09
SHA256 d0b3eea36161a9f84de1cf7018011222762ef4a5c2db2196bdea1042ff309da0
SHA512 1b982de0ac62dafaf06459256f552b2dad8421f2df2eac0933979ba15612b75c8a6409f6c2f2d04a3b68cee4c897fcece24111c7dc00e23f0b8a16826f6afccd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ea6a392072559b951c4a4009344b6ca
SHA1 1a1a7cfd70779302cf8e7d40605cd21cd076fd35
SHA256 3cb562206623cd0e2aa98fa55fdb7b7a0465c89c39fcdf1937e33138ea074bb9
SHA512 2857e2b098df78f0e4a7d31afcd60144a513b5b625326a2583b76026911d546dfb9faa3458a02797ab3de9581e30f0f4a25634316ce16acaed1f188b37631823

C:\Users\Admin\AppData\Local\Temp\Cab1842.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1845.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 048acf312299393cf89ba735765b0d06
SHA1 f0c21530e1f6c6e6c2049939338d7a3724837c40
SHA256 afa0b5361e857e068f05ab331b98e47363da139030dd0c4393ba853f37165ab7
SHA512 0a1991331cbfb1ad64cf86bce6374750d32e8cf95da37b3535b809c4dc9e61ed19f897505b0346da4116f4e31e10642e361d7acb6a9bb05fb2e85bb5cdd9fa45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4e95ba3ca13b6e8f57b6ce4be1466efe
SHA1 e567e96a303d263f4f3542a2ff034a75140f3668
SHA256 74ba42248abe9d0fc54df59fbdca265b1ed620905571b5ca477eaaf35448224e
SHA512 2d7c9c384afbd8f4c2c5571afc43659f8c192d05955d7340d22b381618708a60210fee11dc31da766142e6596e5de24b51dfbbadbbbfc6a084fdf47ac632a8fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 995a70c6346de9def11ab467e0a0e2a7
SHA1 4e898dc0bf172198ce1832ff7a20eb52aa16e6bc
SHA256 881499e8ef8c64298411bbed63361aa30f809407a48de278c0bef297d27b3b4f
SHA512 33e68cb76dfbde5c34aebcba70c6678dedaf3068cabfb7ec3eb5421adb587559b7acea96424a80d90aac9964530335abf7d924cb7fbbbd0e8f5e78e3318e847a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4af5ce3d32e3126a0d199dc7880526e0
SHA1 32f6a1fdb378a0e2f64ea59b0a78638be74b8e98
SHA256 d52383908d22a11a5c4cd355e4d7cb6aa19fcf961d1b9d702783cd3ec935b010
SHA512 294736a801dfedd18139abb0a6a7a832acf8dd59c43dd0d599dea7dabf9ab40f9108f7cefc74bc294113d607e792799b98d9e5cc84ede5f64dd69acbab5de0b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 8312a74142bc281831e22eaa0eb464bc
SHA1 471ccab7d1eff3b004fd1151e61a9efce9fd3840
SHA256 93f6b653eb24daa59d0a61f36acd6f63fabee4e92d028716491e64f7138bcefd
SHA512 b79764242a7424f4ba3cd143aaedd624aed21a738cc52bf4e6f90452d575e99ebaa53de73a3eafe07fed6c4e6c86c146642393210cfff3ab8077431943fd40dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 fa3fa66b38fc266a82f539bba8bf4ef5
SHA1 9b6c8c76b9890d7be6b99b4e4faf0ff29410457e
SHA256 0b0d795c6c5b1aea43c53c8dd0dea9a6f50a9b76ebd4e6790329ece1b9cb2a47
SHA512 3961fe13c0f2f6851cf6be59edda1ca57d3f161c673ae7f09db73be1acaaa27c1846e8a01943cd16aef782f14c7ce4035750e1a91211b4b2c31e037a5e7e51b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 c68c87538e5559af49cecf25c0750272
SHA1 92bf5997ab1e55cbc6dd0cc2cd8ac158cf0a8ff0
SHA256 90baee47800304ae495e2524ac0fec8faee58a8814f60f82b75fd9606c014aa1
SHA512 17aec964a7925c0f6e4fc23e73f0df796a3134fc737d6d6f6853438daebaf42725c37cfde7c04737d9d0d631e436ff7edafcb7418908e1f8e9da8c58316ed455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 b9bb01e3788204e87ffb69138c23dc91
SHA1 f3d0fcefcfe90d90ec7351384af5f4d964c422b1
SHA256 ca099686336bdb73a7a8788c1145f53600e92bdcb972514788326cc1526fc82a
SHA512 f6570fa9231d8df6577f8134a156272a3722e95656c32f01bfd9ccd16a10aa797ef4b27c58ffce0fa0d619ed5a8fa2c2dedae2f5875a5d869544eb182dde56ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 15adb81b20112ddeb523f2174176b76c
SHA1 5c12f39899d795856c611b3e8f9dda7a71b2492e
SHA256 d61b2fd08a87efa12d013d0d6da8e25c16117f77f5e1b113bd31549828e4fae3
SHA512 bc62fa827ef175fdddebac47161270511676046a841c56983b0a10988b3ad399ab36e9cf68924563ec1264a748512b064793b7c633b1425eb56f71c3acb70f0a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\G02JL8Q9\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A79XNU5A.txt

MD5 1e6d2a2dcdd1d38bcf3783c61b084c49
SHA1 ef0f8401edd02cd903605d83dc43f7a1558d5bb1
SHA256 16673946dd968a224a03c46a7904149f0a1fb83760c1506c02ddcd80cba454d4
SHA512 a7dd914a321d539768245e20c753624f17f11116a7a5d2a817ae2c75baec7dfa71620953169dc22d4d0b2e50dba9e3da98a2694d2e56b086fd9993ec3133da96

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 190e5509898f2f5c5052a64b73c1eee9
SHA1 9b333c1e55f51587be3874d97cb9a913aa9409c4
SHA256 d3e4c5731dd467ac774eda8d450c3041dd7f65a0acb808ab0d41f4289f04fd6d
SHA512 3fcc27b98c93b8126f247825e58ac62feb1dfab6d1721ea579c36e189a3b70e5c5a2a0b03ab2e25969334de7f5cd6aab57186872c719fb80097f2031d374485f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 ef6a4527453f5ae966d5ebd8208ab703
SHA1 61388d0d06d2f31c4f648a030d3794985a37eaea
SHA256 caf6e49229bf10d5365c4a7a241a50e9bf614d7810bc98e6afc5c68420cef12b
SHA512 a7901ae05017fd30e8752a572a1ed5f27ca1829f82b2d6430e6811292dd2b0b5030abee8b696ba5d632faa6f2f0bf86357360f38a7710ff14c77c9c59f5882b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 fc31eba970babcbe4fb841cd63b60f5b
SHA1 8bae9c1c2c6c9318daf0bd0f1c9c51113de39766
SHA256 2cdf06d7f75f8e10306ecac19977547ba3fd54212259ed4df6cc432a12d808a0
SHA512 519dc1cb87c2f32043293cec79d5dd010c3b09b53e3d4ce1965a3444da25aa41e1758d42f08d4122b7fb9f84cf21ac1b8f28363e5fb35b3752c07c8a9e5c2431

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64cd2abcf77e1b3a34e7a62bf1ea8dff
SHA1 9af3ad13f109199869be403f5afceaf04a7b17c8
SHA256 5cc1ad4f29c78ac4b1e1ed8d2c1fa642cc8c6a75168945ea9ed258dd44a18517
SHA512 fe85010bf0f4ab8a6e8682f80879776f82ec19403d9716e80012e01d9725779cd919ccea9bafc8bb7ec462a5f0df00ebb721b1a733dcb3776fd5d3295eabadcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4c929fe19c24424ec5282886a19f0a0
SHA1 f9f993996b461af827fb02abaa0ae69117cf2a57
SHA256 a06c1f28ccb551de7a6445f543d3080a2cdc051647568eb20a8ab1100b112c63
SHA512 b8a6430374afa9a9825c048833531bf94d515c0b81710a799b910902d409286dd321447dd428ca88990430ef3b17fbecb7c2332f9165628d7f4237633fc407e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a7dcc839b1036dfe891ffb463cf88e5
SHA1 cb7afa590e5f516c0106697fbf16b9e5f5d6fdd3
SHA256 13e0b0cb49cc5df11b998eeb0aa42be919220c5d89d7fcfa697dec2917851b7f
SHA512 86b37f8b1233204f55a07024c60c2888a97691a86778af810ca19c5206eb200b7723f8539f3f442b24ffa08a1296c77acfe6628cf9a69ca2cf0e6dd527515b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fecec3dc082d655fa68cb7fcfec36b8
SHA1 ddf5a4fde1109c930e23f72072d079da173c3810
SHA256 76e286879d39ce9f0ca88de11ce06e8f5cb3aaf2362d828915ec6b7488e6f180
SHA512 eaddb5a188d974e534f875dcb20d6747cc2e3b838c8c718a93adc9f2264f0850165720861ce2713528ad6ee83b466f44fcd9a2c85a2fb155a2fcfb618bbb41a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f31796973fc14feed09d8a82a512a8e
SHA1 3cc0f1422e813f9e1720a72f3a5aea07686c5194
SHA256 4612ced48221ab715c7afb5445e81917a0488d6325c076e44f6362b7ed625ba9
SHA512 211a434c4d1f7482e83644f2162465704d8d82528b5cffa80d53ac49b2fbce0c2a6ff622fda2a13d3b7428b5dee8b641601345d7b46c439841c17ade49353e2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d378b3dfa8f7c7775dd82dee701e9e76
SHA1 233665cb631b61e26f393da05fdb4b193fc96ccb
SHA256 26c6a74a88d1f936c98b622fe595d99231bd234662e5052c18cd6c5768cb6e85
SHA512 716559a7ce15969c868d5ff2436d85490355f0f358494ada3c4f6c335fd290eb5bd1d5be7d8c285f71f523072cea16eaf64d91be486d5fe3ac886489e05662c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d70e00bf797c4074a49e38b83a97697
SHA1 e1b04ee8331210543589291a4802e62b4a9771db
SHA256 4c7a6480393552326c39edc9380d8f746931ebe6657c8996e00e493896031535
SHA512 f5d1ce4e8e7e5c2eddf76c1fe988f75c5c48c92c802a90c572a8a5cf91718e9fa3965d7252865f6bef984803faf40ce08a3da53ce863fe91144920d0dfb1b0a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9da7e7b027709d8b66cede7cbea47a47
SHA1 a477c9a8bbdd006f57251d728082220ec5720ffd
SHA256 765b51df56b437db8c77967d74ce79bede041f360f254085ed762a864f81f532
SHA512 addd06070bcd43b4d7bb96a6fd4f89a923d56789f81afede64d8745ec823d3d3e04ee8fc2f9b83b2fa075080203aca93918c2b24f440a7052c83acdaced2a2c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 571bfd460eb63ab0aa2124da782c0852
SHA1 1ad550cc310a8b93982e3013c9bfdcc2e4ed67a7
SHA256 5bea4bf5f26a6f05a5278431044a74907281d7e47df2c0859712e0edb08c40ab
SHA512 8043e5214f9847f31db8281c1d8765d0bce74da0a43585642e6f88b85d60637b47092f365a8d4e8280ac9efbbd810cf35a935265b73aa6b03ea137c986c26b38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e04437915960a6cdbf98d6225e397a1
SHA1 a9c870aa249893f685bf2809c784b4c49197f24c
SHA256 d195403d4cbd45ac7cdc83259023f0ca5bd90c9b8704f9488104884d8fb7ab56
SHA512 fe2c55aa98c9bc60c5b0cffc2a77ddf6d80b7e6c80fb7254bf02603a2a71a8bfdda33944986f2f49be966f7fa1d3af5b7d68ac7d8df071bf7590ca66da8e4f75

memory/2420-856-0x0000000000300000-0x0000000000301000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6664877f87a0f00a2ddeff4f3c4fb482
SHA1 2b63c85ab24903e01fc46deef1329e2ca07fafd1
SHA256 c802fef97b5b8677af9c4e7c55ee296543878fd972aa3c5a0455f088adab73ff
SHA512 3ee4cfb19cd3c1739237e6fd744903ca0788f749719f924af2db0d19cbb036989d34e534387f90232dee3a22955e4d1de1d784a12e0aeeeb17902aabb60dbed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1964_YLUIEXEOWWSHQVIB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eea3e287-d826-42f2-880f-67879b38d761.tmp

MD5 05ceec5306a0e5d93fd79e184116de25
SHA1 eb242e04592b47a621bfa4f709d856c74035ef32
SHA256 e651cced14461c5bb2156e943832837ed51f10b19ed06ef55809c9914d08070c
SHA512 fe61dd678da28553bafd5bae139264fccfa5becd321c627cbc9a581d27b6938a93281086f2f40bcbbc9df6deac5fcd1eaaf51d3e63e60ebefb855fee7c6c4220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ca440ab4-39b8-47ff-a3d2-cdd983bf15e6.tmp

MD5 73befca3a01e9d6674298fbb81d27620
SHA1 039c122f0db1704131f17444d86ed9847b6366a0
SHA256 f219c30115c9c950289305b64e5334fad5e1ef130c0a79029f6551817e440503
SHA512 6e1434339e495fa0e502c43c7f9534cad149057e5927e5ebc6f000cdf934642edcec2a1fea6a40d51dba4a9cf03a3cd8be279ed56aa2fcc2de199201c29e8bb9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

MD5 d3a2ca6275e8877b80d58753d9fba4e5
SHA1 157680ec3709a53f3e71be8fb7c484315a5215fc
SHA256 c81bdb43a6796aff23a1b72e2d3dbcb1eb02747141ce516eb46511a0172ec3b6
SHA512 cbcba989a39226da4331d799e176e18bde27511391d7604a3fa763e909c3458b87d22fc8e5a10012b6a6cc5e9933ec86ae5f5155dadb7025ba5ede47c444b2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\73471942-43dc-41e7-ac7c-fff634be88ef

MD5 9301c56a23c0af66cd073e78fc81f543
SHA1 c7a4cf42b4ac7ac26092bed898dfb081852d4bc1
SHA256 53d6f72dd14bab74730fa8db922e49d14698b730ea30455711fce7e01e1d9a91
SHA512 adb0edfccd25ba6bd1caa6688df8b6b0014a71cdb0aa1b4e0ce2524af81ca720541a43082c4d6acaf428b37d9b7c9aa0840762eacbd347028b4444f6fe738bd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 0c775cdab0b027ad439761a5ddefdcc6
SHA1 99d26fdde922ccdab7dd6a01b8f35930d574f274
SHA256 fc1dc11221e57a97c4544568eeb3d4fdeceb386c8a945bd7e33bab0c375f291c
SHA512 a595bb229d1ea6d58494ad30283310b0e6da964f22404e1c9bfc89c22b79196600808cba0ac4a6988c05734a71ceaf1c6726109165dc55c1021626a445e9551f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 169cdc6dadd65b019c7315452201d3d1
SHA1 c49daf9bba00bd3b8fee4bbdae90c614f7e82a70
SHA256 ed052909511c620648323573670b168565ead916867b3476b7076befb155280d
SHA512 a0e87cbd51132d1cf2a18a2405c56d3a7811ccfc095785b20f127c50ff9a6c697c8d36ca2247c2d46f1f4122206767e3e88534a19b7a2bf6058dfca876a21a01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 9f6aa8a0886bbdfd18f5cedbcb7772da
SHA1 01ead72648a0ca4bc8f363946ebfe7a5bff7a146
SHA256 97df3fa25e4027a19d0a211dbdf44b72c96188aba7e4f9f60b5b5bc4ef05cdfa
SHA512 73c795e1021b4947972686068a778d9560231bbb104396a1ba829f4a2240aea296f540ee2f56143f56cd30e969f7d5743cde7ad60ddaa663d427c5c6c54d7162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 7717a0261901cc14d58fe60f91c5e3e5
SHA1 aaa67953ed0e6a38b5daa8fa710e97b3496ee9bf
SHA256 23576482e6cbcb98fbec01dd6c2f49173b0da050044b0ce56dfcf8f03cad0fb4
SHA512 c59f94882a437a5951a4c4a0aafe8954b9fa9c9c14b5bddfa06e4577b3064005bbe081d999cf190a94a8527cb5eb3fa8bd9be33886563ef97a5d713911f703db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 998a158e8362d0953cc2a6536515a5cf
SHA1 0c27e971748d97c5011aa582698c1d47983fbcc4
SHA256 12535439483fcfe0f3923a282097297bdac01142847fb5f5e1303e495bc73c6f
SHA512 6d2dc78cfaccd1dd46781dace53dff0975e396a67f8173978ebae58a80f439ffd2ca1f98ccabd405d6078d81b631b7f5b4f1cb4d0c9ce4d89f169fd0bba7d073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 8ab8c4789c4919b39f467740711b6e37
SHA1 3d70121e44f23ebda5f49b4b37d984aea0f9c549
SHA256 e1b9b1a995cfadda2c425eacb30964dfb5444391c77f7cf66e625bdafd08d21a
SHA512 858a69078367f237812ea05ae7e80bc637e7e32c33e1b2494cb2f8dbde381aff9c662720b0390a17c4d65a9dbe0b0eb7a727dce91c36954cd7cf0e349cde5a1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e51eda7108584002236f977eb9bd8f19
SHA1 178acf6e9a55c32a2330762c22f1d69c9980355d
SHA256 4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b
SHA512 cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 4d7acec725c573c6211b89e9ed01e90f
SHA1 6b79956e67fc0c1f0665057d8865f4b721c07b33
SHA256 89840466de5020ce6d15f83632d509cddfa2f89cc6e117b961b7f98cdc5a565d
SHA512 d97f74178e072bb87132a9e5b75f8b5e99eee214d92e435453eec2ba25f2bdfe1abc5583c2455920199885daf35a35de465b33b36eed8279a5a13a37c88d9f2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js

MD5 a29b1b0d0bd22965c1c673cc326c4ff4
SHA1 0ebbbf9e98ddae7c38bb33c315cecffcf24c9b5d
SHA256 a56ee58e0d1cfaf2bcd4a7ce4b659cfdcd5f1df83745616f375d9d3f3eca9e4b
SHA512 864fceedcf6845ac84af91d7d3fabd981f3b910057cd4652c15c65ff637448cdff99a5677f921ef7ccf24a718e4a360bbfe6806af3ef9c33aa14a77f3e7a4673

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FA6E4B522C9C404D38E1A6F1BB26EC85

MD5 458d6349d9892dfc1410cf9105ff5f7f
SHA1 c151b15bbc8b42e47fba5d9931e827fdec0cae2c
SHA256 b1f11e1e230ffed433f474c650a033ea6adf95eb2e945287ef53d5d3c8b9f948
SHA512 a87f4d0bbc2cfeedccb65f92de7298f59b4bbde6ad390e31e905f48284945d6b1b875ca854b0ae7d0ed40d820e286938fbeac83d02b17ad7427094a89786ee6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f47beca619b06e5057d5dce51a73a5ca
SHA1 021f74c4fdc46e3d419b95f878388feceb43d207
SHA256 28d0cf80d25eb020b455c703db94aee6fff58723a35f531ac38461148080fd79
SHA512 3b8632357acb9fe501d56548b5d3e8d572f59730dbe754107c438e5b5296c6ef6cc28133bbf52134631f4bcf6c41472c5aa88006d485b7dcaf2e7323355bda5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769eee.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{5efa95de-447d-4f5d-9d08-a1cab76b407c}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.youtube.com\idb\1797624043yCt7-%iCt7-%r7eds6p8o.sqlite

MD5 d448a5e361e0094dd4a6f1be7a6892c0
SHA1 8fd3b91d14581477492a6a7be9232441545a8264
SHA256 192c11522f0dd05baf6eee5b8b0ecbaddcceb5b278cdddf0efb9db80348eb4bf
SHA512 298337f1e7c86ca9711fa10e7ab1ef5a3614ecc1357ee22d640f73bbae67dfa4be33425de28708a558da9fdcb1858e81a57f3df27407cdb051a5f543a6fa0ae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1964_1823642793\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 36dc196487b1e8540e0fb1d30537b2f3
SHA1 704f0d6f9ea5a6ae91b7300fcee952c23657d088
SHA256 d0d19135171ccd69cf6baca42ca0317c47e586489d11f84cca3d20b41eca2d4f
SHA512 81862c9c79b3eae0f3642e67876b158a9906dcfd15ea067f1c91e50e803ad01da58105bc27cf99c2bbfdb317098b9ada5a897e1cf5839cba6ac1311f310f8263

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1b2edd3378701a6fe090fe1175801605
SHA1 845f4f40fea5fd477f40a912461b73d1eda806c6
SHA256 abd09cefb72d406eab62ff0bc9ccd420c86e9258e56c90016dbd45ec8bb8b597
SHA512 bb7b597f5cb0d304ebf85fcaf3c5b166589a4d38f526cfb6e2df7d2e0e7bfdb42f9f6cad35da533392e5ee8a506aebaf10b1456bec090b8b101edc324247fcf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 467d28056db55a6b03f4bbfdc894752d
SHA1 dad61cf8cc2b25d72e73100bbaaee5363b33bbc4
SHA256 c2fc68030b23ba2416deff2e3681c9caee3e10e5d53c1195eb18ea0c85aa3af0
SHA512 01fdae669e12b1b36f17cba9aac8e75d369ff54eb55cf8ac769d763c8709ad4613f77f2d159dd18fe7d6487ac1aecc86fd1b905e9539dbc943bb0f4e388acc2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 457b8827daeef79c50b6b413007fb0f8
SHA1 fa5add9968113b919d703913f7c271459957a6bf
SHA256 99885dc1b6524442642ffba23655dfa57020550fa8a127d0d7f0ea3bddee8caf
SHA512 f3e6d45ea10f4fc5be7cc5ebc27ceccfcc37769b0ae52d6c8fdb04055f781d98b5190e00f31d052a574dd646a8f09cf13de885fe6aeb4ab61ba94fb3adaabced

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5c0ab3da-b0c9-4029-be35-d850769a2458.tmp

MD5 4717e5cf709040a7e4f3a3b016c167ad
SHA1 247c6fe3b7909c74a8b0c80df9b65ecc5e129354
SHA256 e32f58c13decfd8e0832e224e9df5b666cba32dd686aa702573be53d2a72a602
SHA512 24b88b1b6af366ca88be99e35256351d285e3e5d7559c0a0ac5f60e0d9015d59e5feb30980fd29ed4cdbeb967b7c530c08c2171a73b492d9f267b8f50fe8f7ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 918b7fad22670f0bc83efcade575ddba
SHA1 4190a3e916d7696f37bed185ddd2271246417a92
SHA256 db9a5fa870d49ccedfa5ce820f1471c5c9d6a0b83e7694f9738af936deab61af
SHA512 b6dd91ff9a0d4e9d841b399640a665b3ab21cfc5c3a9b30f8cb8584adc8f79f36383026690cc7c080f944a890849862715db70f1704c118aa772b3b2305ca6e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

MD5 dbe3566fa89cd71d669d131cea433779
SHA1 d74628b2dd5064f80eaba27192ea0d1b8d4ec260
SHA256 8acb6d031ae7c260d4af0f8eb81e4548dc18b61054785a3168b402f45dac6704
SHA512 863ca010f6da5cbf0ea50064502f2afa22324782589dee9e49c2d2c31fabf85b8a4c908d6efa259c9cb9920227b43af384c43caf33eabedf9a0b837dba6362fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 463e23133a1943373b70ea00579406ac
SHA1 7b53e0ccd2067222412ccaac320d3cfebe64bb3f
SHA256 d2d3057ab1c570cdfd03f69a563d49df21215537576b2c2fc1d619fd1087cf4b
SHA512 94f1c30af4a03a84d1db4d933ce0761a2190faf8f0a3e974f8333898eaef958f278bb939f8aa2cf178c1d9c79af885a18e0056b509e4c97d30d3f3fd891ca901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e5632ec8c3d87400e88ea40514bc6def
SHA1 c33dcc874ae068b11450163f8320d9c082a882c9
SHA256 41f0ffeddf288464c5173a9257fee0428ea09656bac93f5ed77b0c572b7ce3fa
SHA512 45dcb7abf403ad834ba7318051428545e16491a0df59c206fc9de4e1517a372e6bc56a3789eca1f403dd0c96b38ce2fb99564c53a9b5f4e74c6a0a8dafdc851e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be422c79aa8abd9c9f24f659547b3815
SHA1 66427d0fe602191c83abb0a87cbd3a37458933be
SHA256 9b06815e224f5463f2277ebcb820e344b321c6260f44e5f1189b04528c2fae8b
SHA512 5dff612f5ed37127163e701519d21b52d70549a2a033cfefef398c18c0badc51b92793bd1547b9a3dfc7cccf65055e7b8d3e1356f96133b41e7f286b27c271e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e11c50e52877b075787e50f57f826bee
SHA1 3107be98d3c1a83e1004a39c649ecb6043b1dee4
SHA256 cee0b2849b95f631e7c9d99867f8ad4326ebaeccfbd670f6527dbe8ed54fc410
SHA512 912b5031cc32629f09ffc4ba701639964d26c147344f6e52496ba48085184acec6d86d1765aa5e8cfc8e19312597a76f57aed613b0d933c327308aefe1f1571e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c737db4b7cd132bcd115be1c6ceda346
SHA1 89289a03015ab97ab545b0146ec26470240c310e
SHA256 0e7104ee4e8686c5ea10ff436943ad71a7244f037a93b40825255e53aa139874
SHA512 1e6e290cac853a62e07884cc28e8d31bb515fbcf0dd26e02a2f296bfd01a1a81c95ad1f00fa42a426d42a39da9db7eadb9d57d2ed5a2e0e330e5e0fe82176fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8e2170763993ef545d628ece6c822fd
SHA1 8dd487ac6741f4a57bc30c0e668e6162df855491
SHA256 f36f585d78413682c10fde6149761f9907f043bcbe3ba61edc3fd4444646dc08
SHA512 3394736f7354b9da8b326fc69006ebb6f332d3567a9600260603dc0dc78fcae5193c0679c16932b3968e50e0ddca80c15f7ae69c8f22ad90bc11f284b38ae1a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c537e62db066113a337a09a28967558d
SHA1 2a333cb17a97c94ecf143ac911aa6696cf63bc68
SHA256 b499174981be2af9da87ac12afedf960c537567c710c03bd6b0a858ef691b252
SHA512 d0ae1520f3ecd494ebe25ba5e83a708216bb9f9ac3e05fa1b124abf3a36dc17832ef6f1c7869bb4d577cbf2d02adffddfb1a35947e9114acc00236aad2e5d3d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 59d8bc13d7f4ceb20f027dd9bdb0cd1e
SHA1 c61ec4122856f097dc397be47c2177e86668ecb6
SHA256 1148ad08b1817cb8a352488aa0d65d39bdb24172a2bd24bdc8813fe743a8bf9d
SHA512 4402dc5936f1498c03bb999b4b5e396b5a50f0a6340909dfe7768290c539273601c1f15306bf925d0cc77f1685d1a1b02f74c54bc5581c1537faf7b32523da12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2132692c254e994b9a6140237962fc50
SHA1 00c3db212e9e4a59991b1d8c7a3451afeafeb08b
SHA256 a21caeb2dbc04afed564ba7a8e99894378576acd89a6b9f905a5f129a2101f73
SHA512 bf5d8214b05d489063b329a250f1d400a95d031d8f717b38ea45a585c3d09cafd361fd977401e9967adaa396896ef4df37140315594ff2a94cb972b4b627880e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 b64f8940641276bae23393af5b93022e
SHA1 28006542af6ad8d46dfa7055851b1bc34d173f0c
SHA256 809e54a4e289e33ee1dbb8528bc95effd17f586fbdde3ce470772917dae1d5f4
SHA512 b06c1cb7b6a5f17f625c326de05d859bbed3e4b2af8e30004cad5596e448e9daccd9f7cf853512cfaf103671a7a481cfbc2f40ea8ab97b396ff98a57569ebb38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b666b68381470f80da79bd9703de278
SHA1 3214a7567a08253af163153b19fb57d625d8cd5d
SHA256 d11fd43351d8fb10eec0a51bb363899e9c4055b16f0d529c8c1c9d4bab625e66
SHA512 1972f2826f5c0cb9f5f333d7d347e98d70c8f1fbc0b8240175b9f9c6af2cdebb8ef46e4e0692c056b9c212d43d1c042309220a12f280b3df07f56a6b7997ffd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 475eed44dbe4f58615b5399d5d2d932c
SHA1 25b8f6292b9243925dc422441be2a7c9073fc71f
SHA256 9a692fa3728e18992aff7a6e65cc8f517c9869109965a0fce85c0b82d2cf5212
SHA512 1386b506320ea6dcc406e906e9865c995fb3a5714d267bf2f01d5e65ba2a4c9fc7ec77f827ddf8d32bec0284775e1ac239958189d0168950b9154f20f683e06c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66887b5e3f3afa7c42164be70163ee93
SHA1 284e0eeabd557986b49c1c385a2a507cbcfcd439
SHA256 f480111eb672deabde651e0bb52276dacd26c132255d9d5efd288b39a34ea4f6
SHA512 ea00b45d93c94be5a7f81ebb8f6bf82b813d270e17c1d9394b1f8ac3b04c3d2cd84d141504525883ee45f081856405f9aa73fe3f30ade40f26755fbf55107b54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da603588c30bceca4e74c221af50f233
SHA1 09b8029a06033e8ddf4da902761e29e2fb909705
SHA256 df376fb241c1d6c0660797279a2efff330ab91f078a3d01f28cb10b79c0d20bf
SHA512 c87200b8a75574f50a8dd29fae2b8ce51c399100e023a9cafab8f7c553396c657ae422f3f0b30d112110aeac496d7dd1d1bdefdcc7abd442663846f8a1020f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2573bfb9155e50a00483322761cc7a9a
SHA1 159772d2d4695c5cf3e5e375175f22a51a6d4618
SHA256 6ad6dec7c12decea055640bd2a8cbfb24cdf29f8d3833a920caeb4f7350e41f6
SHA512 7fc7dcf9983c85cd740cd127f2f8295e2b98c39e564eff39d8372797d076bedf62eb103592dafd364149895caf98514814e3a3cd374b4f0de1e64ab25d4fbbea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4bc08c15faf089139c8417cc2909c1c
SHA1 b2c78939ae53b448da7cda2bb05c225c14b0f428
SHA256 b3a381ca54b1fcfb58813743614231e76deecd659b806d785f0c11827018cfc7
SHA512 0c8f1294ade2d3746fb1602056b65ca670d8783196ab0288ead78f033b975478f03c248640142f48d0461f6cb9fa6d262c48fc9639ed3e932bce5ea1f8f06bf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34b0b09dc86ce41bec1ee452882a156f
SHA1 656e6b29f5a79bec4261c43e087e94c27bebe729
SHA256 ba126dff1389948d7ffd7fd77752212debd6fd3f6465cb385c484165ebb8d51c
SHA512 bf973a3f50d329590ec09a095e848159857a7e074aa1a59d3581b0d18828a4e0fe9e02e249766514fa02c492db1f9d90d6c94402b66c7d46ec3add7d79db5797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b2a6959c86b8ecef7f7d44bd36f199e
SHA1 123089f67902d225436b6497ecf654924978ec80
SHA256 45223ba9bd63ae5f93c0466f35e1b8cb235d8b06da52ab74496cf91979723b2d
SHA512 cb9545451e4967fe48b0b2360bb02f047ea52fd76b16747ccc5c15105ddb14b0574b566eb2e20f424ca80ddcd0d4d8f6c83cd1994ef3579ed1e2451cf9f75013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f943d9dfaa959829a4deeaabba80cd8c
SHA1 567e22740bb84dd6a2996c47272a27ac6c48ac8e
SHA256 b8c54b62a9fc6821a35408adb7f45288c6556c346f3cd139329efafa4d3e82b0
SHA512 c5c6d28704ff2c7bb69cb2dbe7279c3bf9ba5885fa526ab2b1a8efce9a1c22e49214e8814cce35fb3e733aac3748885edda159e015d46e7d4924b733c0356a0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2629a0e4bc2443813771c62f075e7484
SHA1 98a62d64524a725fbb451ff2aa7cdfcb27005b33
SHA256 074e4e1dbc5fa5b5414d9f44ea8c86dd939e2e72015dbb74dc603c01234914e3
SHA512 1833292c74203857ee063c05b030a017dfa9f095925acbec1a11453172e8c22008c78bd6f1ef903aecd664cb41904a975178b9cb57565c226108136f92162256

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 90e9b558ecc048ccd156cacad2c49548
SHA1 b3136deb9c2cebe1760d0ffe96e370adf81e964f
SHA256 ac84fa7acf6265dfc4e6c20e511ec9a970ca5bf73c882dd048d9ddffcb4cd2b3
SHA512 ed38415d404622f711e69dd7b53705664f2cc27b0ee4d4fa0648b111e9357ebec4b3f1e05d53aa54f3cac22a2b2d6ae3390f3c6589ad5dce78c8d9a58ad822ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c17479c7439e9d4be683ceec953c6c55
SHA1 953885c38dd95a6c1f1dd74fefc50a102d47077c
SHA256 825cc6c0c556120d908864d61d04794b5be7270cd58645b55e0b09e294bfe1c4
SHA512 ff5c6a9ed404a3042ce3b58b05d3350c0f4eacca76c08e597bc9fbd6cb1e3f4bc883d38d4f1b0247853b3404aace69270d25f2104687f5c759ba30e468925f62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bd4ff72f3ee55aa776fd6de9639c07de
SHA1 0fa815b740bad617392e472b16578c7fb12d1240
SHA256 620cf16f3b1d32ddf55c0a93c21b62434379853e761560ff4e59592e64156f84
SHA512 b7669ecc20ecf64b903a01e748bf5da0b397645024b2de8a804390b16d1b1909beb0a2f3932e6109765b17f89305717414c07cef46ae27176ea473eef176b35e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1d7538f095296aef0b6912601e688b70
SHA1 e2517ec4cc44d388378776eb0329af5f1fa9446a
SHA256 5aed9983571e1070a9f81938ef80263cc467d964b63dbd430ec97ab74cfcf52f
SHA512 c25937f8162b846a020d279d5520e5747dba7582304a747b4b462a204140080f96bc39ca00504daa4cc5bf0d03db59041ac87c1a4caa58985ef9e70c9dcd4665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd9577c0d4cda0897d457232b08e5e8d
SHA1 f661e3b805da745420b7027000cb5ece9011df8f
SHA256 91f682bb73bfee13d777a91df267ae68efc99f08531fd4e1a8771445ae05ea62
SHA512 ed7c035407be528fa64f3cd1597d9859baa8bf38785633ac0326d33fa1756fad3be25856b9a656497505c68d0d2e2a8dfe32a130bd3bf929d7c3a175f1dff266

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ef48a82f142dd5f26f89474b7ad22478
SHA1 62d957c501912f809cf39442d5b04b7c713fd463
SHA256 aaab10156edb1a1d222def4d301ceae5690ce29d60d6a88f46b1ec5027a04592
SHA512 480dd57d0a856532f3114888dce1379cbbf00b949c89ea5172c0a889cc0a040e3934997919730cc83ed843027708b702f53c8b3087097762a0aec0634234ad1d

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 00:02

Reported

2024-02-19 00:07

Platform

win10-20240214-en

Max time kernel

300s

Max time network

312s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527747825021494" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 59f72213c762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ae5a9709c762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 360cdd15c762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5d2289fec662da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2299748260-2738869828-1388081988-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 5060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5068 wrote to memory of 1724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 224 wrote to memory of 5264 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 5264 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 5348 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 5348 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5264 wrote to memory of 5388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5264 wrote to memory of 5388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5348 wrote to memory of 5416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5348 wrote to memory of 5416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 5380 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 224 wrote to memory of 5380 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6104 wrote to memory of 5436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6104 wrote to memory of 5436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 224 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5380 wrote to memory of 5528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 224 wrote to memory of 5544 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 224 wrote to memory of 5544 N/A C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5544 wrote to memory of 5580 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe

"C:\Users\Admin\AppData\Local\Temp\9b05d3d31650e23cef9c9132617cc401b23f8c3a0b14b415cd514161e26d6d22.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffec1859758,0x7ffec1859768,0x7ffec1859778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x84,0xac,0xd0,0x44,0xd4,0x7ffec1859758,0x7ffec1859768,0x7ffec1859778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffec1859758,0x7ffec1859768,0x7ffec1859778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.0.1855172272\1474847567" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd425925-f593-4eb5-a087-63d3820c959b} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 1796 1c01b0d6758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.1.993588174\551353144" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dacf870-2e8c-4004-b6f9-b51ffd12abac} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 2184 1c01ac49058 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.2.1212280197\545648212" -childID 1 -isForBrowser -prefsHandle 2696 -prefMapHandle 2660 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {473c5781-6228-401e-a6b7-ffed6d42e225} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 2940 1c01b061b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.3.1717145392\1435500507" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79e023e-81fd-4e8d-ab2a-b9812ba0d4eb} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 3536 1c008c69358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1692,i,15942440242896224744,11142813237443521868,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3872 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3684 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1692,i,15942440242896224744,11142813237443521868,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1824,i,14459168003868670952,1841136848042314708,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1824,i,14459168003868670952,1841136848042314708,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.4.122464521\483764177" -childID 3 -isForBrowser -prefsHandle 4640 -prefMapHandle 4612 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e27a46f7-ebca-49c8-94ce-5ecd53fa71f4} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4656 1c01c739658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4768 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4216 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.6.1379272301\1275782999" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {230330d1-efca-43eb-8a97-6360937ff419} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4936 1c01c739058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.5.649289935\381862222" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4844 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d7ba956-f698-474f-a6d3-b5507086b459} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4824 1c008c6d658 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.7.1111706602\1603429714" -parentBuildID 20221007134813 -prefsHandle 5496 -prefMapHandle 5492 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9797aa97-c67b-4471-a248-f743677fe068} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 5504 1c01d51eb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.8.1660339894\1908673846" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5524 -prefMapHandle 4264 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f613be5c-e741-44ce-9781-eaf2530285d0} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 5504 1c020f23b58 utility

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.9.503432986\1516336365" -childID 6 -isForBrowser -prefsHandle 2844 -prefMapHandle 3496 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ae70ba-9d5c-4ffe-a596-c955154d5557} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 3128 1c01f003e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.11.1975908071\979979868" -childID 8 -isForBrowser -prefsHandle 6060 -prefMapHandle 5824 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0579eba-4b91-4792-98cd-dc87452ca933} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 6048 1c0200ae258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.10.376194271\109861315" -childID 7 -isForBrowser -prefsHandle 5868 -prefMapHandle 5872 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d45bc8b-d326-4d12-9c96-ee78cea2a312} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 5860 1c01f05f358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.12.307713779\784432725" -childID 9 -isForBrowser -prefsHandle 6076 -prefMapHandle 6080 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53192ec-20e9-4ead-a820-8f42b807a437} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 5872 1c0216dbb58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=160 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1836,i,3777810553650518048,15442430230136251750,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 201.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.239.198.133:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 133.198.239.44.in-addr.arpa udp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 play.google.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:51068 tcp
N/A 127.0.0.1:51078 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
PL 172.217.16.3:443 beacons2.gvt2.com tcp
PL 172.217.16.3:443 beacons2.gvt2.com udp
US 8.8.8.8:53 3.16.217.172.in-addr.arpa udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com tcp
DE 216.58.206.35:443 beacons.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 35.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 216.58.206.35:443 beacons.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/1524-0-0x00000206AB420000-0x00000206AB430000-memory.dmp

memory/1524-16-0x00000206ABD00000-0x00000206ABD10000-memory.dmp

memory/1524-35-0x00000206AA640000-0x00000206AA642000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 364c735a551536e9d1e98a6a142eed30
SHA1 93fbe4f693dc3f7472942fed3ac07612fc223ea4
SHA256 6c67d3996015f6a9e4840adf1ee2ca270298aeaa522e10253f50060ec90ebe79
SHA512 b5bb1d530050076d43eef4296d80ce535b864be6e6fba88e66bfa7eeda95043491a76c09ae1e2b158008f781264b17be142ffec4ad4e7d9bfacc778d5f2388b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45189f65fcc2a46df6644d3a9ac408e2
SHA1 e80c1ee20328866ceba17f51da5e70983bb5b1de
SHA256 f0384ab9ea9e6461661fbbad1222ccbd5c4556acee88a2202d5648889bbb8607
SHA512 42210cce4dbe2a342c172a47212f66fb7363f1716e7d6beef56166f3a9cb6dd08747dd8646ca399957ddefef95e27ea0ceff2295dbafd19e4e5eba6844655edf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 062d7ed2549ff25d99a83a00c5117a9c
SHA1 d0d075211e5ea12873795413df7ed649b970b6d9
SHA256 93469cc00fcb3daedc25f58d1796c8a4d013b14f0c9613d47e01b27caaa9cda0
SHA512 c1aa71f07a5bb2cb65d6c0a4f6d2b2514c0671a21c80b73510e72daf58dfa10cd999e77e5320cb6a2fbc2623ef5f4702a80144bf063a13fb3182d06ffa1a8330

memory/2992-128-0x000001351DE40000-0x000001351DE60000-memory.dmp

memory/5060-162-0x00000212097C0000-0x00000212097C2000-memory.dmp

memory/2992-163-0x000001351D8B0000-0x000001351D8D0000-memory.dmp

memory/5060-170-0x00000212097E0000-0x00000212097E2000-memory.dmp

memory/5060-174-0x0000021219E00000-0x0000021219E02000-memory.dmp

memory/1628-196-0x000001D81F5B0000-0x000001D81F5D0000-memory.dmp

memory/1628-197-0x000001D81FC00000-0x000001D81FD00000-memory.dmp

memory/5060-220-0x000002121A0E0000-0x000002121A100000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 2bb226f42755f51fe374ff3044780336
SHA1 887ed48b3bc72b36d3002b9519eb2c98ad99e543
SHA256 27c3524c7f57a33ca462282521945ac35cb2e5c12bd17fd2f51abc1bfcb7c6c0
SHA512 5e4b1b4f6ba368bb137c54948044ad9b74e320d9b097e895f3c2135f345cf6d4db774049e81743217099159f41522c9b4b211fdfaadb067dd922fd72efae6a31

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

memory/5060-246-0x000002121C1A0000-0x000002121C2A0000-memory.dmp

memory/5060-242-0x000002121A0C0000-0x000002121A0C2000-memory.dmp

memory/5060-256-0x000002121AAD0000-0x000002121AAD2000-memory.dmp

memory/5060-259-0x000002121B1C0000-0x000002121B2C0000-memory.dmp

memory/5060-269-0x000002121AAF0000-0x000002121AAF2000-memory.dmp

memory/5060-274-0x000002121B2D0000-0x000002121B2D2000-memory.dmp

memory/5060-281-0x000002121B330000-0x000002121B332000-memory.dmp

memory/5060-284-0x000002121B350000-0x000002121B352000-memory.dmp

memory/1724-330-0x000001D7574C0000-0x000001D7575C0000-memory.dmp

memory/1524-376-0x00000206B1DE0000-0x00000206B1DE1000-memory.dmp

memory/1524-379-0x00000206B1DF0000-0x00000206B1DF1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I74SUB2D\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/5060-425-0x000002121F5E0000-0x000002121F600000-memory.dmp

memory/5060-423-0x000002121ED80000-0x000002121EDA0000-memory.dmp

memory/5060-427-0x000002121F600000-0x000002121F620000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 1675d1ade6fd6c2604e73b8d88fc4ad6
SHA1 fc38b52667dd2758e91b4ce5c98f154eb6589840
SHA256 e12b06eba7c00e3d9c15f8a1ce0277bc8af01da4a11ec704239da5d337e925a0
SHA512 cf0191f98c0f2ec87bc6f7bd4c4a7528f11e58779325d019a32f121645a73c32edf198f544bfffbe37852e7712ab0a20dcb505d13906fb204c13ba5d38adab97

memory/1628-492-0x000001D81F500000-0x000001D81F502000-memory.dmp

memory/1628-501-0x000001D920820000-0x000001D920822000-memory.dmp

memory/1628-505-0x000001D920830000-0x000001D920832000-memory.dmp

memory/1724-536-0x000001D7575C0000-0x000001D7576C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ENXXKBB5\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/1724-558-0x000001D7575C0000-0x000001D7576C0000-memory.dmp

memory/5060-597-0x00000212091F0000-0x0000021209200000-memory.dmp

memory/5060-600-0x00000212091F0000-0x0000021209200000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 b08ff00a95e4859e4205e74cdacf7e58
SHA1 28c6d48831b26c04ea99cb653cc5695edb41b616
SHA256 b91fedcc95f01a2f037ec9bd3adc0cf79aadfb5ad7e7e09c7c64b4ee4c697650
SHA512 a1c0b21db6937230dcb55304353c1f97bf23683bdab8164b8321c1e3b4e5ff0e34c04dec8d3be19b223535354ee6ba734d35710abd416167c89dce7133e7f004

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X7YK8I80\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\vbjo7k7\imagestore.dat

MD5 51fdfd2c4cc8cddef4e15ec6153ab3c2
SHA1 264c7021db783051821d0f084028f2eaf9c55054
SHA256 35c165cedf1c329f7b8b7d25069cf1cc8c459b728ee9ecde7ef26502e1bedbb8
SHA512 4e50881c67dc66b5a2fd7f3746c683332e839aabcb161f6f41de7f02281a513fd32e319a644d571fd40fa8a5f9efd8a08d873877a9c396570d884337df362142

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H11E1F44\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZHIADWT\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZON7JK6D\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HKSXMJ6N\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZON7JK6D\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZON7JK6D\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HKSXMJ6N\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HKSXMJ6N\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZHIADWT\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4b11f7dc446e3661eb9b58bba44ca5e6
SHA1 3d53554a3ca71b98e24591094c22bd85535d13a3
SHA256 5d0115a1d1b3f14794d198b2c6c4934c90720f98f8d73ac304aeffc347738441
SHA512 003ed225f6bc32859fa8babbdef39a8903b8e0692ebaf4db40cf60001d7ad4975cc07c90662a8923750d16ab5dc004a97d42f58982f9728dd46cc24e04e3e3a5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 924786de67d3004602fff91fc96c9707
SHA1 9d45c852ed53567d57a7132022b8894dd3344861
SHA256 6c5a112a57e6d3c3ba9a86e801fd53a17d8416de907db8246a1147df8c387849
SHA512 9153499879956bdd6bb8a542ce5ae67bf7540415c4a511d04ba84948e17b4ea138c144c6527ca2d7d86e4d22d486ca63d3e008adef8adda4e59e684cf9f9e755

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZHIADWT\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZON7JK6D\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZHIADWT\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HKSXMJ6N\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZON7JK6D\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZHIADWT\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 043cbbd757874b0471005b6156e94516
SHA1 6e13cff99f121589b5436ff84f1b74aee24298ea
SHA256 6c33bd4fb37582b042d4fed7eb45ef168b2ba964c2c9f76bd2d9aa36c2d20296
SHA512 c41d0d1ed8c4f070d30c92015ebefcc525adc3581d929de99265a49f39bda6fd1b811940db1b1de87c95192567901d7ef563c4fa05e1860bf15ce975d234f4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\datareporting\glean\pending_pings\34f901e7-9722-4d65-ae11-7213ca0157db

MD5 579882b986c0ce57cea1c5e6a06bca74
SHA1 d6b3483092ae5c619a9228226fbbe7a60ce04012
SHA256 e108f18ace2165ab8074a020e66adfd83646a1bcaf38e29c0636aff1e896caa4
SHA512 8b7b8ae727e697c380b755345cde3f38f1e86c6f2028b286fd3a60b3e0240e95cc04d4a344c52fffb0b0fea8ba54ded5550da5bc026a8c9d6c0cd141187764d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\datareporting\glean\db\data.safe.bin

MD5 1a3a14c2a4aa8dad23f98d71ff1c7fc1
SHA1 a70681d4987e2c7a999585c5797471761033ffb1
SHA256 66ded38a241b82067123a7c9246e69247f2c008a988dd4edd44e9d61315f3e1f
SHA512 a6283b3388d03f7a25ae3fdd2e248dc94306d9e472131976fac9d6e7ead81faf3fb92a0c8a30569ad4d86205a18c494b6b4d0edd2b18727b40021035df88afce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs.js

MD5 fec76c0977d88a4d2f7fd6e434c2fbcc
SHA1 254e9d9ede551ad2221f4a22af432b756aeb167a
SHA256 6fdad73ea75fef69451896e9168e16f5cf8c043eb77396383f0d5d764c8e1efd
SHA512 aad762f7cc1f787fb96f41eb7f5ecd0c1d303376e8c9bdf3e45f3b045894e66150913d6387b19c53b17e2d617c2f72395dbfdfcd8d0da29c49a8aaf253afc2de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6fe1dc55556967d1b4c2818de1e8eefc
SHA1 8a066778454f82b44309c758961dfa15277b43a4
SHA256 7ec1c3d895165f52a87d6b4e3593e43899c1523b77a058bc6f8061fc5b39f09c
SHA512 d75fed03eef801c79f3db8f0d7d0d8bbb13a3efdffebb2503099eda82accd8d94b4147e3aeba7b27364b710df00cc817e55c11caad2f9ba7981d951ac057b630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 254a8189649ee60f16f61fb14f5c1357
SHA1 da9ca9063e28e4b7ee44b70f876af14c6039aefc
SHA256 7d806f188fd636d75d2d3f421bcb4bd9260854c6a4682587b4018408b5195334
SHA512 90025dc7c794a27e05653b579b5995b91dc4bf9d8e1695ec16f0e87581d19e387327c312f29fd88902ad9e7525b950ba7dd82284304b97a0947cea17dd72ab93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c657bd040aadce1b8992891b669ea98b
SHA1 9418c2eaf0f9e5e2fcb1178197b4922a5f61c79c
SHA256 0f13fa0d3f79121e24bfc0cf0c9be1b178bab47522ee319426c96f69cf155d11
SHA512 4209bd8564612edd44ff63f3034b094782da0e393ed51eebe34ae3a16d97acbb8942b2e7f4b062c8457b0f33ec0283314140de40060ba3bad81c1d82cb4c3ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e38b2879eec5d1d4367c39d46523f25
SHA1 604ccd6c22f5c80d92fcea52ab148113446f2679
SHA256 f9b5a9c46cf367496cda75aec84b3a693aefd06bc6b8e393f7353f1dfd681478
SHA512 9b45e75619aec3a50000aac30e8deb5a816646c167d1abd5dd4d3c3abb2872d7cb6d1887b4dd867c324cff0ec911f8a369b275e6a5157d08d59c388dc15b675d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs.js

MD5 559733c31403c91f0d406de9364b8382
SHA1 5f9c01d7cc92f30bf5ccc5e95f4bd9f51426d38b
SHA256 b6baee361891323f442d5316252558c775d0b064e56de074e2f63aeb19b00fd5
SHA512 fea4b23a69a8d0dc583210cafd68e27f5b577a34a6408fe18ed15eb7142fdb96d245b963909a81d41e59b42ac44766915bdfa591efc4cb3695ff0dade40beebc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 941fc402e981a245032ec6dd713600da
SHA1 f041e1919495c787790ec1d74c841c01ecde4e8e
SHA256 29f13d972b5740de4014d7ae033c2cc6720970f70eb33e603f639b9bcbb80ad7
SHA512 93a3596ff6cdda65a5e5559985e757c516b91cecc1cbd72e75aab8ee66737023da8a391ebc5f97d9129f2c036956295a3509f5970aa569b0d8108c6075e41f5c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T91158BQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4667331e632399c2f5be2d03604016be
SHA1 5216f80f6210c815239c1f3c69bf8304b0e62692
SHA256 6f9fba3d92b444d0d077ad34c1a4e72fa8890cc6d7281e943819cdcfb8977485
SHA512 b26c6ab45ab17af19bdf8007178a2603b9ae0e9ca820e993132e7552fd8da6434510c20ec4d2cde89d4f1ec3049af19fa79228db9b99dcfc76bacc2437b77763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\storage\default\https+++www.youtube.com\cache\morgue\158\{486cb67b-2c8f-4174-8e90-6d7f51ec6c9e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\storage\default\https+++www.youtube.com\idb\2228081442yCt7-%iCt7-%rfe0s2p1o.sqlite

MD5 0b3f5e113d45581f4e0f96117014af83
SHA1 a865271a45da3c809c50c5eef2d4fa17fee727d2
SHA256 2f420c3414d737cb8ad07549fdac6bf9ba0187db27d84f059fc3cc4fa47f317a
SHA512 c5d7733e22da73fa4361f9dcb902de9f71b75330d972a43eecff27e22f6ff8d9dd91ef39bc7b415634c102df56e8a84b558dc0bfe05306c357f7496fa338b3d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 afc0853460a3d66d967b941d7cc7578e
SHA1 88f261a504d317372a1974cd4e220da58b729d1e
SHA256 2ed75b5b79e9364d7387d0197c9bc7affc38b37636377b13cb584c5b207501bd
SHA512 d07dffe77eef7d4357548ab09dd03eb5c9430621b11e4c4456640f1e773810874c762d4461498df5a74afb16ab93b5c35a749a1bc68b0768318c4cb2710439aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35784b0110d664664de072f8b43f19b6
SHA1 2d92f322b37ef2f216f3b4fe3480a1541baaf673
SHA256 fe2da552cfa74a79c2294e5446a50926da7bfd010d28f0c4a48aef06911522f5
SHA512 4c26437c2e1e72336176816f0f3e99ed6cf7f7ee0fc4e5cdfb6dfe72c4da380402df8d406d21b1b3eea42c21eca567d1ff0d063a88fdacd92900abaf052e5134

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs-1.js

MD5 d412dbd40d2b1c18e28f6bb4d7c2267c
SHA1 892d81aa9a422d87387ad92427756d776280e68d
SHA256 f9c93c8f004cb3e66c2219e165aab29792d729b896122f5bc64c871f55807105
SHA512 f562a2f1fecf6915f0b630b8f3dfd1cc7492f30249737f3c45ac11277a6064be68b7bc2209b99c57f006837dd56946fab962930d7089fa54e00ed297946ebe35

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 b1192b996a0218325d4a274643a11e0a
SHA1 6cfc05361f745ceb64cd6233376b4ff6f903051e
SHA256 071d8bceb3dc1c599a84af6872ad9fe4a9d5ed4cd70bdc986151fd73c2f0729c
SHA512 122021f3054ef73171d85353532e4784ec328a9424c974c36e3a515745208c63be3dcc330a043e02a4b580ede2db0ef37e4980dcf3af033006c72153abb795c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 f492ee064aa4b5eaa5326d6e65adf15a
SHA1 e7e9dc410edb786ac52e1561539034ef99b48089
SHA256 b43d199580d4d709ea5390e667b875153c57d92324d57039866d4d81b6b63c04
SHA512 7b540cb8c61989e092836a2464e6f232ecd16b30e419c6707477d681411906e1ed42a3d902f608be3b86ac9559dbdaa646c097dfdf611667ae825dac09a5db6d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 51e3fc73939e215cc37157b77f58808d
SHA1 5638a5f573e00fab30bb2505264e58c73091d40b
SHA256 f4a92ef84bf6b35bf83ddaeb975a70e345d2aa7d407bf767a9bdc49fc783bd91
SHA512 f3b4acf7218a5b9cbb1ef9b1bd9e3d0597ef2ac5139f553156da4582d5f3c1dd77c7530d1938c1b7801003df97cbd156a3c32891b3c47838abea5796c30ef418

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yecwvaj4.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 b817ebd143384a7d3e6a5d3e34b96b64
SHA1 cc4a1587956e45e34dd112decb093f0b3dbc16b6
SHA256 c0794e861de61f777d7f0977b3955e8d6f63fee34170958749f4ab5e1841b3d4
SHA512 4272e72c6e901ad9c1ffb09ad7ddb54fb06938dc21e94307cd7747a23de53ee3d1e807dce2bcf3f795e6034dc1959d081fa50e889f97b5e57fbc28bc68010938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7617d81285e7abb22d1e099c4c7df31d
SHA1 8ea54a4c3d8925bd98ab25a196be527884cb6126
SHA256 8f139f2e3b0c5b289e3f0f2a8b4385ddc45b4a997ffa869afbc32d8889890513
SHA512 f6bef2920535c6e8173400f5745670ce789b0261dcfc064a2d28402c51ef55042640737227eceadc25311e07570d91bdccb6f71252963b30c65775fc9614d04a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b6e7.TMP

MD5 27415a1939dc2bda6d54415a2ca22e4a
SHA1 1cc60b0e703de8eb9934a7bebce667ffd03dba4f
SHA256 80c02bc484e53738a0d877895afee9765fa29e758db616b2eeb7eb661c41f981
SHA512 84702927e52fde98d0f112af216dd54d07e625498a39ac6faf2e07e42fd1863838a4e2b54bee5a8af3ef5dacb36fb6958d89bb534cb7ae5b179a0936b4a4b8e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2e0514ea1ba2d01ffccccb6ad02d05ea
SHA1 9260060d5e319b9614de9ef9bddde093ede2f3c6
SHA256 da316fbb1b3a9418e9554a75d6976bc83891e9cef0eb172399ec22551345df4b
SHA512 04a4adc49d4303d21946c4ab5f08ef2a7aec1816a6582d68c17f8e5def3fc7dfdecffa406c7e284c628f90cc38c4d866f59c9969b791d2d603ed87a6b716348e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 58883aa30626acc6ae7dc688cbf548c2
SHA1 057d4df66c4bdc9f4e67a66d63f35922ef66c81a
SHA256 6110c439319dfae644270ee0dd140132ea6dc32dcfaa765b38973a14b72f0fe7
SHA512 0e0ae00a2fa78942150e000cf3164d99010c5f5348740bedc6c4ce0c90186135e209f35b1051bd621a95c9d067fd7d9a5281654055394aa44a1b5d12f9da1e57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d9f532f64c670be9216ef03e3a7849b
SHA1 ae165c032d49fa5e005bb4c5578341c18e3769a3
SHA256 c0284b352ee8d7ccd7a3e16c7b32bc25b18cb9c8b7073ffca58988435ff43ee6
SHA512 92aed76eca593849ac3e93333a548bcfbf1037c332ccf98dd0ab281f7fd7edfdefa55c863f2e5cd0ccb2f787116436d01566cfdbf0c9011ec6c412daa90c03b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\prefs-1.js

MD5 f8c1b5c454dedc82ece58498ae996978
SHA1 b09f9fa32fd2daabbe64d97a6c40bc7290f7611f
SHA256 6f49b9eabb014435566da012523b5758270a02ad11e631dcd90a3b9773a7cc1c
SHA512 4fe851578ab13710ea986c5c5c22e4b617e3fc112427623d6f0d1ee44e8d6665c789ab3e30bb5527e9204218d17beb38426fa2fa0b4a8212ce315fd9a99a0279

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K7W1RSMO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b9a6d4a027f2916f55631bb7e542c90
SHA1 6d9e97f98764c4ed4d9edcbc6061e5954357522d
SHA256 2b44be3c0d066ece642a32fc6df5797f591df9a53b24f56568700c62d39d165e
SHA512 eab7f90d86706e6946ead2dbe1e95e3186282a78b503f4bfea878765c4a3253cb442cbedeee59673822d2afd97e3d65c0a72e28f6a42d7cb03fa4a2d4991de9f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d37d56aaaf7e92d56941aeb4bbb77e2
SHA1 670a31b53b67038ba040cd88ad19307fc915d81a
SHA256 e3d6ad0e037cf5972847d44cdec7e73e8d594c4c4fd18e5626d01c71878a7cdc
SHA512 b26d6e54ef4e5182e1b16b09de19bd525b4fd770a83f479a51d93d5fcca62d2f657e69c72afa027ede369e8fa7344030a29c998fb4798c0254d755d826672971

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yecwvaj4.default-release\sessionstore-backups\recovery.jsonlz4

MD5 093d4f4dc7bc20c2470da1a276524269
SHA1 2e6ada2d0c562b1ff7fbdccd43561063ca4c5918
SHA256 275d031b38b445567b4662e4dd291904974ecdbec6f7c60a749bfcbdabb2720e
SHA512 f9afe10e58af1e70e057e30074a1a8730e404f11c0ea5ddb257342ee750bbadecd1b4c7ea7efe7f57c481d06f6001a2bab648ad278f0adb740575aa86760089f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b5eabfd228053eaee27f52371bf11eec
SHA1 f1c923fda9de316cb6d69fd71015f465f7c80542
SHA256 29d35c4a045cb5d508d6299dd03bb67bc9ca55ab29b5f40f0f7f18480092fbd9
SHA512 867aebca96283bb90173d0c17710587917f31e2a8d19b0b56a0eaf557b23c72522c2e389b67dc24e9c2c252764d433e60ae1cd942cae34016b35d2e489ae4bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9bf16de6f4cb2db4ed17edc7050ac6a3
SHA1 6d5b87926517beab142affb234ba44fb6e2f07fc
SHA256 17126742fa3febc848d8f2c01fffb0e50f5e887ac2cf6e1f6908bbb2d932dcad
SHA512 1e59e6646e42f804ec8bbcd7d70044dfd793b3987afaa50768afa761fd468d4bd60be1aaffbe707a88c9c633ca187e48f81d7cc307696845b69751e127c79391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59111d.TMP

MD5 70d62e57b69d75d416106ceda3be5bd9
SHA1 41de3916afc086b09ecdcafbdd8ede92f6acbd75
SHA256 002563540e04907cdac14af0c0a55ab6e5f31f3d978a6e6e6e28b01f9cc25046
SHA512 22659bec9cad6ac2c357bd68685fb14d3f94d585c039d690a8d327ff20ec86088ed0b2dc75faf1bc4371fc97c3012ae2c9e5beacc0e9a1aeca51f16ffebd95cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 812e105357e683d07221de70f4d0da79
SHA1 284d741843124f949d15286b61ec2c77aeea54cf
SHA256 d82b26599545869a5aed3d00cb733d9621fb3fa83b371195b530c0e4266f611c
SHA512 4e122bfa68cb22fcf1fd53972a321e1d55f37387444b3a853b5403b4dc326c70da8130210c65c9cd1fb91c8a63b66e36737dd11e72c766109eb274f1263695f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 abf8b7d2544d8e1b18dd41c246c4f5df
SHA1 a357939975f2df8cca1a0b9c2a9fef63da5fdf6d
SHA256 d08b4f69de01a802fe9771c981f4c673a5aa6d34949f49433ecf81d12739530a
SHA512 b8bd8735ea34fc1ee827dd75c55ca0cdbf10c73ea953a71b42c41ee543365a13137b93c492fb4cb84748590e5589108001d425c73fe74a277956737aeeeb5d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58cbcb1653afd460d7ef2fd7addff6ba
SHA1 aeb36992bd788e69ec33c84e45e46cc5653d8702
SHA256 e9b69f6b87ffd42a05f778d371dcd9a5f99762388a44534174b964c86267ddea
SHA512 a5dbe834dda0dabb012ab4b937bdb5a55fabea47162ba71d09f51a7ec0a8e7aba93c52d032f466db59fd95508409b01682502a34d1e085ef1ec6640d2cb1ada9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 934465696c12eb00415bf7c907e64a97
SHA1 dbeedc67e0c9f5fe23d49737e6576dbb0878cff6
SHA256 42cbf8602f8750bccc7a530f35840660f882b37c8e1e8a4e7461843a04245bac
SHA512 842883caebe6c79bacaf1f16ca38861bcc51c3fc966a2d85b70342dfd6f789b3ae9152cac6f527abacc0d122127fce4e303e33a04e3dfbe92f40c820b818ed67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1435b681a292f72ba2122365ff49c20e
SHA1 266b353b395cadf06456014814dfda8eab2f1966
SHA256 5939f36e75e9f159491ab735abd1c1beee071263b74206f76d1d3ea81c3de354
SHA512 080c3e276b2817b33b15b846827fd06c0a6f1c650a7a97eb75f0c736c688c8a5fac77eff9a45c680382386b911742b5f85ee52d9b62e7a13027407547647a325

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c5077eb745b953a973ad222d4caa724
SHA1 aaba764df8ae9047fa57a0a6659c3d7866acfa42
SHA256 b2347948713f3bb070fa8608c5819240ad92f38c0f2ffd551aa115b1c4fb0a01
SHA512 54827ab8e62ac8a9df4d613340c07cadbc9d51228388b11fa7d1165da5c89da37bf34ea96cf56e916053b07ea0137645f1c2a53cbd5db686cf41311dfff48fec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 71eae4aafc78254c0dfb233de6f32a9f
SHA1 026483b86af842145f51f1399a4c57e17f847a38
SHA256 85baabed588a45331b7e16b434534e176e841964beeda46bc478b1b3773837fa
SHA512 fbf0daeaa5d315fc996cc9f294f9f86cc54293f6f328dc4ba1c4d733ce5b343c685602118120128d482c820838da9b0c52f3a6d9c2e6beb7ca6e16386202c4ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eedb0803ead1a0a2e1c2d74d91331a2b
SHA1 66934077be90c1772297771e75d3b19e625c6169
SHA256 3cb705881a80040dd347dea3a67c22fc38ef150da9f79a771e9282d6b6c1076f
SHA512 072a9d1a2dc3b6c08752da73d4f67abbfb04c054e51261a6dd2d033425c5dc3e25383faec0fe2dc068ea9d55d38df3b9c94cb32398c888902a3006bed8d9673b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bc71083466321ba7b81b29586a76bd81
SHA1 ed4a9e8a69d6a6f827cd22bb544ea87afa992fd4
SHA256 1295dacc9d4aba483809a683348e2e6c1b772f83149feac752b342fec52fb037
SHA512 ddb8de1f5975138d425e7a9dbf1ce8727e1c88337603ba3afce7b4431740aaa152bde3c8b75ee7e6cfc8270a746ce79c09705775662b6c4a25144fd4c83828ac

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ad839b63fe1fbf9d956acdef244a14fb
SHA1 954b93965cee4f4296d5728a8870f97fd7e213f9
SHA256 73d003ef1ade9c446ea8a989e836b1f0ad80558bc81b87260f551e6044738e42
SHA512 69bdd9a1dc465d37334055bcd22cd8fcfcd28cbb6b968d03e825c0ceff347ac54b33c6157de6dd4d9f2ca6f359ba62072ba630c69cf8bdcf733c0af428ccd6bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a7153b9834ec15299eabc84877a7241f
SHA1 745c5cf6fb8120bcc209c17cc5c353720e776689
SHA256 b0e593de14414f93465de05e18db80c188696796327c105a98f9975912f6fd82
SHA512 c2a3a253176fbab52813b2bad0a5d39b28dda3e971e5858c651b712a5ced979b41274e5f8455a206f952df2e2015769871153741b3f301a456a24976cd1047ba