Malware Analysis Report

2024-11-16 15:47

Sample ID 240219-ackh2agb98
Target bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80
SHA256 bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80

Threat Level: Known bad

The file bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 00:04

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 00:04

Reported

2024-02-19 00:09

Platform

win10-20240214-en

Max time kernel

300s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527748515609939" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 232a8127c762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "414463203" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 104ce93bc762da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 901c361c7663da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2823555597-1618944607-2277500087-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 828 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 708 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 508 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4932 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2448 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2448 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 3652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1492 wrote to memory of 3652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4932 wrote to memory of 516 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4332 wrote to memory of 5124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4332 wrote to memory of 5124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 516 wrote to memory of 5164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4932 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4932 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4932 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4932 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5172 wrote to memory of 5248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5172 wrote to memory of 5248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5172 wrote to memory of 5248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe

"C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8c6919758,0x7ff8c6919768,0x7ff8c6919778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8c6919758,0x7ff8c6919768,0x7ff8c6919778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c6919758,0x7ff8c6919768,0x7ff8c6919778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.0.2033906642\1184746714" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c34be5d-ed3e-469b-87bd-84881e43644d} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 1784 179ea1d4058 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.1.3914780\1467175069" -parentBuildID 20221007134813 -prefsHandle 2180 -prefMapHandle 2176 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90940595-a820-4d79-90af-f6e1b71bcb8a} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 2192 179d7ee0d58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.2.1866464868\1147225273" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 3040 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b96c9df-fcb2-4a30-998e-d30f6632cde9} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 3032 179ea157558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.3.1199052726\1960572787" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8443361d-1d3f-4ce9-aa79-f20f5b5ce276} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 3460 179d7e67e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,1042814585318042813,14783941396114877166,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3648 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3636 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1828,i,1042814585318042813,14783941396114877166,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1844,i,6884774135450327763,16086083480808374917,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1844,i,6884774135450327763,16086083480808374917,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4736 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.5.470475836\834718643" -childID 4 -isForBrowser -prefsHandle 4636 -prefMapHandle 4844 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0782a3e2-6e0c-443c-b239-c8868db1efaa} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 4836 179f0bc7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.6.1482418406\762852187" -childID 5 -isForBrowser -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8b546c-b936-4dd6-a87f-a50eaabe811f} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 4996 179f0dd8958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.4.955188929\222801028" -childID 3 -isForBrowser -prefsHandle 1632 -prefMapHandle 1504 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f73c9d-d6b4-4273-b7de-5f1d6b72aa9f} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 4636 179ea1d3758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.7.861211881\1899057433" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4108 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eb2bed8-48ae-4de1-9d47-121177c1a488} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 5408 179f109ad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.8.1788314242\162700522" -childID 7 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c25e65-49db-424d-85dc-26b2172ccb91} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 4852 179f157d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.9.1073920653\1717379186" -parentBuildID 20221007134813 -prefsHandle 5792 -prefMapHandle 5784 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffe85af1-4133-4f78-b241-32f201e8534b} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 2660 179d7e6ab58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.10.780096374\136497663" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5936 -prefMapHandle 5928 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cdf333-5364-4969-8100-a03570029400} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 5944 179ebabe858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5164.11.446510110\492709357" -childID 8 -isForBrowser -prefsHandle 6296 -prefMapHandle 6292 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c24d821-aae1-4d15-9f07-88deb7ac8e08} 5164 "\\.\pipe\gecko-crash-server-pipe.5164" 6304 179f08b6e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1860 --field-trial-handle=2064,i,3560786831972372788,3870268272498224884,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 m.facebook.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.239.198.133:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 133.198.239.44.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:51045 tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
N/A 127.0.0.1:51059 tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4.sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4.sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-npoe7ns6.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 105.84.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.200.14:443 play.google.com udp
GB 92.123.128.194:443 www.bing.com tcp
GB 92.123.128.194:443 www.bing.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 194.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 121.150.79.40.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 216.58.204.78:443 google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
AU 172.217.167.99:443 beacons2.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
AU 172.217.167.99:443 beacons2.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 99.167.217.172.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
AU 172.217.167.99:443 beacons2.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp

Files

memory/3424-0-0x00000193B8C20000-0x00000193B8C30000-memory.dmp

memory/3424-16-0x00000193B9100000-0x00000193B9110000-memory.dmp

memory/3424-35-0x00000193B9200000-0x00000193B9202000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b78e8c9fb6178ee8dd7019ec1b3d04e3
SHA1 c6eb689582269d73cb24f96ea59c6477d71ee1c0
SHA256 f97691e9367e4d16ca5d492f273751becc0c34ec2a5890e0d49b0b7a399fc729
SHA512 a0dd248a1385a7918fd90a1319cb82bffda200a2695b8205dd54fb04c3bd4e664cef5546e5c0418d3da61c599f0944666b23359ef0d01a2798c294fb0529eb4c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d2dd371ccd7bf95ae0b8f539509e3af8
SHA1 bbd3ea1d2805471ee379b8187562a4c6b3e30bd7
SHA256 537f552f79a1568366289572e5f82f7d6df07104a012d81a2b676cdae103c18f
SHA512 0d91b35a330dca2e07e1105789e3ff2376b2fef41a24462e090d960d5cb9e904f8f8cf715412cce2be64eb8ecfee1ad97cad113eef7c9d9d321eca491cff02b9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OD4TV561.cookie

MD5 103785b9d7c5a21001859e323b2538c4
SHA1 57cf94073945322380a6c63171a83f2534befc22
SHA256 2fb8430319fed75d9b5ee15f988a86198cca594f70658f808a39e21ad1815b62
SHA512 8dfe697925216905150ceb0739a685e15b3c1c1bf7d594730131ee4c270568621b80c82c32389609785ad21740f09f2d4771660a5e73543783b07562244e0437

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ME8ZDBN1.cookie

MD5 a083d79367455e819b3fe8952975238b
SHA1 0cccbbe8979c2fadbb688cdc6363f7bc04e3afc3
SHA256 b803a28a73e10ad90b02dbd1d9254bd6de6074d3952b217d49b8ef302f89e855
SHA512 381c961b363843b58545febe84f76eba67be987fe0f870404fdaa44dbc125f8377dcc83883d8e2317c7a971414da1225e7cf72280403fcded10022e5e2faf855

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3AZM5504.cookie

MD5 bf8b705c03a97b7ad07684ef0b2b0553
SHA1 ed59b7b6b328a480fbf18143bb700ffd87a26f8a
SHA256 7a9ed08aebf57ceb070ba6fa33841b67d694930d747c6c00e28e72ed56136426
SHA512 e7db917baae634dde1e42ba15a71b9b914e6d5f62f5695689a14e5074f0bef1303100d25c3b6fea94cd6b126780894cb5f0266faf02c9889fabfa28ca197c65a

memory/4952-125-0x00000220514E0000-0x0000022051500000-memory.dmp

memory/4952-136-0x0000022050F60000-0x0000022050F80000-memory.dmp

memory/3768-194-0x000001F87E820000-0x000001F87E840000-memory.dmp

memory/828-224-0x000002C719720000-0x000002C719740000-memory.dmp

memory/3768-285-0x000001F87F810000-0x000001F87F812000-memory.dmp

memory/3768-290-0x000001F87EAD0000-0x000001F87EAD2000-memory.dmp

memory/3768-292-0x000001F87EAE0000-0x000001F87EAE2000-memory.dmp

memory/3768-294-0x000001F87EB00000-0x000001F87EB02000-memory.dmp

memory/3768-296-0x000001F87EB20000-0x000001F87EB22000-memory.dmp

memory/3768-298-0x000001F87EB40000-0x000001F87EB42000-memory.dmp

memory/3768-300-0x000001F87EB60000-0x000001F87EB62000-memory.dmp

memory/3768-302-0x000001F87F8C0000-0x000001F87F8C2000-memory.dmp

memory/3768-304-0x000001F87F8E0000-0x000001F87F8E2000-memory.dmp

memory/3768-314-0x000001F010AE0000-0x000001F010BE0000-memory.dmp

memory/708-313-0x00000249E9200000-0x00000249E9300000-memory.dmp

memory/3768-321-0x000001F010040000-0x000001F010140000-memory.dmp

memory/828-327-0x000002C81A870000-0x000002C81A872000-memory.dmp

memory/828-350-0x000002C81A9E0000-0x000002C81A9E2000-memory.dmp

memory/708-354-0x00000249E9200000-0x00000249E9300000-memory.dmp

memory/828-359-0x000002C81AA00000-0x000002C81AA02000-memory.dmp

memory/828-363-0x000002C81AA10000-0x000002C81AA12000-memory.dmp

memory/3768-391-0x000001F0140A0000-0x000001F0140C0000-memory.dmp

memory/708-384-0x00000249E8760000-0x00000249E8780000-memory.dmp

memory/3768-398-0x000001F014820000-0x000001F014840000-memory.dmp

memory/3768-394-0x000001F014820000-0x000001F014840000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F81CZI6N.cookie

MD5 7f4d5b2bed620ef8f36b8326cb4d78a3
SHA1 2a89583734db9e3f3ea54d3b9ece0218cdfbe080
SHA256 7fdc022e0a922ddce04564b3f12d8e9d9ec25834dfa787b61ecddb2d49292eaa
SHA512 91b81bc56d0726d94d82e11e41458e4411503758afb5d22eac386d0dcc119924a6a84a6eaa147af8f7f83794c27057b0f3de4045db07216d7c0502a98bb834fc

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 1ef0499b9cac543c54c5c3b295abed17
SHA1 35bb26d7246c79e0f6f5c5de0c0d6efecb1f635c
SHA256 84981048d0aefecf04ffe6e088027413b58097b2cb37a24dd3ed8665e25fa38e
SHA512 72e7071501d9241555fe76e1c7447113c8cee83fad23c8491aa881cac8066e3b0d64c27b674937d62a314bc854fb71027152b40650cb22283532fd3b6e051330

memory/3424-505-0x00000193C0410000-0x00000193C0411000-memory.dmp

memory/3424-508-0x00000193C0420000-0x00000193C0421000-memory.dmp

memory/3768-519-0x000001F012600000-0x000001F012700000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TWNHXB25\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N8CK3TVM\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/708-547-0x00000249D77E0000-0x00000249D7800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 9658e9006efaebb0b23e66267b7b94bf
SHA1 eb513f6b112b84c907e13badfcddf925dae19539
SHA256 23addf42d3c284fb523c2a76127601459f1335151e465fcceee0ae5adaf35583
SHA512 63945307740cb266c47292fbd39565e94a4ef61d4bdda1dc2e1e8af1a7b04fdf7a2dd0b97e69822a099df4318545c412ac176feb0661579c4cda53ce6f812292

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 b5fb3ff84848adcc88c2e69f1324409b
SHA1 948fa9fa9d4b973705b7a9757e726bca6d34e5e7
SHA256 54c346338e5ea2d6a7e80bba785bce173de59186e92c42cb1c4f31aacfce6f45
SHA512 eaccd2514f45ff818d7a0837ac23ae00a49c82c8e8af1ef9a51dd4a7a3d8de3cffa052816c7eb29465dc8eb15008507f4420bc91c47f3025cd12822121432224

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1H2PB0WM\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\4il73qo\imagestore.dat

MD5 2a013faed9ca48b157afa1fde35fcf50
SHA1 117b19cd3599b930ccdf9e2d4494f232f295a66b
SHA256 224ce0ec06b055e4a5f99a11c24f98bd3376757a1e86c10cb04ae93c4e902149
SHA512 bcaf3af336aa0383f127f7d885f7d68798d4ec630be062f025ecfb477cbd534b0eedb492ff41eee4e7e6ad6cbf5742574980a28753c94f142cccbd887bd5b730

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZPJ0TOZ1\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5W25DODS.cookie

MD5 cd5cb1b28a328e7319789dc3b3f9f341
SHA1 e4d74b4b22dfa14a3b775cb4e7340b7c2af546fe
SHA256 facd9829cb572480944cfa98f6ede55ff48543e9107e05a2e6382ee19c033f0d
SHA512 a00e0b164c5eeb9b1d444dcf5f35e1e17fdd28c9857dc4a89961539b7f6bc9935a36400a021d6b96ad160806c86f5b4f476d2467fd8612116df5dad197835e29

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZMGPU3Y\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2WRM5WJ\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZMGPU3Y\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2WRM5WJ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\desktop_polymer[1].js

MD5 69998e173b8c146479488bd8d7fbfab3
SHA1 d343051522769f5c16586f6a67e045d830433597
SHA256 cc3eeb6e34a2db5a5b28937da61f6eb2bb56b0dd2eb1e26d0edf2f97450c41f2
SHA512 9c37ef552bec6e3d0133ad1a38ca422f2bc35aa0361215ad73d6244b8087761859f7f02202f2e119aa260dff60941caa48a3a818693952e2290408b1342cd979

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZMGPU3Y\rs=AGKMywFmFK9jjLIxwwWN4pEJoCiBPHkrmQ[1].css

MD5 27de37132b983b7fac907fa7efaf7c82
SHA1 4125ee5d6d304c4e691e11f18a95f30f299321cb
SHA256 ad234deaf3f600a53da0725a32f21b3a1b79fc2113c48c7a8f1361ddde3aa7c8
SHA512 bc246cca304011ac72ae73ac1ada881673c7929ecefcfbc5ed38d1b244bfeb3167a58d5a3520734adf4fb19e72edc1137c818c7a305a916f2797433cd0637497

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZMGPU3Y\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZMGPU3Y\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2WRM5WJ\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q0I6OQ9W\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4deb73cba27863488af3c495414e45e0
SHA1 09dbabe405f352b0f94e91a73198bc182f7c9c8f
SHA256 943b2703c403005cc94d0b3abf2aaac503ac70a955f9406d458406d5db9c6781
SHA512 f42976eb35b8eb306304bc15575ceb29cbe000254d238cb9dcb90f1d133e035833fc6b8fc4fb2f96cf0430d4ef840881ace26ea4f99ae9c09d466d368211f263

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_FFB46CECE484AA2EE6ADD02001DDCE14

MD5 4b11f7dc446e3661eb9b58bba44ca5e6
SHA1 3d53554a3ca71b98e24591094c22bd85535d13a3
SHA256 5d0115a1d1b3f14794d198b2c6c4934c90720f98f8d73ac304aeffc347738441
SHA512 003ed225f6bc32859fa8babbdef39a8903b8e0692ebaf4db40cf60001d7ad4975cc07c90662a8923750d16ab5dc004a97d42f58982f9728dd46cc24e04e3e3a5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\331P63Y4.cookie

MD5 a81124d5e2261e3fd14986f14e485dac
SHA1 2eda30913a71bd27f8edfa37839811457a422fac
SHA256 bd44cc03fb7e9638b4534648aea9ffb427759490d9eab7f7baee2caa8b249598
SHA512 50ae950a8818c4c8988a280b63981d168f2160676979941c6bec0093e2b7caffa6f8a3a93a9d06c92a1d1236eed000e2d6149659f9b6374a5986f8cec566c01c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e8e5c0f2698621f0ea2b596d9ee1d630
SHA1 c4dd0583c1cf53c845d540203edc89ef8f42582a
SHA256 aa5f9ba4d504d6f42f20fdaecf3a37757b60c03d0fb0c29ee270bc7780c0758c
SHA512 3857ad72712000f359ad0737031f46a34f7c10b53d3d6feb104a59492f4b24734fb611ce4eace312a6feba65f27ad419b36c4a57b52af8dcedec251ae3d5fead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\datareporting\glean\pending_pings\f1cd67be-8119-4f1b-b3b7-f9b8718e53d2

MD5 5b0c90ba35e2527cec5c0dc495d351d8
SHA1 6057c13095806f22d190d15e133f8b2b8b58cb01
SHA256 ec0e6b8d00e505a905794312543a4ddfdd8974ee46e4ef98a0f95ad0b022cfdd
SHA512 cf0d0501e3c1f3d6d12db4ec28f9cefb2da35101df26602a4ac4e7485d9df986db445c57c10d173e2d211bec8d856caa8450961cea19b11c45258965504ec09e

\??\pipe\crashpad_1492_WRDYYEUQIWVXCJMI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2d411b852df23a9ec8d414a434042aeb
SHA1 3ab70fa30760842e8c552f035a63f6809a039945
SHA256 8edb6ea7e539a3735833d9a756675caaac9f78a672cdba76482cf7a98d95bdfc
SHA512 65f14b937a6826bfa3ac5e604aaf72207f54940e5a077989d4521f6250541112bbf526d6033ac307d2160b5e58b8e037de371237718f62ac860a958a36363eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d28a0316001e13139bf48b0a5e41d4be
SHA1 9a5e67cac04149ec967794e2d20e15450bdf81e2
SHA256 9756f3e93e49cdb40cf01d27354dad9fd0e95ba8c3daa5291e43f4d8633fc2bb
SHA512 bdba950658c095b9ee971378c6e94e48dda989cd397a8bd2d359343982d1c095fb0b974574df7fd5e5acb8e656c2fe0ceef9d95dcc57a7891f42c3731fc986be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\datareporting\glean\db\data.safe.bin

MD5 fb06963f35a5464fe8f9fbe82c059a56
SHA1 82282feea39a478a094fbb34f0c1d338b014aa3f
SHA256 e65b1efc1471c4c96234daa7becfbac6a0accd32805c0d64100b1b700f07b3e1
SHA512 45be0814b31db234f4e142b57acefb816faf5e3738fbcdbb33119879f66e1850b5281f846bfad894f3c1872fdaaaeff609ddb23a5f4790806a14972197605f84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\prefs.js

MD5 b0da747d00ff062ab1a99ea05ce9d04f
SHA1 e0946f6daba15b8a0f96ba1e8808047a80f69c12
SHA256 0b0c5f427040ebf863726a77bfa1139ccb4f2f1256945a95a2b1fa0356647444
SHA512 c40bd796056e948181b0858f45b82df8220a462df59004236bfc30b8538128669ec465ecaf05d16aae25cbdbc992abe52ce1b3368ed3ed9f60831d2399b99821

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\prefs-1.js

MD5 83f616079234d7dcd2f9af308679d845
SHA1 6563803b4c38a3bf3f31617d5f20c69e333b8d25
SHA256 9a7d8b063336d8875f2e4ab7dab91ebf34bbed9fd0d35cc47cd3798b749ae095
SHA512 79e4fe704b25a266e6c41c5bae247ba946599407e46b657a09f35caf62409becbdd2a9fa30462721d88bba645d86ba8b4354d2623f57ef2090e379886e742515

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ad4aaa4a67e8a6228ef0425cc69562f4
SHA1 b5525e1544d027a1f46caccb96714e0ca329e542
SHA256 d461b4d7017b75bdc33725df5a670b6afa1207698419a95af19a09d9ea5dab1f
SHA512 bf6aedb24f1e975c2c118cfff64fe8363533303ee6bf6718366b8fe540757f582458b88933871a4259b6eb946118355f02e27ab363e928bdf4ace2fb6a6a841c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 82816680b7b88aed6466bd34682cb41f
SHA1 40c83ea56a4a0e6afdf12cca7c351e26ab2f8964
SHA256 6c8ce809ba41c6f1daf31000e316a3450c55181ff95111063e56784b39ce6e81
SHA512 c8801242e6f8d32f26ebcbba0a6f0aa35f64d723faba4317e37fdc4f529b97089c262b79e456ab02dddf83a9275d719469929a723a011c6123e2c86893845f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57f8d7.TMP

MD5 e1d7b32d785d6c3e36304d5da0ff3b74
SHA1 99f029a9460f7c589fac062443f661cdf47f5573
SHA256 8e899dabd5fed33d91aa3ad7d953e927ff8524498746d532643cc4599c16a16c
SHA512 615d79401593f3b808e177e98fcd2c26558c39fdc871ea045883473efca82dd707f3376ef8adcf4172ea02e4810acd63c251c3440519ca302f47015c4705cd8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a33533ccd0e19ca12dc1d0eb865b455c
SHA1 3704c13078e0afdace2322cce5fbe1e19a026287
SHA256 bde2c1b8152dc087b18b82582643fa957a4bec1368101704f8b7ebffd77503d1
SHA512 871f7504701a37cd93cee3b7425b91a8fd9d08021f88f98f78ca42105cc6a56a5f16823eb05774db34ecbd2bdc441d61e9df59c5bf6b0837090c3bff337456d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 39dd3b4c498a22560cfdf9f6a48cb272
SHA1 4abf441fb97b00a16f350d659983ecfc746f1bea
SHA256 bed5df1ed4ae50cf49783330a9d5e16becebc8070c5a19ffb2750b4e7d3a10a7
SHA512 2dd35c2ee82ee46c660685a0fc104f04c22b52f7952c5f89f2c2150247157eba191bb9a4053c162b09855490fa382be5a70b7f3ebd3e50cd5d26d7d364fdab24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 9269cc6a1bc02c8997a2486ff42086ac
SHA1 5c32d2979f693dbaecf0ad1704f36d3178dc14aa
SHA256 5f8f55d5c1bd86a5301d483378542973bffe798790e476f304082e16351c45dc
SHA512 c9915705bafb9af8ab3527c10689e40b8847dd8d0e58fe4938ce09fc1bad7469b652a2f6ad7508d630c1e2ac0ba788a697a8e5cb844bff60f9ec0d72b5d34410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 b92f07ec192c3ded7a920bbc5b1493d2
SHA1 c9cabcab04ea5264b97b7b0bd292ad95bee38abb
SHA256 1615ef7eef1f9f770eebca18ca117d5c8eaf2e96b547ec08464105a0033e6d84
SHA512 486504fae81f52929a1f9d3335c804499eeb1de1b976e2c3f83a3264a76ebf754619dfaa2422055a0f9dd4535daab95bc4f3a517ac446b498876442dea705528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 339ae47bf92d6cc331615eef614e60c5
SHA1 55648321900147a8dcb5a1070d00ad35d601b454
SHA256 de8ab38ddae6d5d0dd31755388ed6363128808800becd9dd31a90b3d6705db37
SHA512 fee190ef5569a502ed440c653025f7604e58b87ff1c88aa115afd91a6fa887b75fa40fb5f62eb8afdd8db90ab4e9e41e739c6deab4f460ab2b1693ee05dc06c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2fc7682a6aa37c9f02304ac346a5b57f
SHA1 8bbe932eb95accfc253dc1747600f6d8f01b6738
SHA256 33298f77a92558036080b6fe427a22c42a585b6d63774a4ea73fd48826c10685
SHA512 6fba4f2edc83867d229049909335c4f1e46faf3e07d13f1a64e12dcbb1bdc700b082e5a6688a6e49908f9eece9cf7f968b63bdd90bd9cc27a65d3583f0501192

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ER61J7VR\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 404483093f274395ef59c53e0d7004ff
SHA1 09f3aecc4d33b759f782eff7d4036e052a8c01c7
SHA256 24708e9b1ec500f24745e5f20b8839c28a80b562364551c1ee9eac1f5e68a3f8
SHA512 b7dd3f0680ab669ab2decc68989ab7b924b37f9f51cb2e676aa7f1dfce8a1247dc6d194794635dcf36e60b79a201b9f85f5d967c90995eec13b681dced5d766a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0503ba0058dac9743753e0409dd4133f
SHA1 818a53727fde337030eb9033974a4dd5335d18f8
SHA256 ea184087850922900939c436a40780ab72508063ea8919f3180b41b7d3072b75
SHA512 8bd46ff68540b2a09c0b4374be7961cd6d9c3be00e43018d647f26c83b63fe15a5c62b7bf34785188339d6d140aba13aa2b683e5f6fe224fbd00810de6789921

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{c569acb1-0366-438a-8533-10877b7c18a1}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\storage\default\https+++www.youtube.com\idb\2495831904yCt7-%iCt7-%r0e0s1pfo.sqlite

MD5 d4056a8778e5c203924c84c079553579
SHA1 126ee825b685f03c149be9a1305293fdf6461855
SHA256 1872aa2a36d64467f9a36b5c2a7b6bc49ebf751869540272f6481704dd675d07
SHA512 76f820bec1dee401efaeb59582b845343ea8023e3c717e82663c4f7f6025adacd45462c52dbcb2c430eeaf08dcf1357bb0ef9a9476f6860fa054fde28cafd386

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c1baa702179ccd1d6b36cc2a5173706b
SHA1 8f8ec0b3a855e0d5cd38a4f0ba5a507489591da4
SHA256 d7d97c25fc241ba1be026ee88a42a8e37e1b4665039eadf08111bebee9e1e6fe
SHA512 30e1e4bb1d5054d6f378c74e4d3e177fb3e5318c733ebee9774262bcde8e126ea9c2ae303fd71d801c312f52d9f1fd939f8333bcc32f08872f85a9c7be9d5133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80bdf1d3364865299cbdfaca3e3ffad3
SHA1 eff57b7169bd430354a434571eeae70caea4dbbf
SHA256 2abf44b6de3a447d6addd680c806f248197863ab88292a4b66ffe7b4f8e05e9a
SHA512 bc876a2a0c45e05dc0a417a00f2e47595fd601a93bdf7975abe9ad736bebb456703aeeac1cf1ad32e1e2196161d7b2c47e6a49cce3134a0f7c3fa8ba6c369bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 79bd1c42b849f5622177d68e7ecc31ed
SHA1 9738399b6093b614d51fbac01e885b43f5ce6286
SHA256 9d9622d411d9f9a6349b485bc6423add00f7f8a6bfa3b99754bd6d50fb056ae3
SHA512 4586d854f360e306e67a73975df5f10d3350cc5b644ba669e0188389feb2af6870871c7a3811ce7aa2741847645d4296ae4ed211b908a376f9dfec25fb8047ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5847e1.TMP

MD5 e2add0bb2c536145e04a38c3a57ce97f
SHA1 ce9dbe1b95838c8a3e1b6147db4a352b86f5e606
SHA256 2cbce10933b65d9ffbe914dd5a54b4e20a04d87830d72261d9fcdde372bfdb01
SHA512 09213551e37b7bb45e5767cdfbc8dfb70dfb5a9996d6d6349add923e24f7a9e69fe17a103ccbd9fe01a28f09323c1bf391befa635e5b20875cad07f143cf3807

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c5c6b4b4a57e5c26bcc75a790a8f3022
SHA1 4147e70fe17c35e2485297e149b0bf266b1ca47e
SHA256 fbe3686778a4ef1faa180743bd366927d661caebc5d3039ba746159cf0cfaa8a
SHA512 0f170b304bc561bddf7934236f98bf324b8ee025efecaf93ca92a9d7726bf0fd4a8a9af5f454a78ee33e0bede38ce59c49e3014f58589e0bbc711e3a5457def3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O21J0TY9\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\prefs-1.js

MD5 98c012865c5a9316e9a5c28df47457a2
SHA1 4b3c8043ed5558360eb5b0af7fc43e6e17abd84e
SHA256 a06ef473ab4c88ec952d73c6c42c0d2899b02303334573535856cf0c8a0b2d0e
SHA512 e33702ae85259b6fb70e8c525f5db03d5199ca4871bc11aed553e09bf15002f00a47088723014d7942c342589bba1424e884c4e14083ffd5e7f8fc22e7694291

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 7a5f2fa4f98d80dde106e6b9883a59dd
SHA1 855a290581801c8a254396d11701547466d18618
SHA256 5f07e27fa190f84bd7610a3c414f75bed21e87476c3d7cff1a09ec9e5348e468
SHA512 3eca007baf72da89f579a1e823068777e7cc3dd4fc32254a1d513b87bf06c42a34d8881c5eba6b16a475860cae08c88de07f0893be331ba5053274e63163ee93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 0f422552ca685eca42e38eb4af6c0cb9
SHA1 65194f36144fb842f8b30921e6b3a935f130abe8
SHA256 01bb145777c1f7b2b774ff10f7d661f3add64f47708448c7db3fdf92159744da
SHA512 49aae79d34de05cfcfc2be29d96fef2398787adfbcc203d2be44528e94e5f64d2f4ba36da19a18d5614b9b3106149b921c2248090ab7f4eb6dde491fb6f7fa4c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 21a6fcd6d1fceafae106bf4e00c4f903
SHA1 cf1e2535e11b394e2f4b24173bd9527bebe3d481
SHA256 7da02ec5e8aec1074359472bf7b7de820ddf54494e233a4c907a410c18f7737a
SHA512 1084c71f5c4eed2e17079d5709d2456eaebec6ead63d7cc2a59b7383225aa01cd53f9108ca9a247736af09d65c2392902fd12c5f45b2bca191e474ad3843416f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5cgoe7j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d5c9dedae73198230df49b4bed5f3b27
SHA1 0ad52d7c51b40810c9a92f8d1f8e2c791abd2923
SHA256 3a7e60975f00fc210976d04330a01fe073a31ba088f34c85d889d42db3aa48b3
SHA512 a4b96c65b0b6b1305e406871f041e0bf51d74704e7129b78b25469012278305d9af45ecf78d42f89b35c7e1496c43950f283d74ae82a822772bcdc9b5e36c979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a96da1464611eab403c7fa7aad64eaa6
SHA1 bd3aa549dc6fdda910a9485a8a31a65d88ad2768
SHA256 dcdb15ce3329f480775035eff9f353709d32e31c1488bf7a2b61f0ba2f627c1b
SHA512 a381f213b09c01cd27b1784b739a98af014e5bab2b69f463552fcfe3439c76cc1633a5657f91d221aaea4c4f0980e2574badb8c601d1af295baadaf6ad8ae897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1103c53b8bd67bce553b00ecd91aa185
SHA1 40ddca43d408a95a515fc682811d563f9c1c4bbe
SHA256 53256a4363df2d47f8354d47547683af4d112d6e5e1585f9e111c4d6fa073a34
SHA512 1f5ed3a66e4e292e06f6dfcd6d436b60dab3b3a572885ad47edfcf5b82619f5f4285d6c5ec4aebe1f7d3664efb5730e1cf07ffadf9e49a4b0a9a4803e811ef50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 65620f77966a46d4cf8e6c932761160d
SHA1 3f142ad73190289fcf2f219dab50bafd66c11d9b
SHA256 8aafb691278d4eafccf9f39209232c75d01ce70d8339a76969972f98a21802fd
SHA512 6771cb8991b1578e7832f4712e1635562aebd0c8883380b0fadb1b4e134c0f31ddb655dc1dde2817470ac8d4c90899890fb2cf901bd4f335b17fab4b7100f70f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 80564e067d8a4015d5f412b904093ef9
SHA1 1527f809071ccfba0f39089a2ed10e68fabf657e
SHA256 20f5ed7659ba8a37ed2825e8845e63ef59716fa8414f0c05472d113bed2b705b
SHA512 314779013d6a789900d528a0bc76ee6287484b9fa3ca47875db7071360b851bd73937c1a76aa0d8fe3e082c091dbb2eb5470a15fbc058bcbac96af81ab0f4fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 55bde7e97ba43b61dc860195b2f3362d
SHA1 889b140cedf3e356564983120af945aac2fa71a3
SHA256 f4abe9494a67cde99c0aab55cf0b3e4a4237348c0aa22b5781b27bae16038576
SHA512 c311829f1d529acfa04a78ed31f7030bbb1992b354e49c6a1a893e7fb721ee936e7ffe64b02d37df3bd501bbed7feb0c409817606e72e8bcd2a2f76d43f90d88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e1e8c2a4-bf84-415c-8ec3-627f09dfa776.tmp

MD5 c3e238ca49b9404937398b1feb9c26c9
SHA1 a9cb81d0ae1b34eac51b4b2ed06e79e3bb48daaa
SHA256 4594026406f54e190f331fa4cb5a6c467448377ed44703566fdbd835ef21e821
SHA512 03e24a3b10e5b25b834a601f3fe72b1e40b503c903b3250a283e5333a3a5860b3deaa5b719ca418ad61dcf7e3b43e9de1cd68a815ab7e14531ab1dd1957fedbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 74874ea200ff502c318785a3bd108db5
SHA1 9d62d8d38b6c9595e525012f5591313ea99e263f
SHA256 9afe40465c7897a436c9c848337acf7496215a8dc0b4a0364d1db369923d2b03
SHA512 2ced724b39ea30096944ef03e8a7480b61362c82310f4a45d4481a5619c5ebc773c82bdb03ce9a6eae655185893fb1ece567b23bfdf6e8abdfdbc68d2bb07468

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6b360212170fc5598271d8f2dc838c69
SHA1 619924ddf088ea7bfa71d33c1981a117488b4e12
SHA256 e58c7a69155b8dbf66c19fc322ba31f2efd20caa628d8c8456c3f5fb710093c2
SHA512 7e21cc1a347a7ee47524a6398ca7b1491c1b1ab90e49f9d86cf308b8bb5455d8a6334c1dfea63b9d9facd567ededc390d0180edb93251290f5a7e0a53022ad44

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 00:04

Reported

2024-02-19 00:09

Platform

win7-20231215-en

Max time kernel

60s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003bfc434e0c3b1ad3bbb46d34c020c5dd368a27ce6a4071eb2d8535c1b301ada9000000000e80000000020000200000009dd4ba69837a13782734646dbe9b66f44e281a36088a174921a6e14bde9d362090000000c3e33564a567e532cff6c3d96db047ddcc4dcb84d86ad5b606b1a6199972f268ce66ba952305ff94f18b0ed4666a7f0982df526d49d024838ffbeb00f3252c61f14a4fc8210aa5fe1a65f5f69bddcec49e78ceadfb85e30ea448d75831fe492e1bbe1e72e783d426005d8057a24ce1f68f2202c664dd267bb75f5d63852031007e0587b0fdde6f9bdc31ca145094f1f4400000003238093f0c279c35cdc170dbd027976f2fc862fd2dd49a4f077b3b2edf4936bd6d13049577792da5ad4712b93f5be125fd89125797c3e5ae53f5fef58d32b176 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6629E2A1-CEBA-11EE-943A-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6629BB91-CEBA-11EE-943A-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66229771-CEBA-11EE-943A-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2184 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2184 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2468 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2852 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2852 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2852 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2852 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2836 wrote to memory of 2316 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2836 wrote to memory of 2316 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2836 wrote to memory of 2316 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2836 wrote to memory of 2316 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2184 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2672 wrote to memory of 1828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2672 wrote to memory of 1828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2672 wrote to memory of 1828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2096 wrote to memory of 2104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2096 wrote to memory of 2104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2096 wrote to memory of 2104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2184 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2184 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2184 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2184 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe

"C:\Users\Admin\AppData\Local\Temp\bdd7da30212e7f17348320388b7747258e9423c2fec8b5da8a75a1947077da80.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5e99758,0x7fef5e99768,0x7fef5e99778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.0.1344972655\1574817219" -parentBuildID 20221007134813 -prefsHandle 1152 -prefMapHandle 1132 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0dddf40-4ad6-405c-a84d-c8fdf4310922} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 1304 104da858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.1.332020355\688496428" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4faa65b0-1527-41de-93fc-cc87bbc08beb} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 1520 d72258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2040 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.2.1549318328\2120167628" -childID 1 -isForBrowser -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f57b70a6-d480-4654-b4c6-3c174bbe8278} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 2416 170b5858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2052 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2656 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 --field-trial-handle=1296,i,8370556704191221108,2423392977089300682,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1296,i,8370556704191221108,2423392977089300682,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1408,i,10397192815076610098,3493055481034509187,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2788 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1408,i,10397192815076610098,3493055481034509187,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1320 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1524 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3444 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.3.1472290628\1634871831" -childID 2 -isForBrowser -prefsHandle 2100 -prefMapHandle 2160 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a420a24c-abb6-41d8-aad8-4a1d2064034d} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 2436 14bc1d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.4.1206684654\630273902" -childID 3 -isForBrowser -prefsHandle 2168 -prefMapHandle 1844 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de35c8e6-493a-4081-b2f3-542bbf67a072} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 2176 18148458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.5.471972170\635628231" -childID 4 -isForBrowser -prefsHandle 2816 -prefMapHandle 2820 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd059191-fc90-4231-8499-01ddfdcff0fc} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 2712 18e08458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.6.555222324\1743523231" -childID 5 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c86ccd9-9054-4647-8062-e73385d1aa1e} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 3556 d60d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.9.460084592\1799861184" -childID 8 -isForBrowser -prefsHandle 4472 -prefMapHandle 4476 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a258e1e-f050-44b2-a2e3-c978e59a4628} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 4460 20815b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.8.769547697\1762881245" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 4312 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cedc3e-20af-4ba4-8b2d-01efe35df7bc} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 4296 20815258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.7.1200205253\446863754" -childID 6 -isForBrowser -prefsHandle 3432 -prefMapHandle 3472 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {697daeee-6e68-4066-a38a-73058a9e2dd2} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 3460 203cc858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.10.1153961529\21072539" -childID 9 -isForBrowser -prefsHandle 2116 -prefMapHandle 1708 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73d1aa10-03e2-4414-b354-eb25b4169db9} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 1880 1a0a8258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3980 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.11.1375839760\1644185666" -parentBuildID 20221007134813 -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26136861-6433-4906-b95f-186e5c73dd69} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 3512 d2db58 rdd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4380 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.12.901603209\1506953511" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55d6e14e-bac2-4334-a66b-bd3451b0eaff} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 4744 d5e558 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1536.13.1146262712\864559570" -childID 10 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 552 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43620cf1-8875-46f4-bbf4-4d75de0aefbe} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" 5096 203cf858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1304,i,1167047711273593209,13227977266766640766,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
N/A 127.0.0.1:50189 tcp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-npoe7ns6.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-npoe7ns6.googlevideo.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
SG 142.251.84.105:443 rr4---sn-npoe7ns6.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-npoe7ns6.googlevideo.com udp
N/A 127.0.0.1:50203 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp

Files

memory/2184-0-0x0000000000B50000-0x0000000000B51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6629E2A1-CEBA-11EE-943A-F6BE0C79E4FA}.dat

MD5 b5c834d32006c8e2813826402cd57eae
SHA1 67950bdf2e6e54e6a680c898c47c2eb312d0f3b1
SHA256 373975a867a3c39f2082ada9a3d25b1d180822c322d95d1b11981576378c690a
SHA512 a504a941273644ea2c47148270d0077748cf2139787d2568beebd496dc2fb8062610aa45a429480281ae46dd42c7f4b79a222f0e0e67b0166c87c35c4f925932

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66334111-CEBA-11EE-943A-F6BE0C79E4FA}.dat

MD5 a30cbac7a422976c19bd13a1dbe380b7
SHA1 9d0139674838ca61ca438a28465f46224f74fc88
SHA256 e7d951d0976a564af912b9035c8d795ca4a4e6e3f38ca316b6a80b93506e5cc5
SHA512 dd0d4494a6ec3f2d49a8100890ee3bcb6cffee25c50b13972a19c998829b75374768d9952769129e544281350f78e5084c19e9bd530ec984c38dbebe7435a06d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6629E2A1-CEBA-11EE-943A-F6BE0C79E4FA}.dat

MD5 5d9a7053dd94f9152d19b8e6e104cbc3
SHA1 c7f361e2b7bac27c2fbb869daf84d7572be37b89
SHA256 5da2b9d968f8e16642092195845edcd87109f0cf1abd152e80f6d0a42bbb9f4b
SHA512 8d07367afb7eeecc6b65b90a529a44e39c9a1a503c08c84bf25e84c96c8c2191c2e6da2bb2a0d8747a17c9f8b55d7136bd7fe07005df2502ca2644d316224ad1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{66229771-CEBA-11EE-943A-F6BE0C79E4FA}.dat

MD5 eeaeca7adfa67c613d91a0a4276805f7
SHA1 8f2abe79e2fa9f62a002f40a0928fc4840f11905
SHA256 ffee7dec64e26ecc30bbd75a53e078710ad2da1897d8f745f117566e6095f3ae
SHA512 7ae312e54ad1e824d07aacdce521a3f0549192acb6f5fa1f55615fa3caf5b11002dd596d74f909c5b9eb1500c8eacc96f1792cbd90b1956f0da57cc58bc15c21

C:\Users\Admin\AppData\Local\Temp\Cab7A8F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7AD0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9da3b5b4a894c15d1aa6d3d5da27ee05
SHA1 0d16e87371ab9401b56eb65a272347758566941b
SHA256 5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a
SHA512 8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 517630139eb28834bf0357e442b03a83
SHA1 23055a8646e3d2d81dfa01e60b93d06927c789aa
SHA256 84930943a517b530fa370d053724c217fbe16743d8103925bf8eb5bf42476a9a
SHA512 1bf59408412404695032ef2c4f74879855089bc97e39a25637227f515eecb98639073ae1209e54969da3d98ae6438c7676521abbbe6d9d11598952b124dad237

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b39e1aef96d4f2c746fe3245099c407a
SHA1 16a388da091c31a039abe117f41f2445caa00b42
SHA256 590bbfadb51171b73edd71ed059f39175943fc5b72ec5f7207d34470ece26e9f
SHA512 9dd144c43b093c1e643250c66f152d552ea5f07a0d9640f3fc9206d3760d9b5c5132f5a7b2cf370aba2540216b2bb28b87cfc67831d2a77b32422c53216f717a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d094ccb7d06da665e4dd70208946d25
SHA1 52d5037b96187db3c3f310b286b4b49a491f934d
SHA256 aa1a3c8a11f8a849e1a7ee831fc36861bc42d7dc8e640ea085fe619281355b5f
SHA512 c344136f727a62db5a68e440e5f4e7839d0ecc8170ebf0cde8d5f534d56cb577c475e77e51ac8132a42228f7aa93163fb127a57507b1ca937c3e2a04f9def0a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a9977dbf50c960c4b006a36188436f1
SHA1 5e0a2039a81af3cb4cb9b65a62bf549b10cd5e5f
SHA256 758f89dc2ac55fbfbb213da986bda83808bf66884ef05008f0851ef6f96264cf
SHA512 5e588b7fff70c39ec3d8c7105d6b8aee222ae15377e94adf777c536dfae12b0a3d552cbede76ff2615b851b0debe6b6971b617f792cd5b17406ce26c74771290

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9073d4410e39ebd955f86fd080d14601
SHA1 f21c8acc3b97ae6f9f9ee7004c9f1647d2d6b5d5
SHA256 74c9f05d696416683ba8ac2f3eb49ca4bd245385c3753354bcd7aed705973815
SHA512 ca57d4c7434a82696144ffe19ee9077d02174742dd776063564d03aba5f860513906a9c26a71450f6c5d8073b15aea9962ea25249b8cbbbc8d023ea766328766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0db3afdf0d15b4053ebc6a4e87100296
SHA1 2d0dd8b6aeaa54c4ea1251da6702aae6da7d7c7d
SHA256 901a11abcc4d2dc88bca4514ad48792aff607d0391541f6ba2d5f6630468e82b
SHA512 1b00f2e7c43fd092d5cf32e71737ffd4126b9c6efa06fb3eba313c9c489e84910229e4a60c9f2518f382768e2a8c31d4c8034c1b88d06b522c54a6c65498929c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90c05178b156bc3164f349b11a0224d0
SHA1 cb8db88289b288f388a6f153e373f1ef747255c4
SHA256 d1a62e33826a9868d94c57077580bd790f919885715173d4e8b822b768ed8eae
SHA512 bece78ad49b458065a8add6c71e7856b73d1a5dcc0942a5aace09a46f3abef170582ba2992c7c2fcfa3f2e309ef5d4048dd38dec38c2031cbc96368f522b4961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cce272cab4b1a5744f1f32ea937b1a2
SHA1 c10790ee7d5d7b26921bb4cdf1cc284b0a716da2
SHA256 fc90c7bb2f194dd3c10c9e924415351fcb714f894e0f0da66bf6c8e48baaa859
SHA512 2c0838b668c97727d10c8ab4a1258d0f0a4bcb2c72f0196ed33c3b049a199be719842eafaf1be08ee0deaf30179ab0cd0344b818d8644f7ed8d5902eed056282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d52e64040b072347e6e6efd1762273d
SHA1 5d1ee2c87c6673619334415d09adc76ec02be6ae
SHA256 a397fbb08ffbed6e7148dda6a9a54d9a15f3d9e3d032ccd066d66fbe7af82602
SHA512 46a515a3c406e227f9ccf6fca86f343f61fd6538a534e03f009d289f4787cd0aa217da94605e76e5a53da205ae92f3d7fa5e030baf6ff81e2ebc40a33771cb6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 0d475a764f404e231206bdbc20392613
SHA1 08adab374d681c8a2e385dc1aab1f8814a646d0c
SHA256 dbac3ed47e9109bf3dfc043aa2051749ec60abfd9491abda7dc840785121907d
SHA512 49b63bf4ca2f0e5fa337d1b1cc257690bb14388c19476893ac4e490e3eca9ab1588fbfd1842ffdc550c72decb593950643017813070c0fe7a7f685e2254a9775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 05c4b7dc4bf3fd79acb01710961194a4
SHA1 0b13f2ce51870e81599b7f013d50d421f1cbfe86
SHA256 8708f4bd5037762f9cff94065e5995977d11dc09b8070f175da4e18356ec3a15
SHA512 4cccc687689c231f146f9881a958b33a54483e350d26fa75d5aa08ace6c396c7c2236a50d2af21c2140fe1989c1aa2b9cbd8f37f80353062a3ed8894e487dbee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C

MD5 94efd91445b750535d37f4e92fc25462
SHA1 6d4dc9937ef1189155a55fb63bb7dde9af67ec8c
SHA256 7b76188a17e0bc00be39d993abc8bbe0a34a604f97053af1329b2e26420380ec
SHA512 4d8efe57f2f7f65fbd52d87e82bd10395e41dd3e0996d3733d4906a5a6144c40339f6f5ba6ae69ff97a818e0e3242be2e71b59872cd845f4039ac1b026bc14cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 8bab12aa88efc06d98e92b1dc89aa36c
SHA1 9899f1dba76cb2562e67561798362c5ca2ca701f
SHA256 0b4108e13a8d43109fad30c5ff6f23b67aef22ef63054a489bd2b1540a25abb8
SHA512 8e83231d54b7f0ae326bf2be8cf44c787165a2d61d2937199560e9c73210d86b539607ff724c1895ec9c73972ae0ce9b507ac42c06945652a843229599ec70cd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 95b5a3b5c440591349142d43fce9bd37
SHA1 5380f630566a4baa1f0a4dc0a818a63fcc55db1a
SHA256 65d3fa06b890d687b7df6f477f8876139bb3a26a38918b487340fbc92a4dcf3c
SHA512 bdfd70e483fef7fb56a3894e63d89564e135709e1afd30f8b176eebdd2c91f4c300e092c4ba3f1301277ba664bb53d46bca2d478c1f6eb63a02bb52e5daf2dc8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 c401da825aa2d30388f32181eebaa687
SHA1 94d873ce653fc496fb94480dad281e58180acd8f
SHA256 54910337377a4cbd1decd2217efd375b5becec13fb097a064ed3c15fa616f37f
SHA512 20f652a7efddfba1214e639ed1bd1f1683cfd56dbe1dcb053a9ae6033ec841c705eea4a2ba27fc447d955b98b5e08d90d3a69477e08eb117fea2faadbe235923

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AJ9L97QZ\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\693KJNMK.txt

MD5 b9cd9528227f3c6231b22152c02ce84a
SHA1 c35a829178830a37afaf8070d7d4cf72192ba6ce
SHA256 20a0bddb8d9a7b8dd466468512e89891e0f3599fb5d6b849aa7eb16646975b69
SHA512 65451d5832f74c76c8b6679d93f919fa695a05a040085d6614c02859232f0798e553ca9aabf936922cb2abbd248f97c6c2804a005704730e6e24c6e4fead11b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 a3cd08eb3bdead5bcffe5edd8b78a445
SHA1 0690821870aabbb491ebbf25ae7707de62336f3e
SHA256 e0d5059439d49458ddd35af23f868747e1091aa6f3c685d2a72d88d1558d2ce5
SHA512 df398a4dca12353bb87935f5861ede5cae5da3162e7690337e81c9aac6c6ba7394edf46bb4c87ba9f3bd1935a601c35cce1c25dd077e29303211e0b35b9b7ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 edb2e01e5b4870cad92aa42c1f638530
SHA1 451d86b42d8e1a2c46c279578622559247909df6
SHA256 e3576b76971f726db1a921715ce50b05e77b98dd930264c494cc684107571569
SHA512 4965f4070e01fa8d61c8d74b5c0e353d7d5575617cc3d2a3589a37fb1fbcf6630d980f4c7218f934d85212fcfd841fd1b80392a8120862c1dca80bde92dbb72d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 373dc37e8b7a5702986888cbfeff084c
SHA1 5f116bcbd83b49c6e82a4fb756f393ca94f0f006
SHA256 17e990c1c4ea9af2216999cab5e0910859367b1428719b177188d0f1703f5fb5
SHA512 0ef837c62f42f64c67cdd2898b168419ed8134136086241ce83fe0e1b173f2474b82632f2c3e3b93c2d86dad4c298dce1b49b3e1d2d96a5af28595c8ce36ceda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c150c42bf7219aca80d087af0a4427ee
SHA1 28fe21bf00386b4566021bddb4f20a3c3840ec9d
SHA256 e98ff0e384eb8eefc140f2a2c573f7d7e390845ef7d1343676dd742afe6b672a
SHA512 e181085abafd1088b44c5857af84f003cb6056543aa97e352e5b5a5fdbb73ce0bd69324bb1064b5d15ae6a0ade8fa86e1d7ea66bc785d2db834a08155d61a632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32a9e5dab093015e80a776194b6dca5f
SHA1 450b0add44ef5d08622289846f3fba5a75a4bb4c
SHA256 924930a6f29e1106d3c1b7dde638c7030631b77f0b434471f3db2c351da81bb3
SHA512 4ac9494dde73c8c2cd07989f2b01047c5e06c2ccdba53991f2ef1ba437b2651b358a449cb985cc24233c2fe6c053193afdd59aeefbee45f5898869816d2fecd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cdc77d6dadfb08bbe5ce543007fb450
SHA1 951eea6ecb63088b5e37403e2e509ce462cea749
SHA256 6db5cbbdea99a4edbd77d13a90457403cc0c962bfe73086884babf8e2ac4c7a8
SHA512 e695601cf430c4c9f91a43310a4adf2d27fe53cac788f46079649e2e1b2a1fd4e5bb0a0d3f6574471a79a521b5dc146005692a5cc59beba53640ab3f2da55fcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 551f0582d658947b755568102541f6dc
SHA1 be9fb64e53b3f43f58755a69ffd725845c8786cc
SHA256 30c655bf6e62f34c8530bb837167a4025a956021bd9eb1ade399ac4f159838c5
SHA512 1d583161d40ec6b2ebc100e42e6b29a1c41fc7138d6118138d76501ba9940cbc212d631cbff989fe489666a4b82726395f6ce8fe5579d53300524974c6d3ead4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e5c2f5269e972013b3fe51d31b3d5a7
SHA1 7c5347f0ec89f7d073539250167c2c6bc2e0b14b
SHA256 b38a382dd748dbac022dc5453f0191fa120a6af1a777a084d65cb19153ed5900
SHA512 0ff82232c464fa8f21b1f1495694128f91bdf796d4211cdaa37dc7efabd45e16edd06e7cb45aa14d12a2d3ea3738f3467913b4f52a4cac71ecbc798e3e995dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dbe9fc588fe66935ef30e1494ffcb44
SHA1 e1d292cdae5459ea898f95a0eb60e271ca17b9c3
SHA256 a7ac3c785b84d3ac0b922c9e0303db13b803ebe356ae5a0018e93302fb843601
SHA512 778394d41edc95b21bdc2fad4a44ca10190acb7d7dcd3911b6244dedf435297dd77ea8baf7a76d038f56a5172e709268a11b34f552334e604788822bb66432df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0967dce4c896bb93c6bbf2690dde3ed9
SHA1 e89aaa21a6ee55d72b43bc31517f2c5cf176dbf8
SHA256 e5b54f6e08d62c945c74ca14b8540b84bf78ac2946a9a5c6f04ffcd63ad7ecb5
SHA512 72b5f29e4f8d4f7c467434f8f5ad23f6247c9c5f3cc79506137dae06e7361e908fba27e17205a4a008c92fb2c2fe9fa3c9b0740f69f0d00acc498e114e30650c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e33d3ae25cbce6fd01b50d307616ca9
SHA1 7ecabcb0c743884b746859b70df2f46b45f81c6c
SHA256 420742f8103c2dd2e36c2061f91e5c664ff9c1983495810fb03e17d3dfaeda95
SHA512 e416d51517accb4846f9ff9511662d91a69ffd23bcb4fc394a4309c13c1eaed4b884cbfcaf24d472f296c9ad4ea6d59f12b4f3453effd8da798bd26e574eb357

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb66e498cfc96ff745fb9eb9d065c004
SHA1 5e7e8029483bf91f7a7a2d36d3a7c0e89cda638c
SHA256 3918b7297daf12f9164baa5f8725ee1b3ac48a04d9078a22dd998e548b5e1902
SHA512 ca24e0128f89c10d25d9f213277eb73b66cfab44f44730049bc7c00647c246bf68e17b0c3b67c9d56bfd2028abb185b7346e1eae7e5fee5c7efa350cb639a822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3376f8c2ab13e7f57ddbe43c1dafac9
SHA1 edcc88520d6661a07e68910ae9a47282c62ae80b
SHA256 20e82dd1bc3f7807e906d099420be39803dea976f85255d8a065b638577268b0
SHA512 eb6af45ca797c929b6c7be1ed5c6776409bdf8d8f28a694e7afa77711b7604726dc567678bc51249d902aca5374fa0d2dc1a73d3bc4dece3ced71a6ff1f9574a

memory/2184-901-0x0000000000B50000-0x0000000000B51000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_2096_RQWEBZDXUBNURKST

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e2f1d29a-ae38-4368-ab4d-848c266358ec.tmp

MD5 d5add4adf844f0b14673309710808a3d
SHA1 82bdcc238254b24697d7b0a98d1d5756e23680e0
SHA256 9c59dac6f8f26cbe900034a0e069a58eeb674e6c70209871e24b119ce9ccd56e
SHA512 02e746ab5d08a129d8616aefd35b11842b817caee973224350c456d9f400ca3733c292a436252cac40f4e3e901138e6af5206f1234b80dea8a7d4a79cf85f30f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\53fc7c84-f4aa-4d61-b278-3eb0e24dcfc7.tmp

MD5 8420019c12ad0fe43ea48468a385a913
SHA1 435617f6f75213a943904e13071319f455472469
SHA256 cd2f674692a70a5182c4b70c5a5fa324c1565907b5ed8b5204ab23b4564043e9
SHA512 e1d7c1fab4acc3b25f2e2df78bf2017dc18cad1aa87c62d55762b449fafebda2912d3d6230e67eaf9e284720d6141f0e3caa728f67b087b1bcf1368635f2365c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 9f6aa8a0886bbdfd18f5cedbcb7772da
SHA1 01ead72648a0ca4bc8f363946ebfe7a5bff7a146
SHA256 97df3fa25e4027a19d0a211dbdf44b72c96188aba7e4f9f60b5b5bc4ef05cdfa
SHA512 73c795e1021b4947972686068a778d9560231bbb104396a1ba829f4a2240aea296f540ee2f56143f56cd30e969f7d5743cde7ad60ddaa663d427c5c6c54d7162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_213A1FC67444E3E9CBD41E0A7B4B61D5

MD5 5657a32d829ffb8f1e59776be9e605d3
SHA1 885d829565027ecaf93bd2de347c33a539ac34ec
SHA256 b81ee6f8d35ffe0399cef3cf34fa64e57b30618d1a6fad381b5ce785a8bcc1d8
SHA512 a3ce943bf5a4c61856b70a30aa127f4faf5a5528f0cb9a39c50d6ac7c484bb715f259295ab67d4b105de60c4e0c44a53874b7f8e7632e7d4dc2685bdf20043c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 41723617c7cc6a9b945a2784edfbb614
SHA1 e21fddf97de22ab5b4d60ccc2d71f932a6a9008b
SHA256 0cfff88bd1a5aecca3e3e9a8e2f41178e0523dcb1e89298ea4a98da9bedff507
SHA512 b1497b7f77d7609d4be2b11e0884e71ef53c8011c3715f2583bee40f34ed3a8f21498301cb0a083922d3ebd9d01c23178ac26de81a71cd78400ed3d801e3cd5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 9c49367be9c8e5d2ffdc13f84d0b7e24
SHA1 cd13bf06de06424eb0c13d2eb4dbfa5126f0e699
SHA256 f499b0ad525875ced3c6a62bb2a4ca7145e5ad06e4a3e86de3f8c4ff60b0ae8c
SHA512 20f43e351d161db2262f18d70a8e09341afd9d9e1c248aee0d6d51c6fbd8b106afddd405327aa83a214424b3538c72686344de7a1a54e82feb6649a53856c665

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 0c775cdab0b027ad439761a5ddefdcc6
SHA1 99d26fdde922ccdab7dd6a01b8f35930d574f274
SHA256 fc1dc11221e57a97c4544568eeb3d4fdeceb386c8a945bd7e33bab0c375f291c
SHA512 a595bb229d1ea6d58494ad30283310b0e6da964f22404e1c9bfc89c22b79196600808cba0ac4a6988c05734a71ceaf1c6726109165dc55c1021626a445e9551f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F986B155B6342EE1ACF678AFF6889B0

MD5 4c772cf0b8dc860ec1774ff92d06054c
SHA1 239adaf4106c3fd4750ca14778d9213847e17e6d
SHA256 80abc0361784f1ee09115d5370c282daefd444fe5468ecf5f72b226bc9921aea
SHA512 9aa73e58174304098e66728c242a9f8142206875db42dfb69d01a63ebc66b25781708b055cb3761b6d5126c219cbdceb496a7b050a698e7bfd8bda87f9997eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 c28b317f409273fde133bd50a9fe4e4c
SHA1 d1d3fd7223e8a9b52c42f12fbb3de1e0d39f0ff9
SHA256 e29eecb0814d74fe773f9856fd20323533b274197a1781de036caa14086f5235
SHA512 b53681b8d1be79a64dec020444a25b7bd2c3044951a5a17a7bb5b98ff1b31f3bb76d906cc4a0826a18c2c650a9184c509fcfe78008e944987299b1cf8b5aa885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B88EBDD1C39B7C1DDC0A20A63167EC66

MD5 d5ad17194f17ff243a8e3a6c9ec3cbb4
SHA1 026e95436154993f9326d87f3a883a47711170a4
SHA256 b3f3bbc7ccbdc05605e8b16ad0f67fd811996f052992c352c5b2b766bbcd53ef
SHA512 2b72b4eb63aaa79b4cdc3d4f1efe3719567e2530e4d05cfca0bb265291ac71ad96d382e788279132186f065f5606aa82ea9a4dcaa1141156e3dbf37933402a27

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\c8500d67-be22-4405-bb83-b231f804f320

MD5 9868052a6526b7007a1ca53307b53eee
SHA1 39130349481cf12589144bb37021ab54d620d290
SHA256 b29fcee32ea64ef7e233e54c4aaddc6b832a6b3ca02f2488579a440b43c3f839
SHA512 b257c4da0f461be7c29886c1eb0c6248106f92d505610dd50eedbfaa216f7465ff2c5e368bfafe62141803f6f2ee5270fd91242ca6e2496dc8098bd04a009862

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 5e5732f181369ef10bcce8caefe07940
SHA1 99e0f49492061a810d91f709528b8420a6ccd029
SHA256 51409033624dec4631df4e05be557ce5f14013c4184771d04b8eb28edc3846ec
SHA512 827c0cff85c8abcf5b7d4fa72917f2a7022a4d88f7031f7f5f0ddf628a686af708a3a7007637e4dd382627766ad0489cf16b0c9e433860f5c772fa44f4724125

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 cab80c70d042077a4eb542fdb675a324
SHA1 cb049c70e4564fc0dfc57799bc0e075489917d15
SHA256 579f2e5a710df9c4682300dc54a45f99249582f3893cd207b9616056af0a504f
SHA512 30068726afc988d6856bf1a1ac9f57a74d1bdf0ef8c707f23f7f911f08918c2912dc11a772daabbc35eccd5355f196ccc936151d6a4ed93068be4329932bf695

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 19be8fda4eb91b2b3fd5175a0ac55679
SHA1 b6948b0497a2e6e5231b2cb2d87c91e0a7d21804
SHA256 d07b6f4e6a032b7ffdfee443424903627547707d4efd9d7ccf459e07288281de
SHA512 c79a662e79a0b8532a180f31925d09b85833d4da69f5f6614f0dabf8174579da12c63dc6774b32b8d858b450311f1fa3bf7b33936d52b44a354587f7cb63a210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7d458568a935db00c3ccbf336096c904
SHA1 ca7cba4c45d3d0e08e1cf1313b465b16e318d5b8
SHA256 6ae955487824737d9f0db3152b50ce3973a5f6f5d345f3cfcefb77a99873f210
SHA512 86cdeae03b50f4eb6887096a76293732ca6f13b0b1802dc3666763c040d8b634b12bea066f78d68050743dfae53171d697e387510354642af29efa343c9aa4ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 11578db05db8654749e81381e745fe63
SHA1 50a736f98c850624bf1a98b62abbc6bfea0fcef7
SHA256 d24dcfe26a9bf1f7cc2f6e5076399718399207f7c7ee4e6b1a44914a85bf3ff4
SHA512 c5d49cb86e808a4b971cd50cffe5b3809730c3646228bca3d8c37feb89d78e62ccb2ca78e2af29c6f0dea7f29577171110414f7a4669f501fb4787229f85b341

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf770c40.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3e9cfe2536dc7dd23e5fbd75c1e28901
SHA1 115a8eee60e138c8733ba8420aabcc08e7f36a97
SHA256 67c815e8dde7e7ad531d9bde694f8305af52898eb9db76de938e246740b095b2
SHA512 cfb65c0f25293435b78fa2a9eff705a43fd2d3d08efa7fc9061e0e911cb456b1d11420209d397d3a06611a94bff1fea23d99d249c3a21f62c1ce63bbdcaff8df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7106e67541295026b83ff1aa9a018fea
SHA1 0af593bb60787340cb2d1ea311b1b9a004b15bb2
SHA256 21901a1780df0e40bb92e290133c5753482fedcf2a9a56f6747986ebc080358d
SHA512 b85ec8a3aaf4a8a16fd027e925d404168f681c0732159530c243ba0360f326b958d959f37136249da302184c3dee391983195206eb41a4298dedf063e037bacb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d088d1f16e711b8000d8efcb742d7e7
SHA1 f026f3c1ee7cf2c4dbd91703579886ecf653c5bc
SHA256 ddecf6149081a3d776cf4432ab57665830fd66a32a3035877fd0992cd8d1732b
SHA512 e4759f7e88d4181f8998e2c1fa136556b31fb8587b949db7e2d36dd947c1cdbbb7cd1d200769bbfebb5ab95cb33f47d58d0ab9bcbf10ba00e413a95e3c57961f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\5\{38ab1127-7879-4d16-96f5-bcf18e0aae05}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\idb\2681449087yCt7-%iCt7-%r3e6s2p7o.sqlite

MD5 3a37c343dbabe83b2e688552413c848b
SHA1 c17b3a8abe972f9b8ca91c2ddd4f763ff739cb6a
SHA256 9b68693729d3d51772908da45d471e93dbcfc0cd92ed40c0c4a3711896e97d1e
SHA512 21b23559baf91b199b64eb33d4f99eb38b0d31b9f476eb90997eb824ea6781b921d8496cad73e3cf16c07308f8816c6622400e4a6ce4c1c729332ddd257d6430

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 198dc2dd49101c6db2501e01d7d53f90
SHA1 dd5492f73c3aab61b709a4daa05ef5bb2ee17b40
SHA256 45c4e8d7a5ff91c144c703be65550143fd081a026f5cb83940d7c2d9688b0a61
SHA512 e3b4a1e5f6df14015d1539eea8f019ac108f76ffde80053d11d4f8a970e2f754eb1dfb85d98cde2e46cd05610a1f9ef6f407a127b6ff24953ab8cd113e51f887

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 13bca1e7afea81e15724aec57d80cd6c
SHA1 ca8ead00c56ac2fd830d13609adba0547815c556
SHA256 246662b0e22dd1bd2e2e4be7e9ade32fd9af17fcd11cd38213fee909b110821a
SHA512 259007c3f243ff2aaaad59ae44179e37042f94cb81451ed93370b620c577d6060590720b537cdb24867b32d48de44cdc2dc8893e3791c9b83d7f900dffcc3489

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f63355f4987088f18748c658051b52d4
SHA1 e3f7ecc896250cdf62b3db9e6b39af14ee1eb4b9
SHA256 e76fe7c26e8fca0796c69fd86f63edecea4d63d63478db0ef18c5af5141693d0
SHA512 344f4d2ece2a97b055a9478e6bd6795705cef6239619b04c6b5af83f17b13ab4e8169749a7b896f92ce2fa2d01edab88ca3dcde1856b4651576016aaf79d090c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1d5004dedcacd69c5bb2509e7adf2e61
SHA1 48567570df6b42a47c77c27b15b10d63f4235b04
SHA256 c5c90477b7e51461ff5da2a3639ab272d8c55e44a22940e9c0be493991f874da
SHA512 9a8d818f6f36aaf30066df641bb427b98544ee31b8bb857a6eaec7ed0fbe56487ccf9196daf3383cb577856a7209d80f14f3f5efab8fb2d379412bd3d6c8212b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\78e71f41-637f-4270-8b53-d1b57a18152a.tmp

MD5 98667fc8b73dba3811eb2fa1f5a232a3
SHA1 9538a451c19697e6209a98c4b3c7a52ae03b18c9
SHA256 5534c3bc3df978d63c2964dc4fb12ceb18022f015164872a31ec76669d9116a1
SHA512 2c6a5fbb1a9a450b0826f6f76e59caadbf1ede1b6f84e0c582e8133635f61fa8f4200bddb16e354a12e069d7c545c425c463d698619e7282205c45cdcd34f3a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87202579015a59c60f682465b6d41c7c
SHA1 c2b8385ffcc30dc063fede050e81bbac454ccd68
SHA256 573829a2da1bbbaf10e834f9daab4394696568ff4a7dd03783b5457a6a985a21
SHA512 51f10a0c348686bcae13652329925e65a19f06e6f7d11f3941d9d1c3efce82ea46ae6b5edc389a0dcdc4eea9f9266c0639a83233a2f57894f37dcdc16e8b035c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bc395ee216c9bf4339abf88e85cd4a0d
SHA1 c56ab771df278dce5ca423bcdfff6e52dce48613
SHA256 f5432da62221d1f9664cb51104331ae3e929bede95c3de7a17081f0a2297f8a7
SHA512 8b1725b9002279ea02158a26981967f912b579b04f97f768457c8745a261e31aa2df513aea5c7477664a5d002a8d930d344d1a8458c7b7db7934cd3eb0157e6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0623d968fa5ed0ba09daa91bb27f2ab9
SHA1 66435dc941e24794256fa31b7997261860b5991c
SHA256 2a598e4adcceeae0ab3ef859544f4c30d805e6c730b8822439b1f10c5e27f4ba
SHA512 ad297129a153568b003b1e173234ecc0db2c726fc74053123202fce4c62f44f16e383c9d0d9da7b8d174954db922500b3a15caf15e5ca7e9686892a1df8cca41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5024147d1460007256f63a316a83fb78
SHA1 a0c49582fb6f70b02114bfc0168b009094a97c1a
SHA256 3cd139ee54a3dd3a5bfdf879f1b00e3e9e7f7a878be8ad1fccb26eedcdfae101
SHA512 6496c02c02e75dac58c62a7ec2cfb8ff3f2efd011c493588142c2c8bc3d7b68d43f0fcb1246313b255e750ddd296c9095a610f03ebf637a979bd286fcf2e924f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ff3bac3c8329fe3b00afe17de3e69fd
SHA1 bdd2c22ea328b9d0963f78e9ef75ad4fef55815c
SHA256 b1729cc10de00e83a58275f5035370d398db99a2bc65fd57e5760a34835661f5
SHA512 9e4e143ae3469fe16187dc3e0bc6b2433dba9af6b361861778d6cbf8a6d6e8f82ef1b4960042d07f227a27989709c853e094b793bb3d190ed14ebfac595f936f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f65ba0c6f7e30967fe5936aa3b623e6a
SHA1 7e3dfa5e178129e55c49dd68d5978e23de2df7c7
SHA256 b8bb6801958d8dfffd6eecc00ab79404061d71774859e043fb21276b8998db84
SHA512 ec4845b90a81ff4dcdc1c8994bebf27d426d161c40744f9c38e355b1141b59c218a5534383d7b6fe92f5321a5b10ae4dcbf358af736165d4b6c08775c150d8cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f29af315cb52ef713ed6d11bcc893fc8
SHA1 8a0568ca1712d1e695f573922a42827b46e710db
SHA256 3177f596d48588f2d2700e0a053fb031e18ce96821ccfe0ea091498a692ca7d5
SHA512 c92709552b0adacf961811c31462cf249535b8e3afc6483d84fd11bc4d094b37349c2a845145a689a5747cb0f09017e2e29be5124507967e651f047fa2a820d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ac5da7e1be2f4eb4006167b854746b5d
SHA1 10da859991240c0919437d92d71eee545f608e11
SHA256 2cbd79240d4bc958ecfbc8710dc80f44bdd82723b5f510a78315cfffb8ba158f
SHA512 6bf52fe97cbd4caafe4ba5c1eede86262b7080fc46a2f5a8a7f22d6daf136f7595e5f10eb47240352e2d82988256075e19f9c7f4b0bfc5e982208b9ccbd7adc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b79c560f35b4b6596ea1765baeb5b57d
SHA1 fac8c62461eedafb7a19c259a72a807aefbbf5b9
SHA256 31d5ce100654319e4ed2a27dbc0f04aa10c6299d3b9461a0a15038f9e0f37860
SHA512 20a71f12e33405041f1011c3ebb15baf9ffb0cac503e1046eb399bff63234104dfa0ffea00923ee560fa1f4d22988629c1b3d401127e79c0965c6c5ff13974b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0abdcfe9d21a5468396839a082ff7f8c
SHA1 c92b4f5ead24e13d277be894398fc6d60d190a11
SHA256 e960428ef7517d95e3e0e5d965e7cb99b5854227797aa2dd2d5b190ae45d1e06
SHA512 fabba6d6022e16a4390ef29b02b04ded1e4b9fd9856ead4df893c36cad1920ae2654bd5d452612c599e1d896c19c19f0b7b88d84f65f4bd753cd3fcd61fc11b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74467d697ab6bed83ab203cb2481224a
SHA1 793bfb95b5ebe295c4c645f0559b412e5f49c7bf
SHA256 c76b0cd1b214cd94520f0faa87053241c5b5c7e46120509ac9f954d9a113473d
SHA512 579d46482ce6ffcd0380e82e13e57f48c7b11a22d84993ea115d4a557c7f5cf1bc10d532fe362418d7af1c4f4ad7e035eb4154cb3861cfe85f1a42404490c7d3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 9926f6e227c23ce659d50434d4dc286f
SHA1 24eb9d245ef4be1e19cef5a02606ed03846f7c6e
SHA256 230a67332e545f0d138b67f8cccb43ba1939942e309fc83f74e63b5f0d2ba3a5
SHA512 927348382ef3457554987cf1fd01358585ef1e7519f85788a6ee21a02ba98002f1b6fc5eebddc4607385a27371cfd3967432c9d7a859612c8d661b7525632629

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 f219d2ed2c57766b892bbd62bafb28b9
SHA1 f2f3026cbce17d2ee50638e14c1404636cb44c22
SHA256 c91d6a3a0a97d0b0842a23a97f3df91a6afd6730c19a834916cc74fb5f4ad1a8
SHA512 f875293b897ca14138fc90c48c3ca8db07fbf4b15c1a9ad76976fa8f67fa3cb480ec57fa3eb0b819eb8a3c9a4d6e2dcef7d544652f69f1265d10b6a4ec23d4dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 58a870e16fe1963be697e688ab420d02
SHA1 fe9b6181565326c24bf1e2bd0566a285b6071488
SHA256 1c480d1350df4242d4fdef26326b03f14cfe2afab17bd74dd1734fdd5c5a6a6a
SHA512 7e54632f33304387a2d5bb1265f3d2f364bcfc09951d85fd72e9fd13824c9facd1db734f69570d53c35791ffe9150e4b89650a4a85c8ab35d13b5e90e00e2e8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{fcd476b2-4040-4035-8054-72e320560479}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\22\{63869cf4-fc7f-4d09-b4bb-0d778fb91816}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3a21ac91e874ffcce312441e96aa3b2e
SHA1 2efcb83284e245d3d901911e2da2e6355566d232
SHA256 21a181b34fec48a9172886408427385d092faceff8a0ceecfee43c82efc4cf19
SHA512 c827ef94170392d25ac0682e199a2202012f7f2c9ae30beaa86a89fc15dcef1676b19345380aa99dc6f4aa7b6cd85fa56cecde16303960d694bd78b44f55b9f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 645dcc056cd534e5af0b96607740c117
SHA1 9c2ebb40def2314219c0c732dfbf74be9159533a
SHA256 32df25b6bbd9d32b9491ffe3b82b21ddc89fc5637524c0c71a18ed27f563c554
SHA512 9d70935e0bee723508deab94bd5d1c3c330e05ed8a7f937d68591c1fbe913575dfbcad7ea84b98882da5bcc2aaa7babb2fb4aa88445e2b3b3687af2f44dee9e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae144def2250748c33bfe0f6498eb007
SHA1 bb1d5e2ad95b0abae71d0459d9caa5902431fb11
SHA256 b85381c7deeda8dc2ef202a5ca559d39c91b7fb66fd02ed53ada6056a09ce7ac
SHA512 bf75c38c2fbbbb2aaa0b54ff74c2ad94c3dde4885368772f81fb156353037c8c9e9348b29bf3e19fded1fd3400cecbb43ff70c1003acf9f4198046e9e21cdcae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8a573bc7a3212e99a845936a897cbed6
SHA1 5ae1f7da6dd9e52ee067673f2dea3cc4050d5ccf
SHA256 c454cd320540c6c0184f04446dddddf9db7f4b46e9ef9ca579b05c1d4b6b3062
SHA512 13b92de16b1c7b66b9ecefc4b1cf0e72bd685a328a55c5e2c7a2774120c4913bee9dfafd154b5838f1de0d3f6fd838e54df66f37d78cd9bf8bbf8a7fe62152c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b26b6373259c50613883762fb2ebfc02
SHA1 461bd02f1c43cdfaf02d695de9e32a38078c0cfd
SHA256 350fdc16e58aecc75904aa5e6dbf6632290eed371441ea6eb8fbc12de8df4591
SHA512 3ede45829ca5d27a5dae4a7436dbb64766468b60547a8f427da7371041b6633d661aa19ff0ce1b561c2b11a55de2749760e9ef089702da1f18aef316df818aa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b500d4fa1a671646a28c04556387e06f
SHA1 226f73b4e3115e4182e6a41ddc88f98630f7357c
SHA256 1e63ceb2d5211982bba7c7ea4da48fb334ee3c70acb138b86a6cf54c28a85b72
SHA512 1cc4f8cb6185f719a6c1a3cf8b012e4f5b30f4bd55a091fa4bcb7e9224ca51dbbccb80a90235f348660e977d1787fef0af5178f64ab329722be7bc662aa5cbb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a735723127b9dd7b9b5c66bb9b32f485
SHA1 5cd17ec8f0006c3263a10f78ede384bd6ac11e77
SHA256 26985e2dd8507390853cec0b57c7865d69433f8630c6dc4356f3bc2c8d011fb5
SHA512 240699dde0768ee996bf87f0b0ef04c3f29e434ffb2666a65ec0f43cabdcd8d0c1eed3b58788f108e224c8d2adde56dfba3401085f62fb9eeee34289a1582433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e46b43753cf6a3ed7d788c38a4466e04
SHA1 f2c7c752eacd51251c3e464fa0f44d154f1f7374
SHA256 62588a317504e31bfd982bd909219bb9ef43eae6574dbb11a711ec26ed15b8d1
SHA512 84b3914e9c650975784b03ee9d1bb6ce4197998c65d5799daf2fc03ab0876c8f5b45183ddee99467f6011e3e07cd61e17ceda1ebf2c2e63aa59ee78ea5ca14fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40d7c9aa935f2a47f1be32128fdfefde
SHA1 1c5d09085376c8cbbac12dafa0d54ffee30624cd
SHA256 34698db99aee19838211e7f422675ae36134a8fafc7ce78bafccb3f79e0fc175
SHA512 bc9638cd88dd8085cf3509ad12d078f4d1d0652cd691ad631f65f92264d4ee317d54aca70b8b81201da16beeeeb35c79fd11d0d1475426b4f20f393be0d52a23

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 eab289a1eff0d859cb6f8cd43c773800
SHA1 6d5d6b02b8509aad24a64fa1af71a65480955979
SHA256 dd374ecee18e82ab1d523a8d6c4a4cb32c98ed019f86398bd87dc7a59e6e21ec
SHA512 6c55e04ac302333cfd642015891a608034b1876822366f0d715444d47fbbaa8047a8e9e44ca4c4a06af59d34f36b26e2bdf800c7c52e1a2d386c24fdfa761b0b